[svn] commit: r1301 - in /trunk/src/lib/auth: data_source.cc query.cc query.h tests/datasrc_unittest.cc

BIND 10 source code commits bind10-changes at lists.isc.org
Wed Mar 10 23:14:45 UTC 2010 

Author: each
Date: Wed Mar 10 23:14:45 2010
New Revision: 1301

Log:
Limit CNAME chains to 16, to avoid the possibility of an infinite CNAME loop

Modified:
    trunk/src/lib/auth/data_source.cc
    trunk/src/lib/auth/query.cc
    trunk/src/lib/auth/query.h
    trunk/src/lib/auth/tests/datasrc_unittest.cc

Modified: trunk/src/lib/auth/data_source.cc
==============================================================================
--- trunk/src/lib/auth/data_source.cc (original)
+++ trunk/src/lib/auth/data_source.cc Wed Mar 10 23:14:45 2010
@@ -125,6 +125,10 @@
     // to process the first one.
     it->first();
     if (it->isLast()) {
+        return;
+    }
+
+    if (q.tooMany()) {
         return;
     }
 

Modified: trunk/src/lib/auth/query.cc
==============================================================================
--- trunk/src/lib/auth/query.cc (original)
+++ trunk/src/lib/auth/query.cc Wed Mar 10 23:14:45 2010
@@ -102,6 +102,7 @@
     qname_ = &question->getName();
     qclass_ = &question->getClass();
     qtype_ = &question->getType();
+    restarts_ = 0;
 
     querytasks_.push(QueryTaskPtr(new QueryTask(*qname_, *qclass_, *qtype_,
                                                 Section::ANSWER())));

Modified: trunk/src/lib/auth/query.h
==============================================================================
--- trunk/src/lib/auth/query.h (original)
+++ trunk/src/lib/auth/query.h Wed Mar 10 23:14:45 2010
@@ -204,6 +204,14 @@
     Status status() const { return status_; }
     void setStatus(Status s) { status_ = s; }
 
+    // Limit CNAME chains to 16 per query, to avoid loops
+    inline bool tooMany() {
+        if (++restarts_ > MAX_RESTARTS) {
+            return (true);
+        }
+        return (false);
+    }
+
 private:
     Status status_;
 
@@ -216,6 +224,9 @@
 
     bool want_additional_;
     bool want_dnssec_;
+
+    static const int MAX_RESTARTS = 16;
+    int restarts_;
 };
 
 }

Modified: trunk/src/lib/auth/tests/datasrc_unittest.cc
==============================================================================
--- trunk/src/lib/auth/tests/datasrc_unittest.cc (original)
+++ trunk/src/lib/auth/tests/datasrc_unittest.cc Wed Mar 10 23:14:45 2010
@@ -473,9 +473,8 @@
 }
 
 TEST_F(DataSrcTest, CNAMELoop) {
-    // This should not make the process hang
-    //createAndProcessQuery(msg, Name("loop1.example.com"), RRClass::IN(),
-    //                    RRType::A());
+    createAndProcessQuery(msg, Name("loop1.example.com"), RRClass::IN(),
+                          RRType::A());
 }
 
 TEST_F(DataSrcTest, Nsec3Hash) {

More information about the bind10-changes mailing list