[rbldnsd] PATCH: clearing sqi in rbldnsd_combined.c

[Alex Lasoriti]

Hello rbldnsders,

we have found what appears to be a bug in 0.997a.  It may show up
exclusively when using combined zones using both IPv4 and IPv6 datasets, 
resulting in "listed" responses to queries relative to unlisted objects.

The problem is caused by lack of initialization of the sqi structure
in rbldnsd_combined.c.  Therefore, that structure may contain
information left from the previous query.  Under some circumstances,
that information is returned as an answer, causing unlisted objects
to appear listed.  We observed this in testing and tracked it down.

This patch fixes it:

--- rbldnsd-0.997a/rbldnsd_combined.c 2013-03-14 05:28:02.000000000 +0000
+++ rbldnsd-0.997a-patched/rbldnsd_combined.c 2015-08-18 14:05:38.000000000 +0000
@@ -190,10 +190,12 @@
   struct dnsqinfo sqi;
   const struct dslist *dsl;
   int found = 0;
-  const struct zone *zone =
-    findqzone(ds->ds_dsd->zlist,
-              qi->qi_dnlen0 + 1, qi->qi_dnlab, qi->qi_dnlptr,
-              &sqi);
+  const struct zone *zone;
+
+  memset(&sqi, 0, sizeof(sqi));
+  zone = findqzone(ds->ds_dsd->zlist,
+           qi->qi_dnlen0 + 1, qi->qi_dnlab, qi->qi_dnlptr,
+           &sqi);
   if (!zone) return 0;
   sqi.qi_tflag = qi->qi_tflag;
   for (dsl = zone->z_dsl; dsl; dsl = dsl->dsl_next)



For good measure, we have also added a line to reset the qi structure 
in rbldnsd_packet.c :

--- rbldnsd-0.997a/rbldnsd_packet.c 2013-04-06 16:28:53.000000000 +0000
+++ rbldnsd-0.997a-patched/rbldnsd_packet.c 2015-10-10 17:25:54.000000000 +0000
@@ -283,6 +283,7 @@
   int found;
   extern int lazy; /*XXX hack*/

+  memset(&qi, 0, sizeof(qi));
   pkt->p_substrr = 0;
   /* check global ACL */
   if (g_dsacl && g_dsacl->ds_stamp) {


These modifications have been already tested in a production environment.

Alex Lasoriti
Spamhaus Technology