- Fix bug in nodatabase mode with ixfrs that change nsec3param.

git-svn-id: svn+ssh://open.nlnetlabs.nl/svn/nsd/trunk@4249 a26ef69c-88ff-0310-839f-98b793d9c207

Author: wouter

difffile.c

@@ -447,8 +447,8 @@ nsec3_delete_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone,
 	else if(rr->type == TYPE_NSEC3PARAM && rr == zone->nsec3_param) {
 		/* clear trees, wipe hashes, wipe precompile */
 		nsec3_clear_precompile(db, zone);
-		/* pick up new nsec3param from udb */
-		nsec3_find_zone_param(db, zone, udbz);
+		/* pick up new nsec3param (from udb, or avoid deleted rr) */
+		nsec3_find_zone_param(db, zone, udbz, rr);
 		/* if no more NSEC3, done */
 		if(!zone->nsec3_param)
 			return;
@@ -550,7 +550,7 @@ nsec3_add_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone,
 		prehash_add(db->domains, rr->owner);
 	} else if(!zone->nsec3_param && rr->type == TYPE_NSEC3PARAM) {
 		/* see if this means NSEC3 chain can be used */
-		nsec3_find_zone_param(db, zone, udbz);
+		nsec3_find_zone_param(db, zone, udbz, NULL);
 		if(!zone->nsec3_param)
 			return;
 		nsec3_zone_trees_create(db->region, zone);
@@ -1310,8 +1310,7 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
 			ret = apply_ixfr(nsd->db, in, zone_buf, new_serial, opt,
 				i, num_parts, &is_axfr, &delete_mode,
 				&rr_count, (nsd->db->udb?&z:NULL), &zonedb,
-				patname_buf, &num_bytes,
-				&softfail);
+				patname_buf, &num_bytes, &softfail);
 			if(ret == 0) {
 				log_msg(LOG_ERR, "bad ixfr packet part %d in diff file for %s", (int)i, zone_buf);
 				xfrd_unlink_xfrfile(nsd, xfrfilenr);

doc/ChangeLog

@@ -1,3 +1,6 @@
+21 March 2014: Wouter
+	- Fix bug in nodatabase mode with ixfrs that change nsec3param.
+
 19 March 2014: Wouter
 	- made database: "" set the 3600 default for zonefileswrite only
 	  if it is also at its default, so that user settings override.

nsec3.c

@@ -245,7 +245,7 @@ udb_zone_find_nsec3param(udb_base* udb, udb_ptr* uz, struct zone* z)
 }
 
 static struct rr*
-db_find_nsec3param(struct zone* z)
+db_find_nsec3param(struct zone* z, struct rr* avoid_rr)
 {
 	unsigned i;
 	rrset_type* rrset = domain_find_rrset(z->apex, z, TYPE_NSEC3PARAM);
@@ -254,6 +254,8 @@ db_find_nsec3param(struct zone* z)
 	/* find first nsec3param we can support (SHA1, no flags) */
 	for(i=0; i<rrset->rr_count; i++) {
 		rdata_atom_type* rd = rrset->rrs[i].rdatas;
+		/* do not use the RR that is going to be deleted (in IXFR) */
+		if(&rrset->rrs[i] == avoid_rr) continue;
 		if(rrset->rrs[i].rdata_count < 4) continue;
 		if(rdata_atom_data(rd[0])[0] == NSEC3_SHA1_HASH &&
 			rdata_atom_data(rd[1])[0] == 0) {
@@ -282,12 +284,15 @@ db_find_nsec3param(struct zone* z)
 }
 
 void
-nsec3_find_zone_param(struct namedb* db, struct zone* zone, udb_ptr* z)
+nsec3_find_zone_param(struct namedb* db, struct zone* zone, udb_ptr* z,
+	struct rr* avoid_rr)
 {
 	/* get nsec3param RR from udb */
 	if(db->udb)
 		zone->nsec3_param = udb_zone_find_nsec3param(db->udb, z, zone);
-	else	zone->nsec3_param = db_find_nsec3param(zone);
+	/* no db, get from memory, avoid using the rr that is going to be
+	 * deleted, avoid_rr */
+	else	zone->nsec3_param = db_find_nsec3param(zone, avoid_rr);
 }
 
 /* check params ok for one RR */
@@ -613,7 +618,7 @@ prehash_zone_complete(struct namedb* db, struct zone* zone)
 			udb_ptr_init(&udbz, db->udb); /* zero the ptr */
 		}
 	}
-	nsec3_find_zone_param(db, zone, &udbz);
+	nsec3_find_zone_param(db, zone, &udbz, NULL);
 	if(!zone->nsec3_param || !check_apex_soa(db, zone)) {
 		zone->nsec3_param = NULL;
 		zone->nsec3_last = NULL;

nsec3.h

@@ -92,7 +92,7 @@ int nsec3_condition_hash(struct domain* d, struct zone* z);
 int nsec3_condition_dshash(struct domain* d, struct zone* z);
 /* set nsec3param for this zone or NULL if no NSEC3 available */
 void nsec3_find_zone_param(struct namedb* db, struct zone* zone,
-	struct udb_ptr* z);
+	struct udb_ptr* z, struct rr* avoid_rr);
 /* hash domain and wcchild, and lookup nsec3 in tree, and precompile */
 void nsec3_precompile_domain(struct namedb* db, struct domain* domain,
 	struct zone* zone, struct region* tmpregion);