NLnetLabs · wtoorop · Jan 25, 2025 · Jan 25, 2025 · Jan 25, 2025 · Jan 25, 2025
diff --git a/.github/workflows/testsuite.yml b/.github/workflows/testsuite.yml
@@ -79,10 +79,6 @@ jobs:
       matrix:
         platform:
           - i386
-          - arm32v6
-          - arm32v7
-          - arm64v8
-          - s390x
 
     steps:
       - uses: actions/checkout@main

diff --git a/Changelog b/Changelog
@@ -11,6 +11,10 @@
 	  Follows the long string unquoted syntax from RFC8659, section 4.1.1.
 	* Fix #266: ldns-read-zone -u fails if a type is the only type in a
 	  window and the type modulo 256 is equal to zero.
+	* Fix memory leak when trying to read zones that have equal RRs.
+	  the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR
+	  when an already existing RR is tried to be added. This is a API
+	  change, hence this also bumps the version to 1.9.0
 
 1.8.4	2024-07-19
 	* Fix building documentation in build directory.

diff --git a/configure.ac b/configure.ac
@@ -5,8 +5,8 @@ sinclude(acx_nlnetlabs.m4)
 
 # must be numbers. ac_defun because of later processing.
 m4_define([VERSION_MAJOR],[1])
-m4_define([VERSION_MINOR],[8])
-m4_define([VERSION_MICRO],[4])
+m4_define([VERSION_MINOR],[9])
+m4_define([VERSION_MICRO],[0])
 AC_INIT([ldns],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[[email protected]],[libdns])
 AC_CONFIG_SRCDIR([packet.c])
 # needed to build correct soname
@@ -33,6 +33,7 @@ AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO])
 # ldns-1.8.1 had libversion 6:0:3
 # ldns-1.8.2 had libversion 7:0:4
 # ldns-1.8.3 has libversion 8:0:5
+# ldns-1.9.0 will have libversion 9:0:6 (new behaviour for dnssec_rrs_add_rr)
 #
 AC_SUBST(VERSION_INFO, [9:0:6])
 
@@ -667,7 +668,9 @@ case "$enable_dane" in
       ;;
 esac
 
+AC_ARG_ENABLE(draft-rrtypes, AS_HELP_STRING([--enable-draft-rrtypes],[Enable all draft RR types.]))
 AC_ARG_ENABLE(rrtype-ninfo, AS_HELP_STRING([--enable-rrtype-ninfo],[Enable draft RR type ninfo.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ninfo="yes"; fi
 case "$enable_rrtype_ninfo" in
 	yes)
 		AC_DEFINE_UNQUOTED([RRTYPE_NINFO], [], [Define this to enable RR type NINFO.])
@@ -676,6 +679,7 @@ case "$enable_rrtype_ninfo" in
 		;;
 esac
 AC_ARG_ENABLE(rrtype-rkey, AS_HELP_STRING([--enable-rrtype-rkey],[Enable draft RR type rkey.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_rkey="yes"; fi
 case "$enable_rrtype_rkey" in
 	yes)
 		AC_DEFINE_UNQUOTED([RRTYPE_RKEY], [], [Define this to enable RR type RKEY.])
@@ -692,6 +696,7 @@ case "$enable_rrtype_openpgpkey" in
 		;;
 esac
 AC_ARG_ENABLE(rrtype-ta, AS_HELP_STRING([--enable-rrtype-ta],[Enable draft RR type ta.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ta="yes"; fi
 case "$enable_rrtype_ta" in
 	yes)
 		AC_DEFINE_UNQUOTED([RRTYPE_TA], [], [Define this to enable RR type TA.])
@@ -700,6 +705,7 @@ case "$enable_rrtype_ta" in
 		;;
 esac
 AC_ARG_ENABLE(rrtype-avc, AS_HELP_STRING([--enable-rrtype-avc],[Enable draft RR type avc.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_avc="yes"; fi
 case "$enable_rrtype_avc" in
 	yes)
 		AC_DEFINE_UNQUOTED([RRTYPE_AVC], [], [Define this to enable RR type AVC.])
@@ -708,6 +714,7 @@ case "$enable_rrtype_avc" in
 		;;
 esac
 AC_ARG_ENABLE(rrtype-doa, AS_HELP_STRING([--enable-rrtype-doa],[Enable draft RR type DOA.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_doa="yes"; fi
 case "$enable_rrtype_doa" in
 	yes)
 		AC_DEFINE_UNQUOTED([RRTYPE_DOA], [], [Define this to enable RR type DOA.])
@@ -731,14 +738,32 @@ case "$enable_rrtype_svcb_https" in
 		AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.])
 		;;
 esac
-AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--enable-rrtype-resinfo],[Disable RR type RESINFO.]))
+AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--disable-rrtype-resinfo],[Disable RR type RESINFO.]))
 case "$enable_rrtype_resinfo" in
 	no)
 		;;
 	yes|*)
 		AC_DEFINE_UNQUOTED([RRTYPE_RESINFO], [], [Define this to enable RR type RESINFO.])
 		;;
 esac
+AC_ARG_ENABLE(rrtype-dsync, AS_HELP_STRING([--enable-rrtype-dsync],[Enable draft RR type DSYNC.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_dsync="yes"; fi
+case "$enable_rrtype_dsync" in
+	yes)
+		AC_DEFINE_UNQUOTED([RRTYPE_DSYNC], [], [Define this to enable RR type DSYNC.])
+		;;
+	no|*)
+		;;
+esac
+AC_ARG_ENABLE(rrtypes-cla-ipn, AS_HELP_STRING([--enable-rrtypes-cla-ipn],[Enable draft RR types CLA and IPN.]))
+if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_cla_ipn="yes"; fi
+case "$enable_rrtypes_cla_ipn" in
+	yes)
+		AC_DEFINE_UNQUOTED([RRTYPE_CLA_IPN], [], [Define this to enable RR types CLA and IPN.])
+		;;
+	no|*)
+		;;
+esac
 
 
 if echo "$tmp_LIBS" | grep "ws2_32" >/dev/null; then

diff --git a/dnssec_zone.c b/dnssec_zone.c
@@ -71,8 +71,9 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
 		new_rrs->next = rrs->next;
 		rrs->rr = rr;
 		rrs->next = new_rrs;
-	}
-	/* Silently ignore equal rr's */
+	} else
+		return LDNS_STATUS_EQUAL_RR;
+
 	return LDNS_STATUS_OK;
 }
 
@@ -732,25 +733,37 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
 				 */
 				ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr));
 
-			prev_rr = cur_rr;
 #endif
 			status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
-			if (status ==
-				LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
-
+			switch(status) {
+			case LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND:
 				if (rr_is_rrsig_covering(cur_rr,
 							LDNS_RR_TYPE_NSEC3)){
 					ldns_rr_list_push_rr(todo_nsec3_rrsigs,
 							cur_rr);
 				} else {
 					ldns_rr_list_push_rr(todo_nsec3s,
-						       	cur_rr);
+							cur_rr);
 				}
 				status = LDNS_STATUS_OK;
-
-			} else if (status != LDNS_STATUS_OK)
+				break;
+			case LDNS_STATUS_EQUAL_RR:
+				ldns_rr_free(cur_rr);
+#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP
+				cur_rr = prev_rr;
+#else
+				cur_rr = NULL;
+#endif
+				status = LDNS_STATUS_OK;
+				break;
+			case LDNS_STATUS_OK:
+				break;
+			default:
 				goto error;
-
+			}
+#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP
+			prev_rr = cur_rr;
+#endif
 			break;
 
 		case LDNS_STATUS_SYNTAX_TTL:	/* the ttl was set*/

diff --git a/error.c b/error.c
@@ -189,6 +189,8 @@ ldns_lookup_table ldns_error_str[] = {
 	{ LDNS_STATUS_EDE_OPTION_MALFORMED,
 		"The extended error code option is malformed, expected "
 		"at least 2 bytes of option data" },
+	{ LDNS_STATUS_EQUAL_RR,
+		"An identical RR already existed in the zone" },
 	{ 0, NULL }
 };
 

diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c
@@ -766,6 +766,7 @@ main(int argc, char **argv)
                         break;
 		case 'h':
 			print_usage(stdout, progname);
+			ldns_rr_list_deep_free(keys);
 			exit(EXIT_SUCCESS);
 			break;
 		case 'e':
@@ -779,6 +780,7 @@ main(int argc, char **argv)
 						"P[n]Y[n]M[n]DT[n]H[n]M[n]S\n"
 						);
 				}
+				ldns_rr_list_deep_free(keys);
                                 exit(EXIT_FAILURE);
 			}
 			if (c == 'e')
@@ -804,6 +806,7 @@ main(int argc, char **argv)
 						"%s: %s\n",optarg,
 						ldns_get_errorstr_by_id(s));
 				}
+				ldns_rr_list_deep_free(keys);
                                 exit(EXIT_FAILURE);
 			}
 			if (ldns_rr_list_rr_count(keys) == nkeys) {
@@ -812,6 +815,7 @@ main(int argc, char **argv)
 						"No keys found in file %s\n",
 						optarg);
 				}
+				ldns_rr_list_deep_free(keys);
 				exit(EXIT_FAILURE);
 			}
 			nkeys = ldns_rr_list_rr_count(keys);
@@ -824,6 +828,7 @@ main(int argc, char **argv)
 						"percentage needs to fall "
 						"between 0..100\n");
 				}
+				ldns_rr_list_deep_free(keys);
                                 exit(EXIT_FAILURE);
                         }
                         srandom(time(NULL) ^ getpid());
@@ -850,6 +855,7 @@ main(int argc, char **argv)
 		case 'v':
 			printf("verify-zone version %s (ldns version %s)\n",
 					LDNS_VERSION, ldns_version());
+			ldns_rr_list_deep_free(keys);
 			exit(EXIT_SUCCESS);
 			break;
 		case 'V':
@@ -869,6 +875,7 @@ main(int argc, char **argv)
 				fprintf(myerr, "Unable to chase "
 						"signature without keys.\n");
 			}
+			ldns_rr_list_deep_free(keys);
 			exit(EXIT_FAILURE);
 		}
 	}
@@ -887,10 +894,12 @@ main(int argc, char **argv)
 				fprintf(myerr, "Unable to open %s: %s\n",
 					filename, strerror(errno));
 			}
+			ldns_rr_list_deep_free(keys);
 			exit(EXIT_FAILURE);
 		}
 	} else {
 		print_usage(stderr, progname);
+		ldns_rr_list_deep_free(keys);
 		exit(EXIT_FAILURE);
 	}
 
@@ -901,13 +910,15 @@ main(int argc, char **argv)
 			fprintf(myerr, "%s at line %d\n",
 				ldns_get_errorstr_by_id(s), line_nr);
 		}
+		ldns_rr_list_deep_free(keys);
                 exit(EXIT_FAILURE);
 	}
 	if (!dnssec_zone->soa) {
 		if (verbosity > 0) {
 			fprintf(myerr,
 				"; Error: no SOA in the zone\n");
 		}
+		ldns_rr_list_deep_free(keys);
 		exit(EXIT_FAILURE);
 	}
 
@@ -927,9 +938,10 @@ main(int argc, char **argv)
 
 	if (zonemd_required == 1
 	&&  !ldns_dnssec_zone_find_rrset(dnssec_zone,
-			       	dnssec_zone->soa->name, LDNS_RR_TYPE_DNSKEY))
+				dnssec_zone->soa->name, LDNS_RR_TYPE_DNSKEY)) {
+		ldns_rr_list_deep_free(keys);
 		result = LDNS_STATUS_OK;
-	else
+	} else
 		result = verify_dnssec_zone(dnssec_zone,
 				dnssec_zone->soa->name, keys, apexonly,
 				percentage, zonemd_required > 2);

diff --git a/host2str.c b/host2str.c
@@ -409,6 +409,14 @@ ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf)
 	return ldns_buffer_status(output);
 }
 
+ldns_status
+ldns_rdf2buffer_str_int64(ldns_buffer *output, const ldns_rdf *rdf)
+{
+	uint64_t data = ldns_read_uint64(ldns_rdf_data(rdf));
+	ldns_buffer_printf(output, "%llu", (unsigned long long) data);
+	return ldns_buffer_status(output);
+}
+
 ldns_status
 ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf)
 {
@@ -1644,6 +1652,10 @@ ldns_rdf2buffer_str_fmt(ldns_buffer *buffer,
 		case LDNS_RDF_TYPE_INT32:
 			res = ldns_rdf2buffer_str_int32(buffer, rdf);
 			break;
+		case LDNS_RDF_TYPE_INT64:
+		case LDNS_RDF_TYPE_IPN:
+			res = ldns_rdf2buffer_str_int64(buffer, rdf);
+			break;
 		case LDNS_RDF_TYPE_PERIOD:
 			res = ldns_rdf2buffer_str_period(buffer, rdf);
 			break;

diff --git a/ldns/dnssec_zone.h b/ldns/dnssec_zone.h
@@ -131,7 +131,8 @@ void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs);
  *
  * \param[in] rrs the list to add to
  * \param[in] rr the RR to add
- * \return LDNS_STATUS_OK on success
+ * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and
+ *         RR with equal ownername, class, type and rdata already exists.
  */
 ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
 
@@ -199,7 +200,8 @@ ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
  *
  * \param[in] rrsets the list of rrsets to add the RR to
  * \param[in] rr the rr to add to the list of rrsets
- * \return LDNS_STATUS_OK on success
+ * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and
+ *         RR with equal ownername, class, type and rdata already exists.
  */
 ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
 
@@ -313,7 +315,9 @@ int ldns_dnssec_name_cmp(const void *a, const void *b);
  *
  * \param[in] name The ldns_dnssec_name to add the RR to
  * \param[in] rr The RR to add
- * \return LDNS_STATUS_OK on success, error code otherwise
+ * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and
+ *         RR with equal ownername, class, type and rdata already exists,
+ *         and an error code otherwise
  */
 ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
 							 ldns_rr *rr);
@@ -415,7 +419,9 @@ void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone);
  *
  * \param[in] zone the zone to add the RR to
  * \param[in] rr The RR to add
- * \return LDNS_STATUS_OK on success, an error code otherwise
+ * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and
+ *         RR with equal ownername, class, type and rdata already exists,
+ *         and an error code otherwise
  */
 ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone,
 							 ldns_rr *rr);

diff --git a/ldns/error.h b/ldns/error.h
@@ -143,7 +143,8 @@ enum ldns_enum_status {
 	LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE,
 	LDNS_STATUS_INVALID_SVCPARAM_VALUE,
 	LDNS_STATUS_NOT_EDE,
-	LDNS_STATUS_EDE_OPTION_MALFORMED
+	LDNS_STATUS_EDE_OPTION_MALFORMED,
+	LDNS_STATUS_EQUAL_RR
 };
 typedef enum ldns_enum_status ldns_status;
 

diff --git a/ldns/host2str.h b/ldns/host2str.h
@@ -581,6 +581,14 @@ ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf);
  */
 ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf);
 
+/** 
+ * Converts an LDNS_RDF_TYPE_INT64 rdata element to presentation format.
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_int64(ldns_buffer *output, const ldns_rdf *rdf);
+
 /**
  * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer
  * \param[in] *rdf The rdata to convert
-Original file line number
+Diff line change
@@ Expand Up / @@ -79,10 +79,6 @@ jobs: @@
           matrix:
             platform:
               - i386
-              - arm32v6
-              - arm32v7
-              - arm64v8
-              - s390x
         steps:
           - uses: actions/checkout@main
@@ Expand Down @@