src - FreeBSD source tree

diff options


context:
space:
mode:

author	Doug Barton <dougb@FreeBSD.org>	2011-08-02 05:18:50 +0000
committer	Doug Barton <dougb@FreeBSD.org>	2011-08-02 05:18:50 +0000
commit	0842d663b7cfb84b478ec937fc1dbc640ceae92b (patch)
tree	4385ddab756952a705f233916d0536e76fe9cc58 /bin/named
parent	6a50a75ead6b2f11f0321914c033e8c8670cbb60 (diff)

Vendor import of BIND 9.6-ESV-R5vendor/bind9/9.6-ESV-R5

Diffstat (limited to 'bin/named')

-rw-r--r--

bin/named/client.c

-rw-r--r--

bin/named/controlconf.c

-rw-r--r--

bin/named/interfacemgr.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

bin/named/statschannel.c

-rw-r--r--

bin/named/unix/os.c

-rw-r--r--

bin/named/update.c

-rw-r--r--

bin/named/zoneconf.c

11 files changed, 221 insertions, 129 deletions

diff --git a/bin/named/client.c b/bin/named/client.c
index 6236d27f28a0..c5d04af69f3a 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: client.c,v 1.259.12.5 2010-09-24 08:30:27 tbox Exp $ */

+/* $Id: client.c,v 1.259.12.7 2011-05-06 23:45:55 tbox Exp $ */

#include <config.h>

@@ -633,6 +633,7 @@ ns_client_endrequest(ns_client_t *client) {

dns_message_puttemprdataset(client->message, &client->opt);

}

+ client->signer = NULL;

client->udpsize = 512;

client->extflags = 0;

client->ednsversion = -1;

@@ -2087,6 +2088,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {

client->next = NULL;

client->shutdown = NULL;

client->shutdown_arg = NULL;

+ client->signer = NULL;

dns_name_init(&client->signername, NULL);

client->mortal = ISC_FALSE;

client->tcpquota = NULL;

diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 16d375b0083a..a055cb281f93 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: controlconf.c,v 1.60 2008-07-23 23:27:54 marka Exp $ */

+/* $Id: controlconf.c,v 1.60.70.2 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -859,7 +859,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {

cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,

"secret for key '%s' on command channel: %s",

keyid->keyname, isc_result_totext(result));

- CHECK(result);

+ goto cleanup;

}

keyid->secret.length = isc_buffer_usedlength(&b);

diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index fad32137f6df..4d5c4675c366 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: interfacemgr.c,v 1.93.70.2 2009-01-18 23:47:34 tbox Exp $ */

+/* $Id: interfacemgr.c,v 1.93.70.4 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -379,7 +379,7 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,

}

*ifpret = ifp;

- return (ISC_R_SUCCESS);

+ return (result);

cleanup_interface:

ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);

@@ -964,7 +964,6 @@ isc_boolean_t

ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) {

isc_sockaddr_t *old;

- old = ISC_LIST_HEAD(mgr->listenon);

for (old = ISC_LIST_HEAD(mgr->listenon);

old != NULL;

old = ISC_LIST_NEXT(old, link))

diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index 8ae55ff7c54e..d265eaa3d95b 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,12 +15,13 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: logconf.c,v 1.42 2007-06-19 23:46:59 tbox Exp $ */

+/* $Id: logconf.c,v 1.42.334.4 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

#include <config.h>

+#include <isc/file.h>

#include <isc/offset.h>

#include <isc/result.h>

#include <isc/stdio.h>

@@ -130,7 +131,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {

}

type = ISC_LOG_TONULL;

if (fileobj != NULL) {

const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");

const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");

@@ -140,7 +141,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {

isc_offset_t size = 0;

type = ISC_LOG_TOFILE;

if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))

versions = cfg_obj_asuint32(versionsobj);

if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&

@@ -219,26 +220,38 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {

if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {

FILE *fp;

- /*

- * Test that the file can be opened, since isc_log_open()

- * can't effectively report failures when called in

- * isc_log_doit().

- */

- result = isc_stdio_open(dest.file.name, "a", &fp);

- if (result != ISC_R_SUCCESS)

- isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,

- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,

- "logging channel '%s' file '%s': %s",

- channelname, dest.file.name,

- isc_result_totext(result));

- else

- (void)isc_stdio_close(fp);

- * Allow named to continue by returning success.

- */

- result = ISC_R_SUCCESS;

+ * Test to make sure that file is a plain file.

+ * Fix defect #22771

+ */

+ result = isc_file_isplainfile(dest.file.name);

+ if (result == ISC_R_SUCCESS ||

+ result == ISC_R_FILENOTFOUND) {

+ /*

+ * Test that the file can be opened, since

+ * isc_log_open() can't effectively report

+ * failures when called in

+ * isc_log_doit().

+ */

+ result = isc_stdio_open(dest.file.name, "a", &fp);

+ if (result != ISC_R_SUCCESS) {

+ syslog(LOG_ERR,

+ "isc_stdio_open '%s' failed: %s",

+ dest.file.name,

+ isc_result_totext(result));

+ fprintf(stderr,

+ "isc_stdio_open '%s' failed: %s",

+ dest.file.name,

+ isc_result_totext(result));

+ } else

+ (void)isc_stdio_close(fp);

+ } else {

+ syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",

+ dest.file.name, isc_result_totext(result));

+ fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",

+ dest.file.name, isc_result_totext(result));

+ }

}

return (result);

diff --git a/bin/named/main.c b/bin/named/main.c
index a1d94fff80d5..d638ed62ce0e 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: main.c,v 1.166.34.7 2010-09-15 12:16:49 marka Exp $ */

+/* $Id: main.c,v 1.166.34.9 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -484,6 +484,7 @@ parse_command_line(int argc, char *argv[]) {

argc -= isc_commandline_index;

argv += isc_commandline_index;

+ POST(argv);

if (argc > 0) {

usage();

diff --git a/bin/named/query.c b/bin/named/query.c
index fa34da6e28c0..e6637dfacfe4 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: query.c,v 1.313.20.24 2010-09-24 08:09:07 marka Exp $ */

+/* $Id: query.c,v 1.313.20.27 2011-03-19 09:47:54 marka Exp $ */

/*! \file */

@@ -1511,6 +1511,7 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {

need_addname = ISC_FALSE;

zone = NULL;

needadditionalcache = ISC_FALSE;

+ POST(needadditionalcache);

additionaltype = dns_rdatasetadditional_fromauth;

dns_name_init(&cfname, NULL);

@@ -4583,18 +4584,19 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)

goto cleanup;

}

result = dns_name_concatenate(prefix, tname, fname, NULL);

+ /*

+ * RFC2672, section 4.1, subsection 3c says

+ * we should return YXDOMAIN if the constructed

+ * name would be too long.

+ */

+ if (result == DNS_R_NAMETOOLONG)

+ client->message->rcode = dns_rcode_yxdomain;

if (result != ISC_R_SUCCESS) {

dns_message_puttempname(client->message, &tname);

- if (result == ISC_R_NOSPACE) {

- /*

- * RFC2672, section 4.1, subsection 3c says

- * we should return YXDOMAIN if the constructed

- * name would be too long.

- */

- client->message->rcode = dns_rcode_yxdomain;

- }

goto cleanup;

}

query_keepname(client, fname, dbuf);

* Synthesize a CNAME for this DNAME.

diff --git a/bin/named/server.c b/bin/named/server.c
index bc7fc17c3296..3aeaf27e098d 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: server.c,v 1.520.12.21 2011-01-14 23:45:49 tbox Exp $ */

+/* $Id: server.c,v 1.520.12.23 2011-03-11 10:49:51 marka Exp $ */

/*! \file */

@@ -543,18 +543,13 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,

int af, dns_dispatch_t **dispatchp,

isc_boolean_t is_firstview)

{

- isc_result_t result;

+ isc_result_t result = ISC_R_FAILURE;

dns_dispatch_t *disp;

isc_sockaddr_t sa;

unsigned int attrs, attrmask;

const cfg_obj_t *obj = NULL;

unsigned int maxdispatchbuffers;

- /*

- * Make compiler happy.

- */

- result = ISC_R_FAILURE;

switch (af) {

case AF_INET:

result = ns_config_get(maps, "query-source", &obj);

@@ -1033,7 +1028,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

isc_uint32_t lame_ttl;

dns_tsig_keyring_t *ring;

dns_view_t *pview = NULL; /* Production view */

- isc_mem_t *cmctx;

+ isc_mem_t *cmctx = NULL, *hmctx = NULL;

dns_dispatch_t *dispatch4 = NULL;

dns_dispatch_t *dispatch6 = NULL;

isc_boolean_t reused_cache = ISC_FALSE;

@@ -1056,8 +1051,6 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

REQUIRE(DNS_VIEW_VALID(view));

- cmctx = NULL;

if (config != NULL)

(void)cfg_map_get(config, "options", &options);

@@ -1082,6 +1075,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

sep = "";

viewname = "";

forview = "";

+ POST(forview);

}

@@ -1292,10 +1286,22 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

dns_view_detach(&pview);

}

if (cache == NULL) {

+ /*

+ * Create a cache.

+ *

+ * We use two separate memory contexts for the

+ * cache, for the main cache memory and the heap

+ * memory.

+ */

CHECK(isc_mem_create(0, 0, &cmctx));

- CHECK(dns_cache_create(cmctx, ns_g_taskmgr, ns_g_timermgr,

- view->rdclass, "rbt", 0, NULL, &cache));

isc_mem_setname(cmctx, "cache", NULL);

+ CHECK(isc_mem_create(0, 0, &hmctx));

+ isc_mem_setname(hmctx, "cache_heap", NULL);

+ CHECK(dns_cache_create3(cmctx, hmctx, ns_g_taskmgr,

+ ns_g_timermgr, view->rdclass,

+ NULL, "rbt", 0, NULL, &cache));

+ isc_mem_detach(&cmctx);

+ isc_mem_detach(&hmctx);

}

dns_view_setcache(view, cache);

@@ -2029,6 +2035,8 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

dns_order_detach(&order);

if (cmctx != NULL)

isc_mem_detach(&cmctx);

+ if (hmctx != NULL)

+ isc_mem_detach(&hmctx);

if (cache != NULL)

dns_cache_detach(&cache);

@@ -2260,6 +2268,7 @@ create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,

classobj = cfg_tuple_get(vconfig, "class");

result = ns_config_getclass(classobj, dns_rdataclass_in,

&viewclass);

+ INSIST(result == ISC_R_SUCCESS);

} else {

viewname = "_default";

viewclass = dns_rdataclass_in;

@@ -3016,7 +3025,7 @@ load_configuration(const char *filename, ns_server_t *server,

if (result == ISC_R_SUCCESS)

maps[i++] = options;

maps[i++] = ns_g_defaults;

- maps[i++] = NULL;

+ maps[i] = NULL;

* Set process limits, which (usually) needs to be done as root.

@@ -3217,11 +3226,10 @@ load_configuration(const char *filename, ns_server_t *server,

if (options != NULL)

(void)cfg_map_get(options, "listen-on", &clistenon);

if (clistenon != NULL) {

- result = ns_listenlist_fromconfig(clistenon,

- config,

- &aclconfctx,

- ns_g_mctx,

- &listenon);

+ /* check return code? */

+ (void)ns_listenlist_fromconfig(clistenon, config,

+ &aclconfctx, ns_g_mctx,

+ &listenon);

} else if (!ns_g_lwresdonly) {

* Not specified, use default.

@@ -3245,11 +3253,10 @@ load_configuration(const char *filename, ns_server_t *server,

if (options != NULL)

(void)cfg_map_get(options, "listen-on-v6", &clistenon);

if (clistenon != NULL) {

- result = ns_listenlist_fromconfig(clistenon,

- config,

- &aclconfctx,

- ns_g_mctx,

- &listenon);

+ /* check return code? */

+ (void)ns_listenlist_fromconfig(clistenon, config,

+ &aclconfctx, ns_g_mctx,

+ &listenon);

} else if (!ns_g_lwresdonly) {

isc_boolean_t enable;

@@ -3875,8 +3882,8 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {

void

ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {

isc_result_t result;

ns_server_t *server = isc_mem_get(mctx, sizeof(*server));

if (server == NULL)

fatal("allocating server object", ISC_R_NOMEMORY);

@@ -4596,7 +4603,6 @@ ns_server_dumpstats(ns_server_t *server) {

"could not open statistics dump file", server->statsfile);

result = ns_stats_dump(server, fp);

- CHECK(result);

cleanup:

if (fp != NULL)

@@ -4776,6 +4782,7 @@ dumpdone(void *arg, isc_result_t result) {

fprintf(dctx->fp, "; %s\n",

dns_result_totext(result));

result = ISC_R_SUCCESS;

+ POST(result);

goto nextzone;

}

if (result != ISC_R_SUCCESS)

diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index c77d3ca1bfeb..959ebd913b60 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -14,7 +14,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: statschannel.c,v 1.14.64.11 2010-02-04 23:47:46 tbox Exp $ */

+/* $Id: statschannel.c,v 1.14.64.13 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -637,7 +637,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {

static void

opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {

- FILE *fp = arg;

+ FILE *fp;

isc_buffer_t b;

char codebuf[64];

stats_dumparg_t *dumparg = arg;

diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 3f07784fcb82..efcce88c395f 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: os.c,v 1.89.12.5 2009-03-02 03:03:54 marka Exp $ */

+/* $Id: os.c,v 1.89.12.7 2011-02-21 23:45:48 tbox Exp $ */

/*! \file */

@@ -838,7 +838,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {

isc_buffer_availablelength(text),

"pid: %ld", (long)pid);

/* Only send a message if it is complete. */

- if (n < isc_buffer_availablelength(text))

+ if (n > 0 && n < isc_buffer_availablelength(text))

isc_buffer_add(text, n);

}

diff --git a/bin/named/update.c b/bin/named/update.c
index 1504a44b5ad0..a96a43035a60 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: update.c,v 1.151.12.11 2010-02-26 23:48:43 tbox Exp $ */

+/* $Id: update.c,v 1.151.12.16 2011-03-26 00:47:01 each Exp $ */

#include <config.h>

@@ -1646,7 +1646,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

{

isc_result_t result;

dns_dbiterator_t *dbit = NULL;

- isc_boolean_t has_nsec;

+ isc_boolean_t has_nsec = ISC_FALSE;

unsigned int wraps = 0;

isc_boolean_t secure = dns_db_issecure(db);

@@ -2406,7 +2406,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

CHECK(add_placeholder_nsec(db, newver, name,

diff));

CHECK(add_exposed_sigs(client, zone, db, newver, name,

- cut, diff, zone_keys, nkeys,

+ cut, &sig_diff, zone_keys, nkeys,

inception, expire, check_ksk));

}

@@ -2567,7 +2567,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

&nsec_diff));

} else {

CHECK(add_exposed_sigs(client, zone, db, newver, name,

- cut, diff, zone_keys, nkeys,

+ cut, &sig_diff, zone_keys, nkeys,

inception, expire, check_ksk));

CHECK(dns_nsec3_addnsec3s(db, newver, name, nsecttl,

unsecure, &nsec_diff));

@@ -3094,8 +3094,7 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

* Extract NSEC3PARAM tuples from list.

for (tuple = ISC_LIST_HEAD(diff->tuples);

- tuple != NULL;

- tuple = next) {

+ tuple != NULL; tuple = next) {

next = ISC_LIST_NEXT(tuple, link);

@@ -3256,7 +3255,7 @@ static isc_result_t

add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,

dns_rdatatype_t privatetype, dns_diff_t *diff)

{

- dns_difftuple_t *tuple, *newtuple = NULL;

+ dns_difftuple_t *tuple, *newtuple = NULL, *next;

dns_rdata_dnskey_t dnskey;

dns_rdata_t rdata = DNS_RDATA_INIT;

isc_boolean_t flag;

@@ -3264,13 +3263,81 @@ add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,

isc_result_t result = ISC_R_SUCCESS;

isc_uint16_t keyid;

unsigned char buf[5];

+ dns_diff_t temp_diff;

+ dns_diff_init(diff->mctx, &temp_diff);

+ /*

+ * Extract the DNSKEY tuples from the list.

+ */

for (tuple = ISC_LIST_HEAD(diff->tuples);

- tuple != NULL;

- tuple = ISC_LIST_NEXT(tuple, link)) {

+ tuple != NULL; tuple = next) {

+ next = ISC_LIST_NEXT(tuple, link);

if (tuple->rdata.type != dns_rdatatype_dnskey)

continue;

+ ISC_LIST_UNLINK(diff->tuples, tuple, link);

+ ISC_LIST_APPEND(temp_diff.tuples, tuple, link);

+ }

+ /*

+ * Extract TTL changes pairs, we don't need signing records for these.

+ */

+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);

+ tuple != NULL; tuple = next) {

+ if (tuple->op == DNS_DIFFOP_ADD) {

+ /*

+ * Walk the temp_diff list looking for the

+ * corresponding delete.

+ */

+ next = ISC_LIST_HEAD(temp_diff.tuples);

+ while (next != NULL) {

+ unsigned char *next_data = next->rdata.data;

+ unsigned char *tuple_data = tuple->rdata.data;

+ if (next->op == DNS_DIFFOP_DEL &&

+ dns_name_equal(&tuple->name, &next->name) &&

+ next->rdata.length == tuple->rdata.length &&

+ !memcmp(next_data, tuple_data,

+ next->rdata.length)) {

+ ISC_LIST_UNLINK(temp_diff.tuples, next,

+ link);

+ ISC_LIST_APPEND(diff->tuples, next,

+ link);

+ break;

+ }

+ next = ISC_LIST_NEXT(next, link);

+ }

+ /*

+ * If we have not found a pair move onto the next

+ * tuple.

+ */

+ if (next == NULL) {

+ next = ISC_LIST_NEXT(tuple, link);

+ continue;

+ }

+ /*

+ * Find the next tuple to be processed before

+ * unlinking then complete moving the pair to 'diff'.

+ */

+ next = ISC_LIST_NEXT(tuple, link);

+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);

+ ISC_LIST_APPEND(diff->tuples, tuple, link);

+ } else

+ next = ISC_LIST_NEXT(tuple, link);

+ }

+ /*

+ * Process the remaining DNSKEY entries.

+ */

+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);

+ tuple != NULL;

+ tuple = ISC_LIST_HEAD(temp_diff.tuples)) {

+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);

+ ISC_LIST_APPEND(diff->tuples, tuple, link);

dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);

if ((dnskey.flags &

(DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))

@@ -3310,7 +3377,9 @@ add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,

INSIST(newtuple == NULL);

}

failure:

+ dns_diff_clear(&temp_diff);

return (result);

}

@@ -3558,7 +3627,6 @@ update_action(isc_task_t *task, isc_event_t *event) {

* Check Requestor's Permissions. It seems a bit silly to do this

* only after prerequisite testing, but that is what RFC2136 says.

- result = ISC_R_SUCCESS;

if (ssutable == NULL)

CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),

"update", zonename, ISC_FALSE, ISC_FALSE));

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 367ddd320d2c..a93adbdceada 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: zoneconf.c,v 1.147.50.2 2009-01-29 23:47:44 tbox Exp $ */

+/* $Id: zoneconf.c,v 1.147.50.5 2011-03-12 04:57:24 tbox Exp $ */

/*% */

@@ -119,7 +119,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,

/* First check to see if ACL is defined within the zone */

if (zconfig != NULL) {

maps[0] = cfg_tuple_get(zconfig, "options");

- ns_config_get(maps, aclname, &aclobj);

+ (void)ns_config_get(maps, aclname, &aclobj);

if (aclobj != NULL) {

aclp = NULL;

goto parse_acl;

@@ -144,7 +144,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,

maps[i++] = ns_g_defaults;

maps[i] = NULL;

- result = ns_config_get(maps, aclname, &aclobj);

+ (void)ns_config_get(maps, aclname, &aclobj);

if (aclobj == NULL) {

(*clearzacl)(zone);

return (ISC_R_SUCCESS);

@@ -331,7 +331,7 @@ zonetype_fromconfig(const cfg_obj_t *map) {

isc_result_t result;

result = cfg_map_get(map, "type", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

return (ns_config_getzonetype(obj));

}

@@ -395,7 +395,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,

INSIST(0);

}

result = ns_checknames_get(maps, zone, objp);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);

}

isc_result_t

@@ -449,7 +449,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

maps[i++] = options;

}

maps[i++] = ns_g_defaults;

- maps[i++] = NULL;

+ maps[i] = NULL;

if (vconfig != NULL)

RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),

@@ -538,7 +538,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "dialup", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (cfg_obj_isboolean(obj)) {

if (cfg_obj_asboolean(obj))

dialup = dns_dialuptype_yes;

@@ -561,7 +561,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "zone-statistics", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

zonestats_on = cfg_obj_asboolean(obj);

zoneqrystats = NULL;

if (zonestats_on) {

@@ -580,7 +580,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

if (ztype != dns_zone_stub) {

obj = NULL;

result = ns_config_get(maps, "notify", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (cfg_obj_isboolean(obj)) {

if (cfg_obj_asboolean(obj))

notifytype = dns_notifytype_yes;

@@ -616,19 +616,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "notify-source", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "notify-source-v6", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "notify-to-soa", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,

cfg_obj_asboolean(obj));

@@ -641,17 +641,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "max-transfer-time-out", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-transfer-idle-out", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-journal-size", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setjournalsize(zone, -1);

if (cfg_obj_isstring(obj)) {

const char *str = cfg_obj_asstring(obj);

@@ -675,13 +675,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "ixfr-from-differences", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (cfg_obj_isboolean(obj))

ixfrdiff = cfg_obj_asboolean(obj);

- else if (strcasecmp(cfg_obj_asstring(obj), "master") &&

+ else if (!strcasecmp(cfg_obj_asstring(obj), "master") &&

ztype == dns_zone_master)

ixfrdiff = ISC_TRUE;

- else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&

+ else if (!strcasecmp(cfg_obj_asstring(obj), "slave") &&

ztype == dns_zone_slave)

ixfrdiff = ISC_TRUE;

else

@@ -704,23 +704,23 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "notify-delay", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "check-sibling", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,

cfg_obj_asboolean(obj));

obj = NULL;

result = ns_config_get(maps, "zero-no-soa-ttl", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));

obj = NULL;

result = ns_config_get(maps, "nsec3-test-zone", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,

cfg_obj_asboolean(obj));

}

@@ -748,7 +748,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "sig-validity-interval", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

{

const cfg_obj_t *validity, *resign;

@@ -785,22 +785,22 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "sig-signing-signatures", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setsignatures(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "sig-signing-nodes", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setnodes(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "sig-signing-type", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "update-check-ksk", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,

cfg_obj_asboolean(obj));

@@ -826,7 +826,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "check-mx", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

fail = ISC_FALSE;

check = ISC_TRUE;

@@ -841,13 +841,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "check-integrity", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,

cfg_obj_asboolean(obj));

obj = NULL;

result = ns_config_get(maps, "check-mx-cname", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

warn = ISC_TRUE;

ignore = ISC_FALSE;

@@ -862,7 +862,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "check-srv-cname", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

warn = ISC_TRUE;

ignore = ISC_FALSE;

@@ -884,7 +884,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

case dns_zone_stub:

count = 0;

obj = NULL;

- result = cfg_map_get(zoptions, "masters", &obj);

+ (void)cfg_map_get(zoptions, "masters", &obj);

if (obj != NULL) {

addrs = NULL;

keynames = NULL;

@@ -903,61 +903,61 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

if (count > 1) {

obj = NULL;

result = ns_config_get(maps, "multi-master", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

multi = cfg_obj_asboolean(obj);

}

dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);

obj = NULL;

result = ns_config_get(maps, "max-transfer-time-in", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-transfer-idle-in", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-refresh-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "min-refresh-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "max-retry-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "min-retry-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "transfer-source", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "transfer-source-v6", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "alt-transfer-source", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));

obj = NULL;

result = ns_config_get(maps, "alt-transfer-source-v6", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));

obj = NULL;