[Freeipa-devel] [PATCH 0076] Fix crashes on BIND reload caused by improper error handling during new zone addition

Adam Tkac atkac at redhat.com
Tue Oct 9 11:15:01 UTC 2012 

On Fri, Oct 05, 2012 at 05:00:14PM +0200, Petr Spacek wrote:
> Hello,
> 
>     Fix crashes on BIND reload caused by improper error handling
>     during new zone addition.
> 
>     Crash can be triggered by invalid query/transfer/update ACLs
>     or potentially by error in zr_get_zone_ptr().
> 
> I found this problem during PATCH 75 testing, so there is a new ticket:
> https://fedorahosted.org/bind-dyndb-ldap/ticket/93

Ack

> From d0e958cac75035b212f87f00fade080b025d0a23 Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Fri, 5 Oct 2012 14:41:57 +0200
> Subject: [PATCH] Fix crashes on BIND reload caused by improper error handling
>  during new zone addition.
> 
> Crash can be triggered by invalid query/transfer/update ACLs
> or potentially by error in zr_get_zone_ptr().
> 
> https://fedorahosted.org/bind-dyndb-ldap/ticket/93
> 
> Signed-off-by: Petr Spacek <pspacek at redhat.com>
> ---
>  src/ldap_helper.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/src/ldap_helper.c b/src/ldap_helper.c
> index d4bb6db10b0e79f8777fde3c5f344298af87ce56..0e1cf6f7a6986db126aaa5329dbe9abbc98c8bf4 100644
> --- a/src/ldap_helper.c
> +++ b/src/ldap_helper.c
> @@ -1031,6 +1031,7 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>  	isc_result_t result;
>  	isc_boolean_t unlock = ISC_FALSE;
>  	isc_boolean_t publish = ISC_FALSE;
> +	isc_boolean_t published = ISC_FALSE;
>  	isc_task_t *task = inst->task;
>  	isc_uint32_t ldap_serial;
>  	isc_uint32_t zr_serial;	/* SOA serial value from in-memory zone register */
> @@ -1074,12 +1075,13 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>  
>  	/* Check if we are already serving given zone */
>  	result = zr_get_zone_ptr(inst->zone_register, &name, &zone);
> -	if (result != ISC_R_SUCCESS) { /* TODO: What about other errors? */
> +	if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
>  		CHECK(create_zone(inst, &name, &zone));
>  		CHECK(zr_add_zone(inst->zone_register, zone, dn));
>  		publish = ISC_TRUE;
>  		log_debug(2, "created zone %p: %s", zone, dn);
> -	}
> +	} else if (result != ISC_R_SUCCESS)
> +		CLEANUP_WITH(result);
>  
>  	log_debug(2, "Setting SSU table for %p: %s", zone, dn);
>  	/* Get the update policy and update the zone with it. */
> @@ -1119,6 +1121,7 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>  	if (publish) {
>  		/* Everything is set correctly, publish zone */
>  		CHECK(publish_zone(inst, zone));
> +		published = ISC_TRUE;
>  	}
>  
>  	/*
> @@ -1178,6 +1181,13 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst)
>  	}
>  
>  cleanup:
> +	if (publish && !published) { /* Failure in ACL parsing or so. */
> +		log_error_r("zone '%s': publishing failed, rolling back due to",
> +			    entry->dn);
> +		result = zr_del_zone(inst->zone_register, &name);
> +		if (result != ISC_R_SUCCESS)
> +			log_error_r("zone '%s': rollback failed", entry->dn);
> +	}
>  	if (unlock)
>  		isc_task_endexclusive(task);
>  	if (dns_name_dynamic(&name))
> -- 
> 1.7.11.4
> 


-- 
Adam Tkac, Red Hat, Inc.

More information about the Freeipa-devel mailing list