upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 12:02:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/dns
History
Ondřej Surý f1d9e9ee38
Improve RBT overmem cache cleaning 
When cache memory usage is over the configured cache size (overmem) and
we are cleaning unused entries, it might not be enough to clean just two
entries if the entries to be expired are smaller than the newly added
rdata.  This could be abused by an attacker to cause a remote Denial of
Service by possibly running out of the operating system memory.

Currently, the addrdataset() tries to do a single TTL-based cleaning
considering the serve-stale TTL and then optionally moves to overmem
cleaning if we are in that condition.  Then the overmem_purge() tries to
do another single TTL based cleaning from the TTL heap and then continue
with LRU-based cleaning up to 2 entries cleaned.

Squash the TTL-cleaning mechanism into single call from addrdataset(),
but ignore the serve-stale TTL if we are currently overmem.

Then instead of having a fixed number of entries to clean, pass the size
of newly added rdatasetheader to the overmem_purge() function and
cleanup at least the size of the newly added data.  This prevents the
cache going over the configured memory limit (`max-cache-size`).

Additionally, refactor the overmem_purge() function to reduce for-loop
nesting for readability.
2023-06-06 14:23:16 +02:00
..
include dns_view_untrust modifies dnskey->flags when it shouldn't 2023-04-03 17:48:31 +02:00
rdata Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
tests Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
win32 Export dns_view_istrusted() on Windows 2023-04-03 18:18:43 +02:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c Simplify way we tag unreachable code with only ISC_UNREACHABLE() 2022-03-25 09:33:51 +01:00
adb.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
badcache.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
byaddr.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
cache.c Add dns_db_allrdatasets options 2022-12-08 11:20:35 +11:00
callbacks.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
catz.c Check if catz is active in dns_catz_update_from_db() 2023-03-02 19:42:16 +00:00
client.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
clientinfo.c allow dns_clientinfo to store client ECS data 2022-01-27 16:08:57 -08:00
compress.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
db.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
dbiterator.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
dbtable.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
diff.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
dispatch.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
dlz.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
dns64.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
dnsrps.c Handle iterator options in rpsdb_allrdatasets() 2023-02-01 12:07:11 +01:00
dnssec.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
dnstap.c dnstap query_message field was erroneously set with responses 2022-08-31 15:49:25 -07:00
dnstap.proto Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
ds.c Simplify way we tag unreachable code with only ISC_UNREACHABLE() 2022-03-25 09:33:51 +01:00
dst_api.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
dst_internal.h Check if key metadata is modified before writing 2022-05-16 10:35:33 +02:00
dst_openssl.h Use autoconf check for BN_GENCB_new() 2022-03-02 09:34:29 +00:00
dst_parse.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
dst_parse.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
dst_pkcs11.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
dst_result.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
dyndb.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
ecdb.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
ecs.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
fixedname.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
forward.c Use sizeof(*ptr) for allocating/freeing memory in forward.c 2023-01-11 13:42:00 +00:00
gen-unix.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
gen-win32.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
gen.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
geoip2.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
gssapi_link.c Remove a redundant variable-length array 2022-03-18 17:21:57 +00:00
gssapictx.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
hmac_link.c In hmac_createctx free ctx on isc_hmac_init failure 2023-02-18 10:27:11 +11:00
ipkeylist.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
iptable.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
journal.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
kasp.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
key.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
keydata.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
keymgr.c Force set DS state after 'rndc dnssec -checkds' 2023-01-27 16:09:06 +01:00
keytable.c Handle dns_rdata_fromstruct failure dns_keytable_deletekey 2023-04-03 17:48:31 +02:00
Kyuafile Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
lib.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
log.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
lookup.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
Makefile.in Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
mapapi increase MAPAPI 2021-08-28 07:45:39 -07:00
master.c Fix scan-build issue: initialized value never read 2023-03-29 15:08:36 +00:00
masterdump.c Add dns_db_allrdatasets options 2022-12-08 11:20:35 +11:00
message.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
name.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
ncache.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
nsec.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
nsec3.c Cleanup orphaned empty-non-terminal NSEC3 2023-04-25 06:46:17 +01:00
nta.c Don't use reference counting in isc_timer unit 2023-01-19 11:28:10 +01:00
openssl_link.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
openssldh_link.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
opensslecdsa_link.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
openssleddsa_link.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
opensslrsa_link.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
order.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
peer.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
pkcs11.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
pkcs11ecdsa_link.c Consistenly use UNREACHABLE() instead of ISC_UNREACHABLE() 2022-03-28 23:28:05 +02:00
pkcs11eddsa_link.c Consistenly use UNREACHABLE() instead of ISC_UNREACHABLE() 2022-03-28 23:28:05 +02:00
pkcs11rsa_link.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
portlist.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
private.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
rbt.c Check the pointer alignments when deserialising 2023-05-05 07:04:31 +00:00
rbtdb.c Improve RBT overmem cache cleaning 2023-06-06 14:23:16 +02:00
rbtdb.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
rcode.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
rdata.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
rdatalist.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
rdatalist_p.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
rdataset.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
rdatasetiter.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
rdataslab.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
request.c Don't use reference counting in isc_timer unit 2023-01-19 11:28:10 +01:00
resolver.c BIND 9.16.37 2023-01-25 21:34:55 +01:00
result.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
rootns.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
rpz.c Don't use reference counting in isc_timer unit 2023-01-19 11:28:10 +01:00
rriterator.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
rrl.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
sdb.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
sdlz.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
soa.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 09:37:18 +01:00
ssu.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
ssu_external.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
stats.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
tcpmsg.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
time.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
timer.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
tkey.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
tsec.c Simplify way we tag unreachable code with only ISC_UNREACHABLE() 2022-03-25 09:33:51 +01:00
tsig.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
tsig_p.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
ttl.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
update.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
validator.c Reduce the number of verifiations required 2023-04-03 17:48:31 +02:00
version.c Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
view.c dns_view_untrust modifies dnskey->flags when it shouldn't 2023-04-03 17:48:31 +02:00
xfrin.c Don't use reference counting in isc_timer unit 2023-01-19 11:28:10 +01:00
zone.c Check whether zone->db is a valid pointer before attaching 2023-05-15 12:05:11 +00:00
zone_p.h Update the copyright information in all files in the repository 2022-01-11 12:22:09 +01:00
zonekey.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
zoneverify.c Extend dns_db_allrdatasets to control interation results 2022-12-08 11:20:35 +11:00
zt.c Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00