Affects Version/s: OpenDNSSEC 1.4.6, OpenDNSSEC 1.4.7, OpenDNSSEC 2.0, openDNSSEC 1.4.8, OpenDNSSEC 1.4.9, OpenDNSSEC 1.4.10
Fix Version/s: None
- bug found on Debian Jessie 1.4.6 package
- checked in git and is still present in all more recent versions
The Zonelist parser (i.e. parse_zonelist_zones()) assumes that xmlTextReaderRead / xmlTextReaderExpand only load one XML node, which is the current <Zone> to be processed. This assumption is incorrect, especially if the XML is very short in its serialised form. (e.g. no extra whitespace, short zone filenames, etc.)
This, in turn, makes the later XPath lookups match nodes from both the current and the next <Zone> element, which caused the following two behaviours in our setup:
- one zone had the next zone's input file applied to it. Resulting error (because it was loading the wrong zonefile):
"[adapter] unable to add rr to zone: soa record has invalid owner name"
"[adapter] error adding RR at line 11: @ 86400 IN SOA <...>"
- another zone used the empty string as output filename (because the XML node for that zone was not fully loaded, the attribute was still empty/in processing). Resulting error:
"[adapter] unable to write file: failed to rename .tmp to (No such file or directory)"
Attached fix is against 1.4.6 and only changes signer code; enforcer and ksmutil can potentially exhibit the same issue. Signer patch is tested & confirmed to fix the issues.
Note this bug hard-breaks operation since some zones will fail signing; signatures will expire and the zone's records will start being rejected by validating clients.