src - FreeBSD source tree

diff options


context:
space:
mode:

author	Doug Barton <dougb@FreeBSD.org>	2011-08-02 05:18:50 +0000
committer	Doug Barton <dougb@FreeBSD.org>	2011-08-02 05:18:50 +0000
commit	0842d663b7cfb84b478ec937fc1dbc640ceae92b (patch)
tree	4385ddab756952a705f233916d0536e76fe9cc58 /bin
parent	6a50a75ead6b2f11f0321914c033e8c8670cbb60 (diff)

Vendor import of BIND 9.6-ESV-R5vendor/bind9/9.6-ESV-R5

Diffstat (limited to 'bin')

-rw-r--r--

bin/check/named-checkconf.c

-rw-r--r--

bin/dig/dig.c

-rw-r--r--

bin/dig/dighost.c

-rw-r--r--

bin/dig/host.c

-rw-r--r--

bin/dig/include/dig/dig.h

-rw-r--r--

bin/dig/nslookup.c

-rw-r--r--

bin/dnssec/dnssec-keyfromlabel.c

-rw-r--r--

bin/dnssec/dnssec-keygen.c

-rw-r--r--

bin/dnssec/dnssec-signzone.c

-rw-r--r--

bin/named/client.c

-rw-r--r--

bin/named/controlconf.c

-rw-r--r--

bin/named/interfacemgr.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

bin/named/statschannel.c

-rw-r--r--

bin/named/unix/os.c

-rw-r--r--

bin/named/update.c

-rw-r--r--

bin/named/zoneconf.c

-rw-r--r--

bin/nsupdate/nsupdate.c

-rw-r--r--

bin/rndc/rndc.c

22 files changed, 347 insertions, 235 deletions

diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index 20983b5b9392..e8e3e3d93ac4 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: named-checkconf.c,v 1.46.222.4 2010-09-07 23:46:05 tbox Exp $ */

+/* $Id: named-checkconf.c,v 1.46.222.6 2011-03-12 04:57:22 tbox Exp $ */

/*! \file */

@@ -187,7 +187,7 @@ configure_zone(const char *vclass, const char *view,

if (obj != NULL)

maps[i++] = obj;

}

- maps[i++] = NULL;

+ maps[i] = NULL;

cfg_map_get(zoptions, "type", &typeobj);

if (typeobj == NULL)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 7de934bb50d2..daefd0ebeb0d 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: dig.c,v 1.225.26.7 2010-05-13 00:43:37 marka Exp $ */

+/* $Id: dig.c,v 1.225.26.10 2011-03-11 10:49:49 marka Exp $ */

/*! \file */

@@ -44,8 +44,6 @@

#include <dns/result.h>

#include <dns/tsig.h>

-#include <bind9/getaddresses.h>

#include <dig/dig.h>

#define ADD_STRING(b, s) { \

@@ -471,8 +469,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {

if (!query->lookup->comments)

flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;

- result = ISC_R_SUCCESS;

result = isc_buffer_allocate(mctx, &buf, len);

check_result(result, "isc_buffer_allocate");

@@ -1459,30 +1455,6 @@ preparse_args(int argc, char **argv) {

}

static void

-getaddresses(dig_lookup_t *lookup, const char *host) {

- isc_result_t result;

- isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];

- isc_netaddr_t netaddr;

- int count, i;

- dig_server_t *srv;

- char tmp[ISC_NETADDR_FORMATSIZE];

- result = bind9_getaddresses(host, 0, sockaddrs,

- DIG_MAX_ADDRESSES, &count);

- if (result != ISC_R_SUCCESS)

- fatal("couldn't get address for '%s': %s",

- host, isc_result_totext(result));

- for (i = 0; i < count; i++) {

- isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);

- isc_netaddr_format(&netaddr, tmp, sizeof(tmp));

- srv = make_server(tmp, host);

- ISC_LIST_APPEND(lookup->my_server_list, srv, link);

- }

- addresscount = count;

-static void

parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,

int argc, char **argv) {

isc_result_t result;

@@ -1576,7 +1548,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,

if (strncmp(rv[0], "%", 1) == 0)

break;

if (strncmp(rv[0], "@", 1) == 0) {

- getaddresses(lookup, &rv[0][1]);

+ addresscount = getaddresses(lookup, &rv[0][1]);

} else if (rv[0][0] == '+') {

plus_option(&rv[0][1], is_batchfile,

lookup);

@@ -1613,7 +1585,6 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,

(isc_textregion_t *)&tr);

if (result == ISC_R_SUCCESS &&

rdtype == dns_rdatatype_ixfr) {

- result = DNS_R_UNKNOWN;

fprintf(stderr, ";; Warning, "

"ixfr requires a "

"serial number\n");

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index df5a0c09f5fc..36e20faaa8fd 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: dighost.c,v 1.311.70.17 2010-12-09 01:12:54 marka Exp $ */

+/* $Id: dighost.c,v 1.311.70.21 2011-03-11 10:49:49 marka Exp $ */

/*! \file

* \note

@@ -542,10 +542,8 @@ make_server(const char *servname, const char *userarg) {

if (srv == NULL)

fatal("memory allocation failure in %s:%d",

__FILE__, __LINE__);

- strncpy(srv->servername, servname, MXNAME);

- strncpy(srv->userarg, userarg, MXNAME);

- srv->servername[MXNAME-1] = 0;

- srv->userarg[MXNAME-1] = 0;

+ strlcpy(srv->servername, servname, MXNAME);

+ strlcpy(srv->userarg, userarg, MXNAME);

ISC_LINK_INIT(srv, link);

return (srv);

}

@@ -1582,8 +1580,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)

dns_rdata_freestruct(&ns);

/* Initialize lookup if we've not yet */

- debug("found NS %d %s", numLookups, namestr);

- numLookups++;

+ debug("found NS %s", namestr);

if (!success) {

success = ISC_TRUE;

lookup_counter++;

@@ -1605,9 +1602,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)

domain = dns_fixedname_name(&lookup->fdomain);

dns_name_copy(name, domain, NULL);

}

- srv = make_server(namestr, namestr);

- debug("adding server %s", srv->servername);

- ISC_LIST_APPEND(lookup->my_server_list, srv, link);

+ debug("adding server %s", namestr);

+ numLookups += getaddresses(lookup, namestr);

dns_rdata_reset(&rdata);

}

@@ -1623,17 +1619,25 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)

if (numLookups > 1) {

isc_uint32_t i, j;

dig_serverlist_t my_server_list;

+ dig_server_t *next;

ISC_LIST_INIT(my_server_list);

- for (i = numLookups; i > 0; i--) {

+ i = numLookups;

+ for (srv = ISC_LIST_HEAD(lookup->my_server_list);

+ srv != NULL;

+ srv = ISC_LIST_HEAD(lookup->my_server_list)) {

+ INSIST(i > 0);

isc_random_get(&j);

j %= i;

- srv = ISC_LIST_HEAD(lookup->my_server_list);

- while (j-- > 0)

- srv = ISC_LIST_NEXT(srv, link);

+ next = ISC_LIST_NEXT(srv, link);

+ while (j-- > 0 && next != NULL) {

+ srv = next;

+ next = ISC_LIST_NEXT(srv, link);

+ }

ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link);

ISC_LIST_APPEND(my_server_list, srv, link);

+ i--;

}

ISC_LIST_APPENDLIST(lookup->my_server_list,

my_server_list, link);

@@ -3358,6 +3362,31 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {

return (ISC_R_SUCCESS);

}

+int

+getaddresses(dig_lookup_t *lookup, const char *host) {

+ isc_result_t result;

+ isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];

+ isc_netaddr_t netaddr;

+ int count, i;

+ dig_server_t *srv;

+ char tmp[ISC_NETADDR_FORMATSIZE];

+ result = bind9_getaddresses(host, 0, sockaddrs,

+ DIG_MAX_ADDRESSES, &count);

+ if (result != ISC_R_SUCCESS)

+ fatal("couldn't get address for '%s': %s",

+ host, isc_result_totext(result));

+ for (i = 0; i < count; i++) {

+ isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);

+ isc_netaddr_format(&netaddr, tmp, sizeof(tmp));

+ srv = make_server(tmp, host);

+ ISC_LIST_APPEND(lookup->my_server_list, srv, link);

+ }

+ return count;

/*%

* Initiate either a TCP or UDP lookup

diff --git a/bin/dig/host.c b/bin/dig/host.c
index ab0be99cd4bd..34980f5da901 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: host.c,v 1.116.216.5 2010-10-19 23:45:58 tbox Exp $ */

+/* $Id: host.c,v 1.116.216.8 2011-03-11 10:49:49 marka Exp $ */

/*! \file */

@@ -518,6 +518,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {

if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {

printf("%scd", did_flag ? " " : "");

did_flag = ISC_TRUE;

+ POST(did_flag);

}

printf("; QUERY: %u, ANSWER: %u, "

"AUTHORITY: %u, ADDITIONAL: %u\n",

@@ -821,8 +822,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {

if (isc_commandline_index >= argc)

show_usage();

- strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));

- hostname[sizeof(hostname)-1]=0;

+ strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));

if (argc > isc_commandline_index + 1) {

set_nameserver(argv[isc_commandline_index+1]);

debug("server is %s", argv[isc_commandline_index+1]);

diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index 3d696c70bb8f..63309fb12455 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: dig.h,v 1.107.120.2 2009-01-06 23:47:26 tbox Exp $ */

+/* $Id: dig.h,v 1.107.120.4 2011-02-28 01:18:40 tbox Exp $ */

#ifndef DIG_H

#define DIG_H

@@ -288,6 +288,9 @@ extern int idnoptions;

isc_result_t

get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);

+int

+getaddresses(dig_lookup_t *lookup, const char *host);

isc_result_t

get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,

isc_boolean_t strict);

diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 8a166fd05535..e52c6411e578 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: nslookup.c,v 1.117.334.5 2009-10-20 01:11:22 marka Exp $ */

+/* $Id: nslookup.c,v 1.117.334.7 2011-02-21 23:45:48 tbox Exp $ */

#include <config.h>

@@ -535,12 +535,6 @@ testclass(char *typetext) {

}

-static void

-safecpy(char *dest, char *src, int size) {

- strncpy(dest, src, size);

- dest[size-1] = 0;

static isc_result_t

parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,

const char *desc) {

@@ -587,34 +581,34 @@ setoption(char *opt) {

show_settings(ISC_TRUE, ISC_FALSE);

} else if (strncasecmp(opt, "class=", 6) == 0) {

if (testclass(&opt[6]))

- safecpy(defclass, &opt[6], sizeof(defclass));

+ strlcpy(defclass, &opt[6], sizeof(defclass));

} else if (strncasecmp(opt, "cl=", 3) == 0) {

if (testclass(&opt[3]))

- safecpy(defclass, &opt[3], sizeof(defclass));

+ strlcpy(defclass, &opt[3], sizeof(defclass));

} else if (strncasecmp(opt, "type=", 5) == 0) {

if (testtype(&opt[5]))

- safecpy(deftype, &opt[5], sizeof(deftype));

+ strlcpy(deftype, &opt[5], sizeof(deftype));

} else if (strncasecmp(opt, "ty=", 3) == 0) {

if (testtype(&opt[3]))

- safecpy(deftype, &opt[3], sizeof(deftype));

+ strlcpy(deftype, &opt[3], sizeof(deftype));

} else if (strncasecmp(opt, "querytype=", 10) == 0) {

if (testtype(&opt[10]))

- safecpy(deftype, &opt[10], sizeof(deftype));

+ strlcpy(deftype, &opt[10], sizeof(deftype));

} else if (strncasecmp(opt, "query=", 6) == 0) {

if (testtype(&opt[6]))

- safecpy(deftype, &opt[6], sizeof(deftype));

+ strlcpy(deftype, &opt[6], sizeof(deftype));

} else if (strncasecmp(opt, "qu=", 3) == 0) {

if (testtype(&opt[3]))

- safecpy(deftype, &opt[3], sizeof(deftype));

+ strlcpy(deftype, &opt[3], sizeof(deftype));

} else if (strncasecmp(opt, "q=", 2) == 0) {

if (testtype(&opt[2]))

- safecpy(deftype, &opt[2], sizeof(deftype));

+ strlcpy(deftype, &opt[2], sizeof(deftype));

} else if (strncasecmp(opt, "domain=", 7) == 0) {

- safecpy(domainopt, &opt[7], sizeof(domainopt));

+ strlcpy(domainopt, &opt[7], sizeof(domainopt));

set_search_domain(domainopt);

usesearch = ISC_TRUE;

} else if (strncasecmp(opt, "do=", 3) == 0) {

- safecpy(domainopt, &opt[3], sizeof(domainopt));

+ strlcpy(domainopt, &opt[3], sizeof(domainopt));

set_search_domain(domainopt);

usesearch = ISC_TRUE;

} else if (strncasecmp(opt, "port=", 5) == 0) {

@@ -693,11 +687,11 @@ addlookup(char *opt) {

lookup = make_empty_lookup();

if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)

== ISC_R_SUCCESS) {

- safecpy(lookup->textname, store, sizeof(lookup->textname));

+ strlcpy(lookup->textname, store, sizeof(lookup->textname));

lookup->rdtype = dns_rdatatype_ptr;

lookup->rdtypeset = ISC_TRUE;

} else {

- safecpy(lookup->textname, opt, sizeof(lookup->textname));

+ strlcpy(lookup->textname, opt, sizeof(lookup->textname));

lookup->rdtype = rdtype;

lookup->rdtypeset = ISC_TRUE;

}

diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index 8e9a53bb798e..ac909943c1b8 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -14,7 +14,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: dnssec-keyfromlabel.c,v 1.4.50.2 2010-01-15 23:47:31 tbox Exp $ */

+/* $Id: dnssec-keyfromlabel.c,v 1.4.50.4 2011-03-12 04:57:22 tbox Exp $ */

/*! \file */

@@ -297,6 +297,9 @@ main(int argc, char **argv) {

if (ret == ISC_R_SUCCESS) {

isc_buffer_clear(&buf);

ret = dst_key_buildfilename(key, 0, NULL, &buf);

+ if (ret != ISC_R_SUCCESS)

+ fatal("dst_key_buildfilename returned: %s\n",

+ isc_result_totext(ret));

fprintf(stderr, "%s: %s already exists\n",

program, filename);

dst_key_free(&key);

@@ -313,6 +316,9 @@ main(int argc, char **argv) {

isc_buffer_clear(&buf);

ret = dst_key_buildfilename(key, 0, NULL, &buf);

+ if (ret != ISC_R_SUCCESS)

+ fatal("dst_key_buildfilename returned: %s\n",

+ isc_result_totext(ret));

printf("%s\n", filename);

dst_key_free(&key);

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 21841227d439..c469a7d1b52d 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -29,7 +29,7 @@

* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-/* $Id: dnssec-keygen.c,v 1.81.48.2 2010-01-15 23:47:31 tbox Exp $ */

+/* $Id: dnssec-keygen.c,v 1.81.48.4 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -513,10 +513,11 @@ main(int argc, char **argv) {

if (verbose > 0) {

isc_buffer_clear(&buf);

ret = dst_key_buildfilename(key, 0, NULL, &buf);

- fprintf(stderr,

- "%s: %s already exists, "

- "generating a new key\n",

- program, filename);

+ if (ret == ISC_R_SUCCESS)

+ fprintf(stderr,

+ "%s: %s already exists, "

+ "generating a new key\n",

+ program, filename);

}

dst_key_free(&key);

}

@@ -537,6 +538,9 @@ main(int argc, char **argv) {

isc_buffer_clear(&buf);

ret = dst_key_buildfilename(key, 0, NULL, &buf);

+ if (ret != ISC_R_SUCCESS)

+ fatal("dst_key_buildfilename returned: %s\n",

+ isc_result_totext(ret));

printf("%s\n", filename);

dst_key_free(&key);

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index b8f4d664b6da..9feb192de592 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -29,7 +29,7 @@

* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-/* $Id: dnssec-signzone.c,v 1.209.12.20 2010-06-03 23:47:48 tbox Exp $ */

+/* $Id: dnssec-signzone.c,v 1.209.12.24 2011-05-07 00:23:50 each Exp $ */

/*! \file */

@@ -495,8 +495,8 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,

if (!expired)

keep = ISC_TRUE;

} else if (issigningkey(key)) {

- if (!expired && setverifies(name, set, key, &sigrdata))

- {

+ if (!expired && rrsig.originalttl == set->ttl &&

+ setverifies(name, set, key, &sigrdata)) {

vbprintf(2, "\trrsig by %s retained\n", sigstr);

keep = ISC_TRUE;

wassignedby[key->position] = ISC_TRUE;

@@ -504,15 +504,15 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,

key->wasused = ISC_TRUE;

} else {

vbprintf(2, "\trrsig by %s dropped - %s\n",

- sigstr,

- expired ? "expired" :

- "failed to verify");

+ sigstr, expired ? "expired" :

+ rrsig.originalttl != set->ttl ?

+ "ttl change" : "failed to verify");

wassignedby[key->position] = ISC_TRUE;

resign = ISC_TRUE;

}

} else if (iszonekey(key)) {

- if (!expired && setverifies(name, set, key, &sigrdata))

- {

+ if (!expired && rrsig.originalttl == set->ttl &&

+ setverifies(name, set, key, &sigrdata)) {

vbprintf(2, "\trrsig by %s retained\n", sigstr);

keep = ISC_TRUE;

wassignedby[key->position] = ISC_TRUE;

@@ -520,9 +520,9 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,

key->wasused = ISC_TRUE;

} else {

vbprintf(2, "\trrsig by %s dropped - %s\n",

- sigstr,

- expired ? "expired" :

- "failed to verify");

+ sigstr, expired ? "expired" :

+ rrsig.originalttl != set->ttl ?

+ "ttl change" : "failed to verify");

wassignedby[key->position] = ISC_TRUE;

}

} else if (!expired) {

@@ -1358,6 +1358,13 @@ verifyset(dns_rdataset_t *rdataset, dns_name_t *name, dns_dbnode_t *node,

dns_rdataset_current(&sigrdataset, &rdata);

dns_rdata_tostruct(&rdata, &sig, NULL);

+ if (rdataset->ttl != sig.originalttl) {

+ dns_name_format(name, namebuf, sizeof(namebuf));

+ type_format(rdataset->type, typebuf, sizeof(typebuf));

+ fprintf(stderr, "TTL mismatch for %s %s keytag %u\n",

+ namebuf, typebuf, sig.keyid);

+ continue;

+ }

if ((set_algorithms[sig.algorithm] != 0) ||

(ksk_algorithms[sig.algorithm] == 0))

continue;

@@ -1438,7 +1445,6 @@ verifyzone(void) {

isc_boolean_t done = ISC_FALSE;

isc_boolean_t first = ISC_TRUE;

isc_boolean_t goodksk = ISC_FALSE;

- isc_boolean_t goodzsk = ISC_FALSE;

isc_result_t result;

unsigned char revoked[256];

unsigned char standby[256];

@@ -1532,7 +1538,6 @@ verifyzone(void) {

#endif

if (zsk_algorithms[dnskey.algorithm] != 255)

zsk_algorithms[dnskey.algorithm]++;

- goodzsk = ISC_TRUE;

} else {

if (zsk_algorithms[dnskey.algorithm] != 255)

zsk_algorithms[dnskey.algorithm]++;

@@ -2126,6 +2131,7 @@ addnsec3param(const unsigned char *salt, size_t salt_length,

result = dns_rdata_fromstruct(&rdata, gclass,

dns_rdatatype_nsec3param,

&nsec3param, &b);

+ check_result(result, "dns_rdata_fromstruct()");

rdatalist.rdclass = rdata.rdclass;

rdatalist.type = rdata.type;

rdatalist.covers = 0;

@@ -3450,6 +3456,8 @@ main(int argc, char *argv[]) {

nokeys = ISC_TRUE;

}

+ warnifallksk(gdb);

if (IS_NSEC3) {

unsigned int max;

result = dns_nsec3_maxiterations(gdb, NULL, mctx, &max);

@@ -3459,8 +3467,6 @@ main(int argc, char *argv[]) {

"strength. Maximum iterations allowed %u.", max);

}

- warnifallksk(gdb);

gversion = NULL;

result = dns_db_newversion(gdb, &gversion);

check_result(result, "dns_db_newversion()");

diff --git a/bin/named/client.c b/bin/named/client.c
index 6236d27f28a0..c5d04af69f3a 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: client.c,v 1.259.12.5 2010-09-24 08:30:27 tbox Exp $ */

+/* $Id: client.c,v 1.259.12.7 2011-05-06 23:45:55 tbox Exp $ */

#include <config.h>

@@ -633,6 +633,7 @@ ns_client_endrequest(ns_client_t *client) {

dns_message_puttemprdataset(client->message, &client->opt);

}

+ client->signer = NULL;

client->udpsize = 512;

client->extflags = 0;

client->ednsversion = -1;

@@ -2087,6 +2088,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {

client->next = NULL;

client->shutdown = NULL;

client->shutdown_arg = NULL;

+ client->signer = NULL;

dns_name_init(&client->signername, NULL);

client->mortal = ISC_FALSE;

client->tcpquota = NULL;

diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 16d375b0083a..a055cb281f93 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: controlconf.c,v 1.60 2008-07-23 23:27:54 marka Exp $ */

+/* $Id: controlconf.c,v 1.60.70.2 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -859,7 +859,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {

cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,

"secret for key '%s' on command channel: %s",

keyid->keyname, isc_result_totext(result));

- CHECK(result);

+ goto cleanup;

}

keyid->secret.length = isc_buffer_usedlength(&b);

diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index fad32137f6df..4d5c4675c366 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: interfacemgr.c,v 1.93.70.2 2009-01-18 23:47:34 tbox Exp $ */

+/* $Id: interfacemgr.c,v 1.93.70.4 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -379,7 +379,7 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,

}

*ifpret = ifp;

- return (ISC_R_SUCCESS);

+ return (result);

cleanup_interface:

ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);

@@ -964,7 +964,6 @@ isc_boolean_t

ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) {

isc_sockaddr_t *old;

- old = ISC_LIST_HEAD(mgr->listenon);

for (old = ISC_LIST_HEAD(mgr->listenon);

old != NULL;

old = ISC_LIST_NEXT(old, link))

diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index 8ae55ff7c54e..d265eaa3d95b 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,12 +15,13 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: logconf.c,v 1.42 2007-06-19 23:46:59 tbox Exp $ */

+/* $Id: logconf.c,v 1.42.334.4 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

#include <config.h>

+#include <isc/file.h>

#include <isc/offset.h>

#include <isc/result.h>

#include <isc/stdio.h>

@@ -130,7 +131,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {

}

type = ISC_LOG_TONULL;

if (fileobj != NULL) {

const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");

const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");

@@ -140,7 +141,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {

isc_offset_t size = 0;

type = ISC_LOG_TOFILE;

if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))

versions = cfg_obj_asuint32(versionsobj);

if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&

@@ -219,26 +220,38 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {

if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {

FILE *fp;

- /*

- * Test that the file can be opened, since isc_log_open()

- * can't effectively report failures when called in

- * isc_log_doit().

- */

- result = isc_stdio_open(dest.file.name, "a", &fp);

- if (result != ISC_R_SUCCESS)

- isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,

- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,

- "logging channel '%s' file '%s': %s",

- channelname, dest.file.name,

- isc_result_totext(result));

- else

- (void)isc_stdio_close(fp);

- * Allow named to continue by returning success.

- */

- result = ISC_R_SUCCESS;

+ * Test to make sure that file is a plain file.

+ * Fix defect #22771

+ */

+ result = isc_file_isplainfile(dest.file.name);

+ if (result == ISC_R_SUCCESS ||

+ result == ISC_R_FILENOTFOUND) {

+ /*

+ * Test that the file can be opened, since

+ * isc_log_open() can't effectively report

+ * failures when called in

+ * isc_log_doit().

+ */

+ result = isc_stdio_open(dest.file.name, "a", &fp);

+ if (result != ISC_R_SUCCESS) {

+ syslog(LOG_ERR,

+ "isc_stdio_open '%s' failed: %s",

+ dest.file.name,

+ isc_result_totext(result));

+ fprintf(stderr,

+ "isc_stdio_open '%s' failed: %s",

+ dest.file.name,

+ isc_result_totext(result));

+ } else

+ (void)isc_stdio_close(fp);

+ } else {

+ syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",

+ dest.file.name, isc_result_totext(result));

+ fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",

+ dest.file.name, isc_result_totext(result));

+ }

}

return (result);

diff --git a/bin/named/main.c b/bin/named/main.c
index a1d94fff80d5..d638ed62ce0e 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: main.c,v 1.166.34.7 2010-09-15 12:16:49 marka Exp $ */

+/* $Id: main.c,v 1.166.34.9 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -484,6 +484,7 @@ parse_command_line(int argc, char *argv[]) {

argc -= isc_commandline_index;

argv += isc_commandline_index;

+ POST(argv);

if (argc > 0) {

usage();

diff --git a/bin/named/query.c b/bin/named/query.c
index fa34da6e28c0..e6637dfacfe4 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: query.c,v 1.313.20.24 2010-09-24 08:09:07 marka Exp $ */

+/* $Id: query.c,v 1.313.20.27 2011-03-19 09:47:54 marka Exp $ */

/*! \file */

@@ -1511,6 +1511,7 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {

need_addname = ISC_FALSE;

zone = NULL;

needadditionalcache = ISC_FALSE;

+ POST(needadditionalcache);

additionaltype = dns_rdatasetadditional_fromauth;

dns_name_init(&cfname, NULL);

@@ -4583,18 +4584,19 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)

goto cleanup;

}

result = dns_name_concatenate(prefix, tname, fname, NULL);

+ /*

+ * RFC2672, section 4.1, subsection 3c says

+ * we should return YXDOMAIN if the constructed

+ * name would be too long.

+ */

+ if (result == DNS_R_NAMETOOLONG)

+ client->message->rcode = dns_rcode_yxdomain;

if (result != ISC_R_SUCCESS) {

dns_message_puttempname(client->message, &tname);

- if (result == ISC_R_NOSPACE) {

- /*

- * RFC2672, section 4.1, subsection 3c says

- * we should return YXDOMAIN if the constructed

- * name would be too long.

- */

- client->message->rcode = dns_rcode_yxdomain;

- }

goto cleanup;

}

query_keepname(client, fname, dbuf);

* Synthesize a CNAME for this DNAME.

diff --git a/bin/named/server.c b/bin/named/server.c
index bc7fc17c3296..3aeaf27e098d 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: server.c,v 1.520.12.21 2011-01-14 23:45:49 tbox Exp $ */

+/* $Id: server.c,v 1.520.12.23 2011-03-11 10:49:51 marka Exp $ */

/*! \file */

@@ -543,18 +543,13 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,

int af, dns_dispatch_t **dispatchp,

isc_boolean_t is_firstview)

{

- isc_result_t result;

+ isc_result_t result = ISC_R_FAILURE;

dns_dispatch_t *disp;

isc_sockaddr_t sa;

unsigned int attrs, attrmask;

const cfg_obj_t *obj = NULL;

unsigned int maxdispatchbuffers;

- /*

- * Make compiler happy.

- */

- result = ISC_R_FAILURE;

switch (af) {

case AF_INET:

result = ns_config_get(maps, "query-source", &obj);

@@ -1033,7 +1028,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

isc_uint32_t lame_ttl;

dns_tsig_keyring_t *ring;

dns_view_t *pview = NULL; /* Production view */

- isc_mem_t *cmctx;

+ isc_mem_t *cmctx = NULL, *hmctx = NULL;

dns_dispatch_t *dispatch4 = NULL;

dns_dispatch_t *dispatch6 = NULL;

isc_boolean_t reused_cache = ISC_FALSE;

@@ -1056,8 +1051,6 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

REQUIRE(DNS_VIEW_VALID(view));

- cmctx = NULL;

if (config != NULL)

(void)cfg_map_get(config, "options", &options);

@@ -1082,6 +1075,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

sep = "";

viewname = "";

forview = "";

+ POST(forview);

}

@@ -1292,10 +1286,22 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

dns_view_detach(&pview);

}

if (cache == NULL) {

+ /*

+ * Create a cache.

+ *

+ * We use two separate memory contexts for the

+ * cache, for the main cache memory and the heap

+ * memory.

+ */

CHECK(isc_mem_create(0, 0, &cmctx));

- CHECK(dns_cache_create(cmctx, ns_g_taskmgr, ns_g_timermgr,

- view->rdclass, "rbt", 0, NULL, &cache));

isc_mem_setname(cmctx, "cache", NULL);

+ CHECK(isc_mem_create(0, 0, &hmctx));

+ isc_mem_setname(hmctx, "cache_heap", NULL);

+ CHECK(dns_cache_create3(cmctx, hmctx, ns_g_taskmgr,

+ ns_g_timermgr, view->rdclass,

+ NULL, "rbt", 0, NULL, &cache));

+ isc_mem_detach(&cmctx);

+ isc_mem_detach(&hmctx);

}

dns_view_setcache(view, cache);

@@ -2029,6 +2035,8 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,

dns_order_detach(&order);

if (cmctx != NULL)

isc_mem_detach(&cmctx);

+ if (hmctx != NULL)

+ isc_mem_detach(&hmctx);

if (cache != NULL)

dns_cache_detach(&cache);

@@ -2260,6 +2268,7 @@ create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,

classobj = cfg_tuple_get(vconfig, "class");

result = ns_config_getclass(classobj, dns_rdataclass_in,

&viewclass);

+ INSIST(result == ISC_R_SUCCESS);

} else {

viewname = "_default";

viewclass = dns_rdataclass_in;

@@ -3016,7 +3025,7 @@ load_configuration(const char *filename, ns_server_t *server,

if (result == ISC_R_SUCCESS)

maps[i++] = options;

maps[i++] = ns_g_defaults;

- maps[i++] = NULL;

+ maps[i] = NULL;

* Set process limits, which (usually) needs to be done as root.

@@ -3217,11 +3226,10 @@ load_configuration(const char *filename, ns_server_t *server,

if (options != NULL)

(void)cfg_map_get(options, "listen-on", &clistenon);

if (clistenon != NULL) {

- result = ns_listenlist_fromconfig(clistenon,

- config,

- &aclconfctx,

- ns_g_mctx,

- &listenon);

+ /* check return code? */

+ (void)ns_listenlist_fromconfig(clistenon, config,

+ &aclconfctx, ns_g_mctx,

+ &listenon);

} else if (!ns_g_lwresdonly) {

* Not specified, use default.

@@ -3245,11 +3253,10 @@ load_configuration(const char *filename, ns_server_t *server,

if (options != NULL)

(void)cfg_map_get(options, "listen-on-v6", &clistenon);

if (clistenon != NULL) {

- result = ns_listenlist_fromconfig(clistenon,

- config,

- &aclconfctx,

- ns_g_mctx,

- &listenon);

+ /* check return code? */

+ (void)ns_listenlist_fromconfig(clistenon, config,

+ &aclconfctx, ns_g_mctx,

+ &listenon);

} else if (!ns_g_lwresdonly) {

isc_boolean_t enable;

@@ -3875,8 +3882,8 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {

void

ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {

isc_result_t result;

ns_server_t *server = isc_mem_get(mctx, sizeof(*server));

if (server == NULL)

fatal("allocating server object", ISC_R_NOMEMORY);

@@ -4596,7 +4603,6 @@ ns_server_dumpstats(ns_server_t *server) {

"could not open statistics dump file", server->statsfile);

result = ns_stats_dump(server, fp);

- CHECK(result);

cleanup:

if (fp != NULL)

@@ -4776,6 +4782,7 @@ dumpdone(void *arg, isc_result_t result) {

fprintf(dctx->fp, "; %s\n",

dns_result_totext(result));

result = ISC_R_SUCCESS;

+ POST(result);

goto nextzone;

}

if (result != ISC_R_SUCCESS)

diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index c77d3ca1bfeb..959ebd913b60 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -14,7 +14,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: statschannel.c,v 1.14.64.11 2010-02-04 23:47:46 tbox Exp $ */

+/* $Id: statschannel.c,v 1.14.64.13 2011-03-12 04:57:23 tbox Exp $ */

/*! \file */

@@ -637,7 +637,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {

static void

opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {

- FILE *fp = arg;

+ FILE *fp;

isc_buffer_t b;

char codebuf[64];

stats_dumparg_t *dumparg = arg;

diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 3f07784fcb82..efcce88c395f 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: os.c,v 1.89.12.5 2009-03-02 03:03:54 marka Exp $ */

+/* $Id: os.c,v 1.89.12.7 2011-02-21 23:45:48 tbox Exp $ */

/*! \file */

@@ -838,7 +838,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {

isc_buffer_availablelength(text),

"pid: %ld", (long)pid);

/* Only send a message if it is complete. */

- if (n < isc_buffer_availablelength(text))

+ if (n > 0 && n < isc_buffer_availablelength(text))

isc_buffer_add(text, n);

}

diff --git a/bin/named/update.c b/bin/named/update.c
index 1504a44b5ad0..a96a43035a60 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: update.c,v 1.151.12.11 2010-02-26 23:48:43 tbox Exp $ */

+/* $Id: update.c,v 1.151.12.16 2011-03-26 00:47:01 each Exp $ */

#include <config.h>

@@ -1646,7 +1646,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

{

isc_result_t result;

dns_dbiterator_t *dbit = NULL;

- isc_boolean_t has_nsec;

+ isc_boolean_t has_nsec = ISC_FALSE;

unsigned int wraps = 0;

isc_boolean_t secure = dns_db_issecure(db);

@@ -2406,7 +2406,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

CHECK(add_placeholder_nsec(db, newver, name,

diff));

CHECK(add_exposed_sigs(client, zone, db, newver, name,

- cut, diff, zone_keys, nkeys,

+ cut, &sig_diff, zone_keys, nkeys,

inception, expire, check_ksk));

}

@@ -2567,7 +2567,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

&nsec_diff));

} else {

CHECK(add_exposed_sigs(client, zone, db, newver, name,

- cut, diff, zone_keys, nkeys,

+ cut, &sig_diff, zone_keys, nkeys,

inception, expire, check_ksk));

CHECK(dns_nsec3_addnsec3s(db, newver, name, nsecttl,

unsecure, &nsec_diff));

@@ -3094,8 +3094,7 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,

* Extract NSEC3PARAM tuples from list.

for (tuple = ISC_LIST_HEAD(diff->tuples);

- tuple != NULL;

- tuple = next) {

+ tuple != NULL; tuple = next) {

next = ISC_LIST_NEXT(tuple, link);

@@ -3256,7 +3255,7 @@ static isc_result_t

add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,

dns_rdatatype_t privatetype, dns_diff_t *diff)

{

- dns_difftuple_t *tuple, *newtuple = NULL;

+ dns_difftuple_t *tuple, *newtuple = NULL, *next;

dns_rdata_dnskey_t dnskey;

dns_rdata_t rdata = DNS_RDATA_INIT;

isc_boolean_t flag;

@@ -3264,13 +3263,81 @@ add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,

isc_result_t result = ISC_R_SUCCESS;

isc_uint16_t keyid;

unsigned char buf[5];

+ dns_diff_t temp_diff;

+ dns_diff_init(diff->mctx, &temp_diff);

+ /*

+ * Extract the DNSKEY tuples from the list.

+ */

for (tuple = ISC_LIST_HEAD(diff->tuples);

- tuple != NULL;

- tuple = ISC_LIST_NEXT(tuple, link)) {

+ tuple != NULL; tuple = next) {

+ next = ISC_LIST_NEXT(tuple, link);

if (tuple->rdata.type != dns_rdatatype_dnskey)

continue;

+ ISC_LIST_UNLINK(diff->tuples, tuple, link);

+ ISC_LIST_APPEND(temp_diff.tuples, tuple, link);

+ }

+ /*

+ * Extract TTL changes pairs, we don't need signing records for these.

+ */

+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);

+ tuple != NULL; tuple = next) {

+ if (tuple->op == DNS_DIFFOP_ADD) {

+ /*

+ * Walk the temp_diff list looking for the

+ * corresponding delete.

+ */

+ next = ISC_LIST_HEAD(temp_diff.tuples);

+ while (next != NULL) {

+ unsigned char *next_data = next->rdata.data;

+ unsigned char *tuple_data = tuple->rdata.data;

+ if (next->op == DNS_DIFFOP_DEL &&

+ dns_name_equal(&tuple->name, &next->name) &&

+ next->rdata.length == tuple->rdata.length &&

+ !memcmp(next_data, tuple_data,

+ next->rdata.length)) {

+ ISC_LIST_UNLINK(temp_diff.tuples, next,

+ link);

+ ISC_LIST_APPEND(diff->tuples, next,

+ link);

+ break;

+ }

+ next = ISC_LIST_NEXT(next, link);

+ }

+ /*

+ * If we have not found a pair move onto the next

+ * tuple.

+ */

+ if (next == NULL) {

+ next = ISC_LIST_NEXT(tuple, link);

+ continue;

+ }

+ /*

+ * Find the next tuple to be processed before

+ * unlinking then complete moving the pair to 'diff'.

+ */

+ next = ISC_LIST_NEXT(tuple, link);

+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);

+ ISC_LIST_APPEND(diff->tuples, tuple, link);

+ } else

+ next = ISC_LIST_NEXT(tuple, link);

+ }

+ /*

+ * Process the remaining DNSKEY entries.

+ */

+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);

+ tuple != NULL;

+ tuple = ISC_LIST_HEAD(temp_diff.tuples)) {

+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);

+ ISC_LIST_APPEND(diff->tuples, tuple, link);

dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);

if ((dnskey.flags &

(DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))

@@ -3310,7 +3377,9 @@ add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,

INSIST(newtuple == NULL);

}

failure:

+ dns_diff_clear(&temp_diff);

return (result);

}

@@ -3558,7 +3627,6 @@ update_action(isc_task_t *task, isc_event_t *event) {

* Check Requestor's Permissions. It seems a bit silly to do this

* only after prerequisite testing, but that is what RFC2136 says.

- result = ISC_R_SUCCESS;

if (ssutable == NULL)

CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),

"update", zonename, ISC_FALSE, ISC_FALSE));

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 367ddd320d2c..a93adbdceada 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: zoneconf.c,v 1.147.50.2 2009-01-29 23:47:44 tbox Exp $ */

+/* $Id: zoneconf.c,v 1.147.50.5 2011-03-12 04:57:24 tbox Exp $ */

/*% */

@@ -119,7 +119,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,

/* First check to see if ACL is defined within the zone */

if (zconfig != NULL) {

maps[0] = cfg_tuple_get(zconfig, "options");

- ns_config_get(maps, aclname, &aclobj);

+ (void)ns_config_get(maps, aclname, &aclobj);

if (aclobj != NULL) {

aclp = NULL;

goto parse_acl;

@@ -144,7 +144,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,

maps[i++] = ns_g_defaults;

maps[i] = NULL;

- result = ns_config_get(maps, aclname, &aclobj);

+ (void)ns_config_get(maps, aclname, &aclobj);

if (aclobj == NULL) {

(*clearzacl)(zone);

return (ISC_R_SUCCESS);

@@ -331,7 +331,7 @@ zonetype_fromconfig(const cfg_obj_t *map) {

isc_result_t result;

result = cfg_map_get(map, "type", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

return (ns_config_getzonetype(obj));

}

@@ -395,7 +395,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,

INSIST(0);

}

result = ns_checknames_get(maps, zone, objp);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);

}

isc_result_t

@@ -449,7 +449,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

maps[i++] = options;

}

maps[i++] = ns_g_defaults;

- maps[i++] = NULL;

+ maps[i] = NULL;

if (vconfig != NULL)

RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),

@@ -538,7 +538,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "dialup", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (cfg_obj_isboolean(obj)) {

if (cfg_obj_asboolean(obj))

dialup = dns_dialuptype_yes;

@@ -561,7 +561,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "zone-statistics", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

zonestats_on = cfg_obj_asboolean(obj);

zoneqrystats = NULL;

if (zonestats_on) {

@@ -580,7 +580,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

if (ztype != dns_zone_stub) {

obj = NULL;

result = ns_config_get(maps, "notify", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (cfg_obj_isboolean(obj)) {

if (cfg_obj_asboolean(obj))

notifytype = dns_notifytype_yes;

@@ -616,19 +616,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "notify-source", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "notify-source-v6", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "notify-to-soa", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,

cfg_obj_asboolean(obj));

@@ -641,17 +641,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "max-transfer-time-out", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-transfer-idle-out", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-journal-size", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setjournalsize(zone, -1);

if (cfg_obj_isstring(obj)) {

const char *str = cfg_obj_asstring(obj);

@@ -675,13 +675,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "ixfr-from-differences", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (cfg_obj_isboolean(obj))

ixfrdiff = cfg_obj_asboolean(obj);

- else if (strcasecmp(cfg_obj_asstring(obj), "master") &&

+ else if (!strcasecmp(cfg_obj_asstring(obj), "master") &&

ztype == dns_zone_master)

ixfrdiff = ISC_TRUE;

- else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&

+ else if (!strcasecmp(cfg_obj_asstring(obj), "slave") &&

ztype == dns_zone_slave)

ixfrdiff = ISC_TRUE;

else

@@ -704,23 +704,23 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "notify-delay", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "check-sibling", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,

cfg_obj_asboolean(obj));

obj = NULL;

result = ns_config_get(maps, "zero-no-soa-ttl", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));

obj = NULL;

result = ns_config_get(maps, "nsec3-test-zone", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,

cfg_obj_asboolean(obj));

}

@@ -748,7 +748,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "sig-validity-interval", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

{

const cfg_obj_t *validity, *resign;

@@ -785,22 +785,22 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "sig-signing-signatures", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setsignatures(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "sig-signing-nodes", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setnodes(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "sig-signing-type", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "update-check-ksk", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,

cfg_obj_asboolean(obj));

@@ -826,7 +826,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "check-mx", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

fail = ISC_FALSE;

check = ISC_TRUE;

@@ -841,13 +841,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "check-integrity", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,

cfg_obj_asboolean(obj));

obj = NULL;

result = ns_config_get(maps, "check-mx-cname", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

warn = ISC_TRUE;

ignore = ISC_FALSE;

@@ -862,7 +862,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

obj = NULL;

result = ns_config_get(maps, "check-srv-cname", &obj);

- INSIST(obj != NULL);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {

warn = ISC_TRUE;

ignore = ISC_FALSE;

@@ -884,7 +884,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

case dns_zone_stub:

count = 0;

obj = NULL;

- result = cfg_map_get(zoptions, "masters", &obj);

+ (void)cfg_map_get(zoptions, "masters", &obj);

if (obj != NULL) {

addrs = NULL;

keynames = NULL;

@@ -903,61 +903,61 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,

if (count > 1) {

obj = NULL;

result = ns_config_get(maps, "multi-master", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

multi = cfg_obj_asboolean(obj);

}

dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);

obj = NULL;

result = ns_config_get(maps, "max-transfer-time-in", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-transfer-idle-in", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);

obj = NULL;

result = ns_config_get(maps, "max-refresh-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "min-refresh-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "max-retry-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "min-retry-time", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));

obj = NULL;

result = ns_config_get(maps, "transfer-source", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "transfer-source-v6", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));

ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));

obj = NULL;

result = ns_config_get(maps, "alt-transfer-source", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));

obj = NULL;

result = ns_config_get(maps, "alt-transfer-source-v6", &obj);

- INSIST(result == ISC_R_SUCCESS);

+ INSIST(result == ISC_R_SUCCESS && obj != NULL);

RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));

obj = NULL;

diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index d9ee4884a604..215acd1b579c 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: nsupdate.c,v 1.163.48.15 2010-12-09 04:30:57 tbox Exp $ */

+/* $Id: nsupdate.c,v 1.163.48.18 2011-05-23 22:24:12 each Exp $ */

/*! \file */

@@ -617,8 +617,10 @@ setup_keyfile(void) {

keyfile, isc_result_totext(result));

return;

}

- } else

+ } else {

dst_key_attach(dstkey, &sig0key);

+ dst_key_free(&dstkey);

+ }

}

static void

@@ -2145,6 +2147,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {

}

check_result(result, "dns_request_getresponse");

section = DNS_SECTION_ANSWER;

+ POST(section);

if (debugging)

show_message(stderr, rcvmsg, "Reply from SOA query:");

@@ -2706,6 +2709,9 @@ cleanup(void) {

}

#endif

+ if (sig0key != NULL)

+ dst_key_free(&sig0key);

ddebug("Shutting down task manager");

isc_taskmgr_destroy(&taskmgr);

diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 133103e3dc73..4b8bb2a53b07 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and/or distribute this software for any

@@ -15,7 +15,7 @@

* PERFORMANCE OF THIS SOFTWARE.

-/* $Id: rndc.c,v 1.122.44.2 2009-01-18 23:47:35 tbox Exp $ */

+/* $Id: rndc.c,v 1.122.44.4 2011-02-03 12:16:44 tbox Exp $ */

/*! \file */

@@ -92,7 +92,7 @@ static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task);

static void

usage(int status) {

fprintf(stderr, "\

-Usage: %s [-c config] [-s server] [-p port]\n\

+Usage: %s [-b address] [-c config] [-s server] [-p port]\n\

[-k key-file ] [-y key] [-V] command\n\

\n\

command is one of the following:\n\