Bug #38470 for bind9-public: [Patch] Bug in IF condition in lib/dns/adb.c:new

Wed, 28 Jan 2015 06:26:04 -0500 Tomas Hozza <thozza@redhat.com> - Ticket created

Subject:	Bug in IF condition in lib/dns/adb.c:new_adbentry()
Date:	Wed, 28 Jan 2015 12:25:59 +0100
To:	bind9-bugs@isc.org
From:	"Tomas Hozza" <thozza@redhat.com>

Hi. While backporting one fix into older RHEL I found a suspicious IF statement in the new_adbentry() function in lib/dns/adb.c. Note that this is from current master branch. ... if (!adb->growentries_sent && adb->growentries_sent && adb->entriescnt > (adb->nentries * 8)) { ... The "!adb->growentries_sent && adb->growentries_sent" will never be TRUE. Based on the following code, the IF statement should be ... if (!adb->growentries_sent && adb->entriescnt > (adb->nentries * 8)) { isc_event_t *event = &adb->growentries; inc_adb_irefcnt(adb); isc_task_send(adb->task, &event); adb->growentries_sent = ISC_TRUE; } ... The bug seems to be added by the following commit: From c965b1869024ab38518fade703cc1dae2d71a59e Mon Sep 17 00:00:00 2001 From: Mark Andrews <marka@isc.org> Date: Thu, 19 Jul 2012 23:00:21 +1000 Subject: [PATCH] 3353. [bug] Use a single task for task exclusive operations. [RT #29872] Patch is attached. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com

dead_code_new_adbentry.patch

Message body is not shown because sender requested not to inline it.

Wed, 28 Jan 2015 06:33:38 -0500 Tomas Hozza <thozza@redhat.com> - Correspondence added

Subject:	Re: [ISC-Bugs #38470] AutoReply: Bug in IF condition in lib/dns/adb.c:new_adbentry()
Date:	Wed, 28 Jan 2015 12:33:29 +0100
To:	bind9-bugs@isc.org
From:	"Tomas Hozza" <thozza@redhat.com>

On 01/28/2015 12:26 PM, BIND9 Bugs via RT wrote: > Greetings, > > This message was automatically generated to acknowledge receipt of > your recent email > "Bug in IF condition in lib/dns/adb.c:new_adbentry()", > and to let you know that we have opened a ticket for your request > (a summary of which appears below.) > > We do not need a further response from you, but if you do respond, > please include in the Subject of your reply the ID > '[ISC-Bugs #38470]' > so that we can match up your reply with our trouble ticket. > > What Happens Next > ================= > > Bug reports submitted to us in this manner are handled based on > perceived severity in relation to other bugs. We handle reports as > time permits so there is no guaranteed response time for these > reports. > > If you feel the issue you are reporting is a security issue, please > see http://www.isc.org/security/reporting-issues for details on how > to report it, including the PGP key you may use. > > If it is of a non-security yet still urgent matter, you may reply > to this message to add further information. > > > Other Support Options > ===================== > > If your organization requires more immediate attention, ISC offers > paid support options. Please see http://www.isc.org/services/support > for more information. > > If paid support is not an option, please consider making a donation > to ISC. We don't require a donation -- we will work on your report > just as quickly whether or not you can donate -- but we always need > and welcome community support. See http://www.isc.org/supportisc > > > Run a Supported Version > ======================= > > If you are not running a supported version of BIND, please upgrade. > Bug reports against unsupported versions of BIND are discouraged, > as your issue may have already been addressed. > > You can find the latest version of BIND here: > > https://www.isc.org/software/bind > > > For configuration help... > ========================= > > Questions regarding configuration or setup of BIND are addressed on > the bind-users list - to subscribe, visit: > > https://lists.isc.org/mailman/listinfo/bind-users > > > Thank you, > bind9-bugs@isc.org > > --------------------------------------------------------------------- > > Hi. > > While backporting one fix into older RHEL I found > a suspicious IF statement in the new_adbentry() function > in lib/dns/adb.c. Note that this is from current master branch. > > ... > if (!adb->growentries_sent && adb->growentries_sent && > adb->entriescnt > (adb->nentries * 8)) > { > ... > > The "!adb->growentries_sent && adb->growentries_sent" will > never be TRUE. > > Based on the following code, the IF statement should be > ... > if (!adb->growentries_sent && > adb->entriescnt > (adb->nentries * 8)) > { > isc_event_t *event = &adb->growentries; > inc_adb_irefcnt(adb); > isc_task_send(adb->task, &event); > adb->growentries_sent = ISC_TRUE; > } > ... > > The bug seems to be added by the following commit: > > From c965b1869024ab38518fade703cc1dae2d71a59e Mon Sep 17 00:00:00 2001 > From: Mark Andrews <marka@isc.org> > Date: Thu, 19 Jul 2012 23:00:21 +1000 > Subject: [PATCH] 3353. [bug] Use a single task for task exclusive > operations. [RT #29872] > > > Patch is attached. > > > Regards, > I just realized, based on the patch that introduced the issue, the new_adbentry() should also use the exclusive task when growing entries, so this is more likely the proper fix: diff --git a/lib/dns/adb.c b/lib/dns/adb.c index 51bac51..b94e309 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -1821,12 +1821,12 @@ new_adbentry(dns_adb_t *adb) { LOCK(&adb->entriescntlock); adb->entriescnt++; inc_adbstats(adb, dns_adbstats_entriescnt); - if (!adb->growentries_sent && adb->growentries_sent && + if (!adb->growentries_sent && adb->excl != NULL && adb->entriescnt > (adb->nentries * 8)) { isc_event_t *event = &adb->growentries; inc_adb_irefcnt(adb); - isc_task_send(adb->task, &event); + isc_task_send(adb->excl, &event); adb->growentries_sent = ISC_TRUE; } UNLOCK(&adb->entriescntlock); Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com

dead_code_new_adbentry-v2.patch

Message body is not shown because sender requested not to inline it.

Wed, 28 Jan 2015 13:42:37 -0500 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'new' to 'open'

Wed, 28 Jan 2015 13:42:37 -0500 Evan Hunt <Evan_Hunt@isc.org> - Queue changed from #6 to #7

Wed, 28 Jan 2015 19:48:17 -0500 Mark Andrews <marka@isc.org> - Taken

Wed, 28 Jan 2015 19:55:04 -0500 Mark Andrews <marka@isc.org> - Version Fixed 9.9.7,9.9.7(sub),9.10.2,9.11.0 added

Wed, 28 Jan 2015 19:55:04 -0500 Mark Andrews <marka@isc.org> - Correspondence added

4048. [bug] adb hash table was not being grown. [RT #38470]

Wed, 28 Jan 2015 19:55:05 -0500 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'resolved'

Wed, 28 Jan 2015 19:55:05 -0500 Mark Andrews <marka@isc.org> - Queue changed from #7 to #30

Wed, 28 Jan 2015 19:55:05 -0500 Mark Andrews <marka@isc.org> - Untaken

Tue, 02 Aug 2016 19:13:33 -0400 Vicky Risk <vicky@isc.org> - Subject changed from 'Bug in IF condition in lib/dns/adb.c:new_adbentry()' to '[Patch] Bug in IF condition in lib/dns/adb.c:new_adbentry()'

Tue, 02 Aug 2016 19:13:34 -0400 Vicky Risk <vicky@isc.org> - Severity S2 Normal added

Tue, 02 Aug 2016 19:13:34 -0400 Vicky Risk <vicky@isc.org> - Area bug added

Wed, 21 Jun 2017 14:36:25 -0400 Brian Conry <bconry@isc.org> - Queue changed from #30 to #6

Fri, 07 Jul 2017 19:59:52 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public

Thu, 03 Aug 2017 22:13:45 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.9.7,9.9.7(sub),9.10.2,9.11.0 changed to 9.9.7, 9.9.7-S1, 9.10.2, 9.11.0

Bug #38470 for bind9-public: [Patch] Bug in IF condition in lib/dns/adb.c:new_adbentry()

This bug tracker is no longer active.

Created:	Wed, 28 Jan 2015 06:26:04 -0500
Updated:	Thu, 03 Aug 2017 22:13:45 -0400
Closed:	Wed, 28 Jan 2015 19:55:05 -0500