Prevent name.c:670: REQUIRE((name1->attributes & 0x00000001) == (name2->attributes & 0x00000001)) failed

resume_qmin did not handle special case of recursing query hit unexpected DNS_R_CNAME result. Change result to SERVFAIL in case of a zone loaded after the recursion started. That prevents crashing later in query_setorder, where there is uninitialized foundname compared with absolute order names. https://gitlab.isc.org/isc-projects/bind9/-/issues/5357 Resolves: RHEL-30407
2025-06-10 15:34:02 +02:00 · 2025-06-10 15:34:02 +02:00 · bf3c76e9c3
commit bf3c76e9c3
parent 469e799820
2 changed files with 52 additions and 1 deletions
--- a/bind-9.21-resume-qmin-cname.patch
+++ b/bind-9.21-resume-qmin-cname.patch
@ -0,0 +1,44 @@
+From dc97bfa842b9f0d59db075bdcade599f3767f1ba Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Tue, 3 Jun 2025 21:00:58 +0200
+Subject: [PATCH] Handle CNAME and DNAME in resume_min in a special way
+
+When authoritative zone is loaded when query minimization query for the
+same zone is already pending, it might receive unexpected result codes.
+
+Normally DNS_R_CNAME would follow to query_cname after processing sent
+events, but dns_view_findzonecut does not fill CNAME target into
+event->foundevent. Usual lookup via query_lookup would always have that
+filled.
+
+Ideally we would restart the query with unmodified search name, if
+unexpected change from recursing to local zone cut were detected. Until
+dns_view_findzonecut is modified to export zone/cache source of the cut,
+at least fail queries which went into unexpected state.
+---
+ lib/dns/resolver.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index be1d735..ad0a1b8 100644
+--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
+@@ -4508,6 +4508,15 @@ resume_qmin(isc_task_t *task, isc_event_t *event) {
+ 	if (result == DNS_R_NXDOMAIN) {
+ 		result = DNS_R_SERVFAIL;
+ 	}
+	/*
+	 * CNAME or DNAME means zone were added with that record
+	 * after the start of query minimization queries. It means
+	 * we do not have initialized correct hevent->foundname
+	 * and have to fail.
+	 */
+	if (result == DNS_R_CNAME || result == DNS_R_DNAME) {
+		result = DNS_R_SERVFAIL;
+	}
+ 
+ 	if (result != ISC_R_SUCCESS) {
+ 		fctx_done(fctx, result, __LINE__);
+-- 
+2.49.0
+
--- a/bind.spec
+++ b/bind.spec
@ -56,7 +56,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.23
-Release:  28%{?dist}
+Release:  29%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -179,6 +179,10 @@ Patch214: bind-9.16-CVE-2024-1737-records-test2.patch
 # https://gitlab.isc.org/isc-projects/bind9/-/commit/c6e6a7af8ac6b575dd3657b0f5cf4248d734c2b0
 Patch215: bind-9.18-CVE-2024-11187-pre-test.patch
 Patch216: bind-9.18-CVE-2024-11187.patch
+# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/10562
+# https://gitlab.isc.org/isc-projects/bind9/-/issues/5357
+# downstream patch fixing bind-dyndb-ldap causing issue
+Patch217: bind-9.21-resume-qmin-cname.patch

 %{?systemd_ordering}
 Requires:       coreutils
@ -1223,6 +1227,9 @@ fi;
 %endif

 %changelog
+* Tue Jun 10 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.23-29
+- Prevent name.c:670 attributes assertion failed (RHEL-30407)
+
 * Sat Feb 15 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-28
 - Fix test backport changes