From 5a8535ebc54722c001f33a4a554eb4d5ad331e0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 14 Sep 2022 14:32:42 +0200 Subject: [PATCH] Have dns_zt_apply lock the zone table There where a number of places where the zone table should have been locked, but wasn't, when dns_zt_apply was called. Added a isc_rwlocktype_t type parameter to dns_zt_apply and adjusted all calls to using it. Removed locks in callers. Backported and modified upstream commit e5068a7e24d7ace5ed7e8fdd3ff789dcc4c10fe8 Resolves: rhbz#2101712 --- bind-9.16-rh2101712.patch | 194 ++++++++++++++++++++++++++++++++++++++ bind.spec | 8 +- 2 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 bind-9.16-rh2101712.patch diff --git a/bind-9.16-rh2101712.patch b/bind-9.16-rh2101712.patch new file mode 100644 index 0000000..4ad2c6b --- /dev/null +++ b/bind-9.16-rh2101712.patch @@ -0,0 +1,194 @@ +From 37ba012cf603f126f31ff7647d6ee4f6fe708e8f Mon Sep 17 00:00:00 2001 +From: Mark Andrews +Date: Wed, 24 Aug 2022 12:21:50 +1000 +Subject: [PATCH] Have dns_zt_apply lock the zone table + +There where a number of places where the zone table should have +been locked, but wasn't, when dns_zt_apply was called. + +Added a isc_rwlocktype_t type parameter to dns_zt_apply and adjusted +all calls to using it. Removed locks in callers. + +Modified upstream commit for v9_16 +--- + bin/named/server.c | 12 +++++++----- + bin/named/statschannel.c | 12 +++++++----- + lib/dns/include/dns/zt.h | 3 ++- + lib/dns/tests/zt_test.c | 4 ++-- + lib/dns/view.c | 3 ++- + lib/dns/zt.c | 21 ++++++++++----------- + 6 files changed, 30 insertions(+), 25 deletions(-) + +diff --git a/bin/named/server.c b/bin/named/server.c +index 860ccae..c2a5887 100644 +--- a/bin/named/server.c ++++ b/bin/named/server.c +@@ -9458,7 +9458,8 @@ cleanup: + if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") != 0) + { + dns_view_setviewrevert(view); +- (void)dns_zt_apply(view->zonetable, false, NULL, ++ (void)dns_zt_apply(view->zonetable, ++ isc_rwlocktype_read, false, NULL, + removed, view); + } + dns_view_detach(&view); +@@ -10901,8 +10902,8 @@ add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) { + ISC_LIST_INIT(vle->zonelist); + ISC_LIST_APPEND(dctx->viewlist, vle, link); + if (dctx->dumpzones) { +- result = dns_zt_apply(view->zonetable, true, NULL, +- add_zone_tolist, dctx); ++ result = dns_zt_apply(view->zonetable, isc_rwlocktype_read, ++ true, NULL, add_zone_tolist, dctx); + } + return (result); + } +@@ -12248,8 +12249,9 @@ named_server_sync(named_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { + for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; + view = ISC_LIST_NEXT(view, link)) + { +- result = dns_zt_apply(view->zonetable, false, NULL, +- synczone, &cleanup); ++ result = dns_zt_apply(view->zonetable, ++ isc_rwlocktype_none, false, ++ NULL, synczone, &cleanup); + if (result != ISC_R_SUCCESS && tresult == ISC_R_SUCCESS) + { + tresult = result; +diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c +index 8ff2567..832ce93 100644 +--- a/bin/named/statschannel.c ++++ b/bin/named/statschannel.c +@@ -2296,8 +2296,9 @@ generatexml(named_server_t *server, uint32_t flags, int *buflen, + if ((flags & STATS_XML_ZONES) != 0) { + TRY0(xmlTextWriterStartElement(writer, + ISC_XMLCHAR "zones")); +- result = dns_zt_apply(view->zonetable, true, NULL, +- zone_xmlrender, writer); ++ result = dns_zt_apply(view->zonetable, ++ isc_rwlocktype_read, true, ++ NULL, zone_xmlrender, writer); + if (result != ISC_R_SUCCESS) { + goto error; + } +@@ -3069,9 +3070,10 @@ generatejson(named_server_t *server, size_t *msglen, const char **msg, + CHECKMEM(za); + + if ((flags & STATS_JSON_ZONES) != 0) { +- result = dns_zt_apply(view->zonetable, true, +- NULL, zone_jsonrender, +- za); ++ result = dns_zt_apply(view->zonetable, ++ isc_rwlocktype_read, ++ true, NULL, ++ zone_jsonrender, za); + if (result != ISC_R_SUCCESS) { + goto error; + } +diff --git a/lib/dns/include/dns/zt.h b/lib/dns/include/dns/zt.h +index 4a1b263..1c6c789 100644 +--- a/lib/dns/include/dns/zt.h ++++ b/lib/dns/include/dns/zt.h +@@ -168,7 +168,8 @@ dns_zt_freezezones(dns_zt_t *zt, dns_view_t *view, bool freeze); + */ + + isc_result_t +-dns_zt_apply(dns_zt_t *zt, bool stop, isc_result_t *sub, ++dns_zt_apply(dns_zt_t *zt, isc_rwlocktype_t lock, bool stop, ++ isc_result_t *sub, + isc_result_t (*action)(dns_zone_t *, void *), void *uap); + /*%< + * Apply a given 'action' to all zone zones in the table. +diff --git a/lib/dns/tests/zt_test.c b/lib/dns/tests/zt_test.c +index 7945a0b..bfacb94 100644 +--- a/lib/dns/tests/zt_test.c ++++ b/lib/dns/tests/zt_test.c +@@ -136,8 +136,8 @@ apply(void **state) { + assert_non_null(view->zonetable); + + assert_int_equal(nzones, 0); +- result = dns_zt_apply(view->zonetable, false, NULL, count_zone, +- &nzones); ++ result = dns_zt_apply(view->zonetable, isc_rwlocktype_read, false, ++ NULL, count_zone, &nzones); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(nzones, 1); + +diff --git a/lib/dns/view.c b/lib/dns/view.c +index 8c7e40a..dcb0f18 100644 +--- a/lib/dns/view.c ++++ b/lib/dns/view.c +@@ -704,7 +704,8 @@ dns_view_dialup(dns_view_t *view) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(view->zonetable != NULL); + +- (void)dns_zt_apply(view->zonetable, false, NULL, dialup, NULL); ++ (void)dns_zt_apply(view->zonetable, isc_rwlocktype_read, false, ++ NULL, dialup, NULL); + } + + void +diff --git a/lib/dns/zt.c b/lib/dns/zt.c +index 8ca9cd6..cb90950 100644 +--- a/lib/dns/zt.c ++++ b/lib/dns/zt.c +@@ -223,7 +223,8 @@ flush(dns_zone_t *zone, void *uap) { + static void + zt_destroy(dns_zt_t *zt) { + if (atomic_load_acquire(&zt->flush)) { +- (void)dns_zt_apply(zt, false, NULL, flush, NULL); ++ (void)dns_zt_apply(zt, isc_rwlocktype_none, false, NULL, ++ flush, NULL); + } + dns_rbt_destroy(&zt->table); + isc_rwlock_destroy(&zt->rwlock); +@@ -265,9 +266,8 @@ dns_zt_load(dns_zt_t *zt, bool stop, bool newonly) { + struct zt_load_params params; + REQUIRE(VALID_ZT(zt)); + params.newonly = newonly; +- RWLOCK(&zt->rwlock, isc_rwlocktype_read); +- result = dns_zt_apply(zt, stop, NULL, load, ¶ms); +- RWUNLOCK(&zt->rwlock, isc_rwlocktype_read); ++ result = dns_zt_apply(zt, isc_rwlocktype_read, stop, NULL, load, ++ ¶ms); + return (result); + } + +@@ -338,9 +338,8 @@ dns_zt_asyncload(dns_zt_t *zt, bool newonly, dns_zt_allloaded_t alldone, + zt->loaddone = alldone; + zt->loaddone_arg = arg; + +- RWLOCK(&zt->rwlock, isc_rwlocktype_read); +- result = dns_zt_apply(zt, false, NULL, asyncload, zt); +- RWUNLOCK(&zt->rwlock, isc_rwlocktype_read); ++ result = dns_zt_apply(zt, isc_rwlocktype_read, false, NULL, ++ asyncload, zt); + + /* + * Have all the loads completed? +@@ -386,9 +385,8 @@ dns_zt_freezezones(dns_zt_t *zt, dns_view_t *view, bool freeze) { + + REQUIRE(VALID_ZT(zt)); + +- RWLOCK(&zt->rwlock, isc_rwlocktype_read); +- result = dns_zt_apply(zt, false, &tresult, freezezones, ¶ms); +- RWUNLOCK(&zt->rwlock, isc_rwlocktype_read); ++ result = dns_zt_apply(zt, isc_rwlocktype_read, false, &tresult, ++ freezezones, ¶ms); + if (tresult == ISC_R_NOTFOUND) { + tresult = ISC_R_SUCCESS; + } +@@ -522,7 +520,8 @@ dns_zt_setviewrevert(dns_zt_t *zt) { + } + + isc_result_t +-dns_zt_apply(dns_zt_t *zt, bool stop, isc_result_t *sub, ++dns_zt_apply(dns_zt_t *zt, isc_rwlocktype_t lock, bool stop, ++ isc_result_t *sub, + isc_result_t (*action)(dns_zone_t *, void *), void *uap) { + dns_rbtnode_t *node; + dns_rbtnodechain_t chain; +-- +2.38.1 + diff --git a/bind.spec b/bind.spec index 54d88a5..a2952eb 100644 --- a/bind.spec +++ b/bind.spec @@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.16.23 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -111,6 +111,8 @@ Patch177:bind-9.16-CVE-2022-38178.patch # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6793 # https://gitlab.isc.org/isc-projects/bind9/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 Patch178:bind-9.16-CVE-2022-2795.patch +# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6695 +Patch179:bind-9.16-rh2101712.patch %{?systemd_ordering} Requires: coreutils @@ -418,6 +420,7 @@ in HTML and PDF format. %patch176 -p1 -b .CVE-2022-38177 %patch177 -p1 -b .CVE-2022-38178 %patch178 -p1 -b .CVE-2022-2795 +%patch179 -p1 -b .rh2101712 %if %{with PKCS11} %patch135 -p1 -b .config-pkcs11 @@ -1141,6 +1144,9 @@ fi; %endif %changelog +* Tue Oct 04 2022 Petr Menšík - 32:9.16.23-7 +- Prevent freeing zone during statistics rendering (#2101712) + * Tue Oct 04 2022 Petr Menšík - 32:9.16.23-6 - Bound the amount of work performed for delegations (CVE-2022-2795) - Add %_libdir/named to bind-chroot (#2129466)