Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
bind.4593
bind-CVE-2016-6170.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bind-CVE-2016-6170.patch of Package bind.4593
From 926433f157d9aee06e343515c1cedaa7758b0920 Mon Sep 17 00:00:00 2001 Message-Id: <926433f157d9aee06e343515c1cedaa7758b0920.1489674685.git.npajkovsky@suse.cz> From: Nikola Pajkovsky <npajkovsky@suse.cz> Date: Tue, 14 Mar 2017 13:26:57 +0100 Subject: [PATCH] 4504. [security] Allow the maximum number of records in a zone to be specified. This provides a control for issues raised in CVE-2016-6170. [RT #42143] Signed-off-by: Nikola Pajkovsky <npajkovsky@suse.cz> --- bin/named/config.c | 1 + bin/named/named.conf.docbook | 3 + bin/named/update.c | 16 +++ bin/named/zoneconf.c | 7 ++ bin/tests/system/nsupdate/clean.sh | 1 + bin/tests/system/nsupdate/ns3/named.conf | 7 ++ bin/tests/system/nsupdate/ns3/too-big.test.db.in | 10 ++ bin/tests/system/nsupdate/setup.sh | 2 + bin/tests/system/nsupdate/tests.sh | 15 +++ bin/tests/system/xfer/clean.sh | 1 + bin/tests/system/xfer/ns1/axfr-too-big.db | 10 ++ bin/tests/system/xfer/ns1/ixfr-too-big.db.in | 13 +++ bin/tests/system/xfer/ns1/named.conf | 11 +++ bin/tests/system/xfer/ns6/named.conf | 14 +++ bin/tests/system/xfer/setup.sh | 2 + bin/tests/system/xfer/tests.sh | 26 +++++ doc/arm/Bv9ARM-book.xml | 21 ++++ doc/arm/notes.xml | 6 +- lib/bind9/check.c | 2 + lib/dns/db.c | 13 +++ lib/dns/ecdb.c | 3 +- lib/dns/include/dns/db.h | 20 ++++ lib/dns/include/dns/rdataslab.h | 13 +++ lib/dns/include/dns/result.h | 3 +- lib/dns/include/dns/zone.h | 25 +++++ lib/dns/rbtdb.c | 121 ++++++++++++++++++++++- lib/dns/rdataslab.c | 13 +++ lib/dns/result.c | 1 + lib/dns/sdb.c | 3 +- lib/dns/sdlz.c | 3 +- lib/dns/xfrin.c | 22 ++++- lib/dns/zone.c | 23 ++++- lib/isccfg/namedconf.c | 1 + 33 files changed, 420 insertions(+), 12 deletions(-) create mode 100644 bin/tests/system/nsupdate/ns3/too-big.test.db.in create mode 100644 bin/tests/system/xfer/ns1/axfr-too-big.db create mode 100644 bin/tests/system/xfer/ns1/ixfr-too-big.db.in diff --git a/bin/named/config.c b/bin/named/config.c index 4798272ac353..c5ee16169a29 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -198,6 +198,7 @@ options {\n\ max-transfer-time-out 120;\n\ max-transfer-idle-in 60;\n\ max-transfer-idle-out 60;\n\ + max-records 0;\n\ max-retry-time 1209600; /* 2 weeks */\n\ min-retry-time 500;\n\ max-refresh-time 2419200; /* 4 weeks */\n\ diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 01cb62aaa009..2df51ded16f8 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -338,6 +338,7 @@ options { }; max-journal-size <replaceable>size_no_default</replaceable>; + max-records <replaceable>integer</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; max-transfer-time-out <replaceable>integer</replaceable>; max-transfer-idle-in <replaceable>integer</replaceable>; @@ -527,6 +528,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> }; max-journal-size <replaceable>size_no_default</replaceable>; + max-records <replaceable>integer</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; max-transfer-time-out <replaceable>integer</replaceable>; max-transfer-idle-in <replaceable>integer</replaceable>; @@ -624,6 +626,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> }; max-journal-size <replaceable>size_no_default</replaceable>; + max-records <replaceable>integer</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; max-transfer-time-out <replaceable>integer</replaceable>; max-transfer-idle-in <replaceable>integer</replaceable>; diff --git a/bin/named/update.c b/bin/named/update.c index badf8fe1081f..ba4c37021cc0 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -2455,6 +2455,8 @@ update_action(isc_task_t *task, isc_event_t *event) { dns_rdata_dnskey_t dnskey; isc_boolean_t had_dnskey; dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone); + isc_uint32_t maxrecords; + isc_uint64_t records; INSIST(event->ev_type == DNS_EVENT_UPDATE); @@ -3108,6 +3110,20 @@ update_action(isc_task_t *task, isc_event_t *event) { } } + maxrecords = dns_zone_getmaxrecords(zone); + if (maxrecords != 0U) { + result = dns_db_getsize(db, ver, &records, NULL); + if (result == ISC_R_SUCCESS && records > maxrecords) { + update_log(client, zone, ISC_LOG_ERROR, + "records in zone (%" + ISC_PRINT_QUADFORMAT + "u) exceeds max-records (%u)", + records, maxrecords); + result = DNS_R_TOOMANYRECORDS; + goto failure; + } + } + journalfile = dns_zone_getjournal(zone); if (journalfile != NULL) { update_log(client, zone, LOGLEVEL_DEBUG, diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 5b473d1b2951..26fe0b7e66a4 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -935,6 +935,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, INSIST(0); } + obj = NULL; + result = ns_config_get(maps, "max-records", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + dns_zone_setmaxrecords(mayberaw, cfg_obj_asuint32(obj)); + if (zone != mayberaw) + dns_zone_setmaxrecords(zone, 0); + if (raw != NULL && filename != NULL) { #define SIGNED ".signed" size_t signedlen = strlen(filename) + sizeof(SIGNED); diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh index dcb80d36eca6..57120a6f35ff 100644 --- a/bin/tests/system/nsupdate/clean.sh +++ b/bin/tests/system/nsupdate/clean.sh @@ -36,3 +36,4 @@ rm -f ns3/K* rm -f dig.out.* rm -f jp.out.ns3.* rm -f Kxxx.* +rm -f ns3/too-big.test.db diff --git a/bin/tests/system/nsupdate/ns3/named.conf b/bin/tests/system/nsupdate/ns3/named.conf index 4b43efe4f22d..f38a7daf564b 100644 --- a/bin/tests/system/nsupdate/ns3/named.conf +++ b/bin/tests/system/nsupdate/ns3/named.conf @@ -60,3 +60,10 @@ zone "dnskey.test" { allow-update { any; }; file "dnskey.test.db.signed"; }; + +zone "too-big.test" { + type master; + allow-update { any; }; + max-records 3; + file "too-big.test.db"; +}; diff --git a/bin/tests/system/nsupdate/ns3/too-big.test.db.in b/bin/tests/system/nsupdate/ns3/too-big.test.db.in new file mode 100644 index 000000000000..7ff1e4a514a4 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/too-big.test.db.in @@ -0,0 +1,10 @@ +; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. + +$TTL 10 +too-big.test. IN SOA too-big.test. hostmaster.too-big.test. 1 3600 900 2419200 3600 +too-big.test. IN NS too-big.test. +too-big.test. IN A 10.53.0.3 diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index 828255ee530b..43c40947de1b 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -27,12 +27,14 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk rm -f ns2/update.bk ns2/update.alt.bk rm -f ns3/example.db.jnl +rm -f ns3/too-big.test.db.jnl cp -f ns1/example1.db ns1/example.db sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db cp -f ns3/example.db.in ns3/example.db +cp -f ns3/too-big.test.db.in ns3/too-big.test.db # update_test.pl has its own zone file because it # requires a specific NS record set. diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 799220d9c374..32840753db03 100644 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -543,5 +543,20 @@ if [ $ret -ne 0 ]; then status=1 fi +n=`expr $n + 1` +echo "I:check that adding too many records is blocked ($n)" +ret=0 +$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1 +server 10.53.0.3 5300 +zone too-big.test. +update add r1.too-big.test 3600 IN TXT r1.too-big.test +send +EOF +grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1 +DIG +tcp @10.53.0.3 -p 5300 r1.too-big.test TXT > dig.out.ns3.test$n +grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh index 58743ea9065e..4ee92d30bc5f 100644 --- a/bin/tests/system/xfer/clean.sh +++ b/bin/tests/system/xfer/clean.sh @@ -32,6 +32,7 @@ rm -f ns3/master.bk ns3/master.bk.jnl rm -f ns4/named.conf ns4/nil.db ns4/root.db rm -f ns6/*.db ns6/*.bk ns6/*.jnl rm -f ns7/*.db ns7/*.bk ns7/*.jnl +rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl rm -f */named.memstats rm -f */named.run diff --git a/bin/tests/system/xfer/ns1/axfr-too-big.db b/bin/tests/system/xfer/ns1/axfr-too-big.db new file mode 100644 index 000000000000..d43760d9a8d9 --- /dev/null +++ b/bin/tests/system/xfer/ns1/axfr-too-big.db @@ -0,0 +1,10 @@ +; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. + +$TTL 3600 +@ IN SOA . . 0 0 0 0 0 +@ IN NS . +$GENERATE 1-29 host$ A 1.2.3.$ diff --git a/bin/tests/system/xfer/ns1/ixfr-too-big.db.in b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in new file mode 100644 index 000000000000..318bb772af30 --- /dev/null +++ b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in @@ -0,0 +1,13 @@ +; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. + +$TTL 3600 +@ IN SOA . . 0 0 0 0 0 +@ IN NS ns1 +@ IN NS ns6 +ns1 IN A 10.53.0.1 +ns6 IN A 10.53.0.6 +$GENERATE 1-25 host$ A 1.2.3.$ diff --git a/bin/tests/system/xfer/ns1/named.conf b/bin/tests/system/xfer/ns1/named.conf index 07dad85d9baa..1d292924c017 100644 --- a/bin/tests/system/xfer/ns1/named.conf +++ b/bin/tests/system/xfer/ns1/named.conf @@ -44,3 +44,14 @@ zone "slave" { type master; file "slave.db"; }; + +zone "axfr-too-big" { + type master; + file "axfr-too-big.db"; +}; + +zone "ixfr-too-big" { + type master; + allow-update { any; }; + file "ixfr-too-big.db"; +}; diff --git a/bin/tests/system/xfer/ns6/named.conf b/bin/tests/system/xfer/ns6/named.conf index c9421b1f6558..a12a92c2f6d5 100644 --- a/bin/tests/system/xfer/ns6/named.conf +++ b/bin/tests/system/xfer/ns6/named.conf @@ -52,3 +52,17 @@ zone "slave" { masters { 10.53.0.1; }; file "slave.bk"; }; + +zone "axfr-too-big" { + type slave; + max-records 30; + masters { 10.53.0.1; }; + file "axfr-too-big.bk"; +}; + +zone "ixfr-too-big" { + type slave; + max-records 30; + masters { 10.53.0.1; }; + file "ixfr-too-big.bk"; +}; diff --git a/bin/tests/system/xfer/setup.sh b/bin/tests/system/xfer/setup.sh index 56ca9018ec28..8f96b4e975e8 100644 --- a/bin/tests/system/xfer/setup.sh +++ b/bin/tests/system/xfer/setup.sh @@ -31,5 +31,7 @@ cp -f ns4/root.db.in ns4/root.db $PERL -e 'for ($i=0;$i<10000;$i++){ printf("x%u 0 in a 10.53.0.1\n", $i);}' >> ns4/root.db cp -f ns4/named.conf.base ns4/named.conf +cp -f ns1/ixfr-too-big.db.in ns1/ixfr-too-big.db + cp ns2/slave.db.in ns2/slave.db touch -t 200101010000 ns2/slave.db diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh index 089b1c716fe9..89823c63e918 100644 --- a/bin/tests/system/xfer/tests.sh +++ b/bin/tests/system/xfer/tests.sh @@ -368,5 +368,31 @@ $DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && { status=1 } +n=`expr $n + 1` +echo "I:test that a zone with too many records is rejected (AXFR) ($n)" +tmp=0 +grep "'axfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 +if test $tmp != 0 ; then echo "I:failed"; fi +status=`expr $status + $tmp` + +n=`expr $n + 1` +echo "I:test that a zone with too many records is rejected (IXFR) ($n)" +tmp=0 +grep "'ixfr-too-big./IN.*: too many records" ns6/named.run >/dev/null && tmp=1 +$NSUPDATE << EOF +zone ixfr-too-big +server 10.53.0.1 5300 +update add the-31st-record.ixfr-too-big 0 TXT this is it +send +EOF +for i in 1 2 3 4 5 6 7 8 +do + grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null && break + sleep 1 +done +grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 +if test $tmp != 0 ; then echo "I:failed"; fi +status=`expr $status + $tmp` + echo "I:exit status: $status" exit $status diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index fe479b029fa3..5a45766c52fd 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -4374,6 +4374,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] <optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional> <optional> queryport-pool-ports <replaceable>number</replaceable>; </optional> <optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional> + <optional> max-records <replaceable>number</replaceable>; </optional> <optional> max-transfer-time-in <replaceable>number</replaceable>; </optional> <optional> max-transfer-time-out <replaceable>number</replaceable>; </optional> <optional> max-transfer-idle-in <replaceable>number</replaceable>; </optional> @@ -7592,6 +7593,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; </varlistentry> <varlistentry> + <term><command>max-records</command></term> + <listitem> + <para> + The maximum number of records permitted in a zone. + The default is zero which means unlimited. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><command>host-statistics-max</command></term> <listitem> <para> @@ -11140,6 +11151,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea </varlistentry> <varlistentry> + <term><command>max-records</command></term> + <listitem> + <para> + See the description of + <command>max-records</command> in <xref linkend="server_resource_limits"/>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><command>max-transfer-time-in</command></term> <listitem> <para> diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 66ebc8b99a2d..106c7bf1966b 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -45,7 +45,11 @@ <itemizedlist> <listitem> <para> - None. + Added the ability to specify the maximum number of records + permitted in a zone (max-records #;). This provides a mechanism + to block overly large zone transfers, which is a potential risk + with slave zones from other parties, as described in CVE-2016-6170. + [RT #42143] </para> </listitem> </itemizedlist> diff --git a/lib/bind9/check.c b/lib/bind9/check.c index cbfa8301e3f4..5d541dfb3621 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1333,6 +1333,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, REDIRECTZONE }, { "masters", SLAVEZONE | STUBZONE | REDIRECTZONE }, { "max-ixfr-log-size", MASTERZONE | SLAVEZONE | STREDIRECTZONE }, + { "max-records", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE | + STATICSTUBZONE | REDIRECTZONE }, { "max-refresh-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, { "max-retry-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, { "max-transfer-idle-in", SLAVEZONE | STUBZONE | STREDIRECTZONE }, diff --git a/lib/dns/db.c b/lib/dns/db.c index bf4a5b37540c..55deed7975b1 100644 --- a/lib/dns/db.c +++ b/lib/dns/db.c @@ -983,6 +983,19 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, } isc_result_t +dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, + isc_uint64_t *bytes) +{ + REQUIRE(DNS_DB_VALID(db)); + REQUIRE(dns_db_iszone(db) == ISC_TRUE); + + if (db->methods->getsize != NULL) + return ((db->methods->getsize)(db, version, records, bytes)); + + return (ISC_R_NOTFOUND); +} + +isc_result_t dns_db_setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, isc_stdtime_t resign) { diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c index 22cd810a773c..816489360fd3 100644 --- a/lib/dns/ecdb.c +++ b/lib/dns/ecdb.c @@ -583,7 +583,8 @@ static dns_dbmethods_t ecdb_methods = { NULL, /* rpz_enabled */ NULL, /* rpz_findips */ NULL, /* findnodeext */ - NULL /* findext */ + NULL, /* findext */ + NULL /* getsize */ }; static isc_result_t diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h index 66bc3e3481e1..dce6d1327581 100644 --- a/lib/dns/include/dns/db.h +++ b/lib/dns/include/dns/db.h @@ -194,6 +194,8 @@ typedef struct dns_dbmethods { dns_clientinfo_t *clientinfo, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); + isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version, + isc_uint64_t *records, isc_uint64_t *bytes); } dns_dbmethods_t; typedef isc_result_t @@ -1445,6 +1447,24 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, */ isc_result_t +dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, + isc_uint64_t *bytes); +/*%< + * Get the number of records in the given version of the database as well + * as the number bytes used to store those records. + * + * Requires: + * \li 'db' is a valid zone database. + * \li 'version' is NULL or a valid version. + * \li 'records' is NULL or a pointer to return the record count in. + * \li 'bytes' is NULL or a pointer to return the byte count in. + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTIMPLEMENTED + */ + +isc_result_t dns_db_findnsec3node(dns_db_t *db, dns_name_t *name, isc_boolean_t create, dns_dbnode_t **nodep); /*%< diff --git a/lib/dns/include/dns/rdataslab.h b/lib/dns/include/dns/rdataslab.h index 3ac44b879e03..2e1e7592a28d 100644 --- a/lib/dns/include/dns/rdataslab.h +++ b/lib/dns/include/dns/rdataslab.h @@ -104,6 +104,7 @@ dns_rdataslab_tordataset(unsigned char *slab, unsigned int reservelen, * Ensures: *\li 'rdataset' is associated and points to a valid rdataest. */ + unsigned int dns_rdataslab_size(unsigned char *slab, unsigned int reservelen); /*%< @@ -116,6 +117,18 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen); *\li The number of bytes in the slab, including the reservelen. */ +unsigned int +dns_rdataslab_count(unsigned char *slab, unsigned int reservelen); +/*%< + * Return the number of records in the rdataslab + * + * Requires: + *\li 'slab' points to a slab. + * + * Returns: + *\li The number of records in the slab. + */ + isc_result_t dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, unsigned int reservelen, isc_mem_t *mctx, diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h index 7d11c2beb01e..de38dba7b4b4 100644 --- a/lib/dns/include/dns/result.h +++ b/lib/dns/include/dns/result.h @@ -157,8 +157,9 @@ #define DNS_R_BADCDS (ISC_RESULTCLASS_DNS + 111) #define DNS_R_BADCDNSKEY (ISC_RESULTCLASS_DNS + 112) #define DNS_R_OPTERR (ISC_RESULTCLASS_DNS + 113) +#define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 114) -#define DNS_R_NRESULTS 114 /*%< Number of results */ +#define DNS_R_NRESULTS 115 /*%< Number of results */ /* * DNS wire format rcodes. diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 987d06f70cec..ec9434bc11b9 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -288,6 +288,31 @@ dns_zone_getfile(dns_zone_t *zone); * Returns: *\li Pointer to null-terminated file name, or NULL. */ +void +dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t records); +/*%< + * Sets the maximim number of records permitted in a zone. + * 0 implies unlimited. + * + * Requires: + *\li 'zone' to be valid initialised zone. + * + * Returns: + *\li void + */ + +isc_uint32_t +dns_zone_getmaxrecords(dns_zone_t *zone); +/*%< + * Gets the maximim number of records permitted in a zone. + * 0 implies unlimited. + * + * Requires: + *\li 'zone' to be valid initialised zone. + * + * Returns: + *\li isc_uint32_t maxrecords. + */ isc_result_t dns_zone_load(dns_zone_t *zone); diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 80713da20dd9..45c635fe3efd 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -156,6 +156,7 @@ typedef isc_uint64_t rbtdb_serial_t; #define free_rbtdb_callback free_rbtdb_callback64 #define free_rdataset free_rdataset64 #define getnsec3parameters getnsec3parameters64 +#define getsize getsize64 #define getoriginnode getoriginnode64 #define getrrsetstats getrrsetstats64 #define getsigningtime getsigningtime64 @@ -521,6 +522,13 @@ typedef struct rbtdb_version { isc_uint16_t iterations; isc_uint8_t salt_length; unsigned char salt[DNS_NSEC3_SALTSIZE]; + + /* + * records and bytes are covered by rwlock. + */ + isc_rwlock_t rwlock; + isc_uint64_t records; + isc_uint64_t bytes; } rbtdb_version_t; typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t; @@ -993,6 +1001,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { INSIST(refs == 0); UNLINK(rbtdb->open_versions, rbtdb->current_version, link); isc_refcount_destroy(&rbtdb->current_version->references); + isc_rwlock_destroy(&rbtdb->current_version->rwlock); isc_mem_put(rbtdb->common.mctx, rbtdb->current_version, sizeof(rbtdb_version_t)); } @@ -1231,6 +1240,7 @@ allocate_version(isc_mem_t *mctx, rbtdb_serial_t serial, static isc_result_t newversion(dns_db_t *db, dns_dbversion_t **versionp) { + isc_result_t result; dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; rbtdb_version_t *version; @@ -1263,13 +1273,28 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { version->salt_length = 0; memset(version->salt, 0, sizeof(version->salt)); } - rbtdb->next_serial++; - rbtdb->future_version = version; - } + result = isc_rwlock_init(&version->rwlock, 0, 0); + if (result != ISC_R_SUCCESS) { + isc_refcount_destroy(&version->references); + isc_mem_put(rbtdb->common.mctx, version, + sizeof(*version)); + version = NULL; + } else { + RWLOCK(&rbtdb->current_version->rwlock, + isc_rwlocktype_read); + version->records = rbtdb->current_version->records; + version->bytes = rbtdb->current_version->bytes; + RWUNLOCK(&rbtdb->current_version->rwlock, + isc_rwlocktype_read); + rbtdb->next_serial++; + rbtdb->future_version = version; + } + } else + result = ISC_R_NOMEMORY; RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); if (version == NULL) - return (ISC_R_NOMEMORY); + return (result); *versionp = version; @@ -2509,6 +2534,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { if (cleanup_version != NULL) { INSIST(EMPTY(cleanup_version->changed_list)); + isc_rwlock_destroy(&cleanup_version->rwlock); isc_mem_put(rbtdb->common.mctx, cleanup_version, sizeof(*cleanup_version)); } @@ -6388,6 +6414,26 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, else rbtnode->data = newheader; newheader->next = topheader->next; + if (rbtversion != NULL) + RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); + if (rbtversion != NULL && !header_nx) { + rbtversion->records -= + dns_rdataslab_count((unsigned char *)header, + sizeof(*header)); + rbtversion->bytes -= + dns_rdataslab_size((unsigned char *)header, + sizeof(*header)); + } + if (rbtversion != NULL && !newheader_nx) { + rbtversion->records += + dns_rdataslab_count((unsigned char *)newheader, + sizeof(*newheader)); + rbtversion->bytes += + dns_rdataslab_size((unsigned char *)newheader, + sizeof(*newheader)); + } + if (rbtversion != NULL) + RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); if (loading) { /* * There are no other references to 'header' when @@ -6490,6 +6536,16 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, newheader->down = NULL; rbtnode->data = newheader; } + if (rbtversion != NULL && !newheader_nx) { + RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); + rbtversion->records += + dns_rdataslab_count((unsigned char *)newheader, + sizeof(*newheader)); + rbtversion->bytes += + dns_rdataslab_size((unsigned char *)newheader, + sizeof(*newheader)); + RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); + } idx = newheader->node->locknum; if (IS_CACHE(rbtdb)) { ISC_LIST_PREPEND(rbtdb->rdatasets[idx], @@ -6944,6 +7000,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, */ newheader->additional_auth = NULL; newheader->additional_glue = NULL; + rbtversion->records += + dns_rdataslab_count((unsigned char *)newheader, + sizeof(*newheader)); + rbtversion->bytes += + dns_rdataslab_size((unsigned char *)newheader, + sizeof(*newheader)); } else if (result == DNS_R_NXRRSET) { /* * This subtraction would remove all of the rdata; @@ -6978,6 +7040,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * topheader. */ INSIST(rbtversion->serial >= topheader->serial); + rbtversion->records -= + dns_rdataslab_count((unsigned char *)header, + sizeof(*header)); + rbtversion->bytes -= + dns_rdataslab_size((unsigned char *)header, + sizeof(*header)); if (topheader_prev != NULL) topheader_prev->next = newheader; else @@ -7509,6 +7577,33 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash, } static isc_result_t +getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, + isc_uint64_t *bytes) +{ + dns_rbtdb_t *rbtdb; + isc_result_t result = ISC_R_SUCCESS; + rbtdb_version_t *rbtversion = version; + + rbtdb = (dns_rbtdb_t *)db; + + REQUIRE(VALID_RBTDB(rbtdb)); + INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb); + + if (rbtversion == NULL) + rbtversion = rbtdb->current_version; + + RWLOCK(&rbtversion->rwlock, isc_rwlocktype_read); + if (records != NULL) + *records = rbtversion->records; + + if (bytes != NULL) + *bytes = rbtversion->bytes; + RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_read); + + return (result); +} + +static isc_result_t setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, isc_stdtime_t resign) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; isc_stdtime_t oldresign; @@ -7694,7 +7789,8 @@ static dns_dbmethods_t zone_methods = { NULL, #endif NULL, - NULL + NULL, + getsize }; static dns_dbmethods_t cache_methods = { @@ -7737,6 +7833,7 @@ static dns_dbmethods_t cache_methods = { NULL, NULL, NULL, + NULL, NULL }; @@ -8025,6 +8122,20 @@ dns_rbtdb_create rbtdb->current_version->salt_length = 0; memset(rbtdb->current_version->salt, 0, sizeof(rbtdb->current_version->salt)); + result = isc_rwlock_init(&rbtdb->current_version->rwlock, 0, 0); + if (result != ISC_R_SUCCESS) { + isc_refcount_destroy(&rbtdb->current_version->references); + isc_mem_put(mctx, rbtdb->current_version, + sizeof(*rbtdb->current_version)); + rbtdb->current_version = NULL; + isc_refcount_decrement(&rbtdb->references, NULL); + isc_refcount_destroy(&rbtdb->references); + free_rbtdb(rbtdb, ISC_FALSE, NULL); + return (result); + } + + rbtdb->current_version->records = 0; + rbtdb->current_version->bytes = 0; rbtdb->future_version = NULL; ISC_LIST_INIT(rbtdb->open_versions); /* diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c index 9367127d9eaf..4dd38443c77c 100644 --- a/lib/dns/rdataslab.c +++ b/lib/dns/rdataslab.c @@ -522,6 +522,19 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen) { return ((unsigned int)(current - slab)); } +unsigned int +dns_rdataslab_count(unsigned char *slab, unsigned int reservelen) { + unsigned int count; + unsigned char *current; + + REQUIRE(slab != NULL); + + current = slab + reservelen; + count = *current++ * 256; + count += *current++; + return (count); +} + /* * Make the dns_rdata_t 'rdata' refer to the slab item * beginning at '*current', which is part of a slab of type diff --git a/lib/dns/result.c b/lib/dns/result.c index 7be4f577ed86..f03bbe31601c 100644 --- a/lib/dns/result.c +++ b/lib/dns/result.c @@ -168,6 +168,7 @@ static const char *text[DNS_R_NRESULTS] = { "bad CDS", /*%< 111 DNS_R_BADCSD */ "bad CDNSKEY", /*%< 112 DNS_R_BADCDNSKEY */ "malformed OPT option" /*%< 113 DNS_R_OPTERR */ + "too many records", /*%< 114 DNS_R_TOOMANYRECORDS */ }; static const char *rcode_text[DNS_R_NRCODERESULTS] = { diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c index f0ffc3d6f384..a0655ad1ee92 100644 --- a/lib/dns/sdb.c +++ b/lib/dns/sdb.c @@ -1296,7 +1296,8 @@ static dns_dbmethods_t sdb_methods = { NULL, /* rpz_enabled */ NULL, /* rpz_findips */ findnodeext, - findext + findext, + NULL /* getsize */ }; static isc_result_t diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c index e70532021719..ff96af434933 100644 --- a/lib/dns/sdlz.c +++ b/lib/dns/sdlz.c @@ -1267,7 +1267,8 @@ static dns_dbmethods_t sdlzdb_methods = { NULL, /* rpz_enabled */ NULL, /* rpz_findips */ findnodeext, - findext + findext, + NULL /* getsize */ }; /* diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index aec238d3fc1a..e71e42dbac56 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -147,6 +147,9 @@ struct dns_xfrin_ctx { unsigned int nrecs; /*%< Number of records recvd */ isc_uint64_t nbytes; /*%< Number of bytes received */ + unsigned int maxrecords; /*%< The maximum number of + records set for the zone */ + isc_time_t start; /*%< Start time of the transfer */ isc_time_t end; /*%< End time of the transfer */ @@ -312,11 +315,19 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr) { isc_result_t result; + isc_uint64_t records; CHECK(dns_diff_load(&xfr->diff, xfr->axfr.add_func, xfr->axfr.add_private)); xfr->difflen = 0; dns_diff_clear(&xfr->diff); + if (xfr->maxrecords != 0U) { + result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); + if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { + result = DNS_R_TOOMANYRECORDS; + goto failure; + } + } result = ISC_R_SUCCESS; failure: return (result); @@ -403,6 +414,7 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr) { isc_result_t result; + isc_uint64_t records; if (xfr->ver == NULL) { CHECK(dns_db_newversion(xfr->db, &xfr->ver)); @@ -410,6 +422,13 @@ ixfr_apply(dns_xfrin_ctx_t *xfr) { CHECK(dns_journal_begin_transaction(xfr->ixfr.journal)); } CHECK(dns_diff_apply(&xfr->diff, xfr->db, xfr->ver)); + if (xfr->maxrecords != 0U) { + result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); + if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { + result = DNS_R_TOOMANYRECORDS; + goto failure; + } + } if (xfr->ixfr.journal != NULL) { result = dns_journal_writediff(xfr->ixfr.journal, &xfr->diff); if (result != ISC_R_SUCCESS) @@ -752,7 +771,7 @@ xfrin_reset(dns_xfrin_ctx_t *xfr) { static void xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg) { - if (result != DNS_R_UPTODATE) { + if (result != DNS_R_UPTODATE && result != DNS_R_TOOMANYRECORDS) { xfrin_log(xfr, ISC_LOG_ERROR, "%s: %s", msg, isc_result_totext(result)); if (xfr->is_ixfr) @@ -843,6 +862,7 @@ xfrin_create(isc_mem_t *mctx, xfr->nmsg = 0; xfr->nrecs = 0; xfr->nbytes = 0; + xfr->maxrecords = dns_zone_getmaxrecords(zone); isc_time_now(&xfr->start); xfr->tsigkey = NULL; diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 490248a68910..c59ef3201ec6 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -248,6 +248,8 @@ struct dns_zone { isc_uint32_t maxretry; isc_uint32_t minretry; + isc_uint32_t maxrecords; + isc_sockaddr_t *masters; dns_name_t **masterkeynames; isc_boolean_t *mastersok; @@ -9689,6 +9691,20 @@ dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val) { zone->maxretry = val; } +isc_uint32_t +dns_zone_getmaxrecords(dns_zone_t *zone) { + REQUIRE(DNS_ZONE_VALID(zone)); + + return (zone->maxrecords); +} + +void +dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t val) { + REQUIRE(DNS_ZONE_VALID(zone)); + + zone->maxrecords = val; +} + static isc_boolean_t notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name, isc_sockaddr_t *addr, dns_tsigkey_t *key) @@ -13977,7 +13993,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR); TIME_NOW(&now); - switch (result) { + switch (xfrresult) { case ISC_R_SUCCESS: DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); /*FALLTHROUGH*/ @@ -14104,6 +14120,11 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { DNS_ZONE_SETFLAG(zone, DNS_ZONEFLAG_NOIXFR); goto same_master; + case DNS_R_TOOMANYRECORDS: + DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime); + inc_stats(zone, dns_zonestatscounter_xfrfail); + break; + default: next_master: /* diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index d95a03a61433..6f149602c05f 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1597,6 +1597,7 @@ zone_clauses[] = { { "masterfile-format", &cfg_type_masterformat, 0 }, { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_OBSOLETE }, { "max-journal-size", &cfg_type_sizenodefault, 0 }, + { "max-records", &cfg_type_uint32, 0 }, { "max-refresh-time", &cfg_type_uint32, 0 }, { "max-retry-time", &cfg_type_uint32, 0 }, { "max-transfer-idle-in", &cfg_type_uint32, 0 }, -- 2.12.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor