#190 bind-9.16: another try
Closed 4 months ago by abbra. Opened 8 months ago by slev.
slev/bind-dyndb-ldap bind-9.16-support  into  master

file modified
+1 -1
@@ -1,5 +1,5 @@ 

  AC_PREREQ([2.59])

- AC_INIT([bind-dyndb-ldap], [11.2], [freeipa-devel@redhat.com])

+ AC_INIT([bind-dyndb-ldap], [16.0], [freeipa-devel@redhat.com])

  

  AM_INIT_AUTOMAKE([-Wall foreign dist-bzip2])

  

file modified
+2 -1
@@ -3,7 +3,7 @@ 

  %define bind_version 32:9.11.11-1

  

  Name:           bind-dyndb-ldap

- Version:        11.2

+ Version:        16.0

  Release:        0%{?dist}

  Summary:        LDAP back-end plug-in for BIND

  
@@ -32,6 +32,7 @@ 

  %setup -q -n %{name}-%{VERSION}

  

  %build

+ export BIND9_CFLAGS="-I/usr/include/bind9"

  autoreconf -fiv

  %configure

  make %{?_smp_mflags}

file modified
+21 -39
@@ -105,40 +105,25 @@ 

  	}

  	str = cfg_obj_asstring(obj);

  

- 	MATCH("name", DNS_SSUMATCHTYPE_NAME);

- 	MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN);

- 	MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN);

- 	MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD);

- 	MATCH("self", DNS_SSUMATCHTYPE_SELF);

- #if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD)

- 	MATCH("selfsub", DNS_SSUMATCHTYPE_SELFSUB);

- 	MATCH("selfwild", DNS_SSUMATCHTYPE_SELFWILD);

- #endif

- #ifdef DNS_SSUMATCHTYPE_SELFMS

- 	MATCH("ms-self", DNS_SSUMATCHTYPE_SELFMS);

- #endif

- #ifdef DNS_SSUMATCHTYPE_SELFKRB5

- 	MATCH("krb5-self", DNS_SSUMATCHTYPE_SELFKRB5);

- #endif

- 

+ 	MATCH("name", dns_ssumatchtype_name);

+ 	MATCH("subdomain", dns_ssumatchtype_subdomain);

+ 	MATCH("zonesub", dns_ssumatchtype_subdomain);

+ 	MATCH("wildcard", dns_ssumatchtype_wildcard);

+ 	MATCH("self", dns_ssumatchtype_self);

+ 	MATCH("selfsub", dns_ssumatchtype_selfsub);

+ 	MATCH("selfwild", dns_ssumatchtype_selfwild);

+ 	MATCH("ms-self", dns_ssumatchtype_selfms);

+ 	MATCH("krb5-self", dns_ssumatchtype_selfkrb5);

  	/* At least bind 9.11.5 or 9.12.3 is required for it

  	 * as these match types are part of CVE-2018-5741 fixes */

  	MATCH("ms-selfsub", dns_ssumatchtype_selfsubms);

  	MATCH("krb5-selfsub", dns_ssumatchtype_selfsubkrb5);

  

- #ifdef DNS_SSUMATCHTYPE_SUBDOMAINMS

- 	MATCH("ms-subdomain", DNS_SSUMATCHTYPE_SUBDOMAINMS);

- #endif

- #ifdef DNS_SSUMATCHTYPE_SUBDOMAINKRB5

- 	MATCH("krb5-subdomain", DNS_SSUMATCHTYPE_SUBDOMAINKRB5);

- #endif

- #if defined(DNS_SSUMATCHTYPE_TCPSELF) && defined(DNS_SSUMATCHTYPE_6TO4SELF)

- 	MATCH("tcp-self", DNS_SSUMATCHTYPE_TCPSELF);

- 	MATCH("6to4-self", DNS_SSUMATCHTYPE_6TO4SELF);

- #endif

- #if defined(DNS_SSUMATCHTYPE_EXTERNAL)

- 	MATCH("external", DNS_SSUMATCHTYPE_EXTERNAL);

- #endif

+ 	MATCH("ms-subdomain", dns_ssumatchtype_subdomainms);

+ 	MATCH("krb5-subdomain", dns_ssumatchtype_subdomainkrb5);

+ 	MATCH("tcp-self", dns_ssumatchtype_tcpself);

+ 	MATCH("6to4-self", dns_ssumatchtype_6to4self);

+ 	MATCH("external", dns_ssumatchtype_external);

  

  	log_bug("unsupported match type '%s'", str);

  	return ISC_R_NOTIMPLEMENTED;
@@ -178,9 +163,7 @@ 

  	else

  		isc_buffer_add(&buf, len);

  

- 	dns_fixedname_init(fname);

- 

- 	result = dns_name_fromtext(dns_fixedname_name(fname), &buf,

+ 	result = dns_name_fromtext(dns_fixedname_initname(fname), &buf,

  				   dns_rootname, false, NULL);

  	if (result != ISC_R_SUCCESS)

  		log_error("'%s' is not a valid name", str);
@@ -217,9 +200,9 @@ 

  	obj = cfg_tuple_get(obj, "types");

  

  	n = count_list_elements(obj);

- 	if (n > 0)

- 		CHECKED_MEM_GET(mctx, types, n * sizeof(dns_rdatatype_t));

- 

+ 	if (n > 0) {

+ 		types = isc_mem_get(mctx, n * sizeof(dns_rdatatype_t));

+ 	}

  	i = 0;

  	for (el = cfg_list_first(obj); el != NULL; el = cfg_list_next(el)) {

  		const cfg_obj_t *typeobj;
@@ -319,10 +302,9 @@ 

  		/* Use zone name for 'zonesub' match type */

  		result = get_fixed_name(stmt, "name", &fname);

  		if (result == ISC_R_NOTFOUND &&

- 		    match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) {

- 			dns_fixedname_init(&fname);

+ 		    match_type == dns_ssumatchtype_subdomain) {

  			CHECK(dns_name_copy(dns_zone_getorigin(zone),

- 					    dns_fixedname_name(&fname),

+ 					    dns_fixedname_initname(&fname),

  					    &fname.buffer));

  		}

  		else if (result != ISC_R_SUCCESS)
@@ -330,7 +312,7 @@ 

  

  		CHECK(get_types(mctx, stmt, &types, &n));

  

- 		if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&

+ 		if (match_type == dns_ssumatchtype_wildcard &&

  		    !dns_name_iswildcard(dns_fixedname_name(&fname))) {

  			char name[DNS_NAME_FORMATSIZE];

  			dns_name_format(dns_fixedname_name(&fname), name,

file modified
+1 -1
@@ -108,7 +108,7 @@ 

  	isc_buffer_init(&buffer, (char *)string, string_len);

  	isc_buffer_add(&buffer, string_len);

  

- 	result = cfg_parse_buffer(parser, &buffer, *type, &ret);

+ 	result = cfg_parse_buffer(parser, &buffer, NULL, 0, *type, 0, &ret);

  

  	if (result == ISC_R_SUCCESS)

  		*objp = ret;

file modified
+3 -8
@@ -226,15 +226,13 @@ 

   * @returns @see empty_zone_search_next

   */

  isc_result_t

- empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname,

+ empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname,

                         dns_zt_t *ztable) {

- 	isc_result_t result;

- 

  	REQUIRE(iter != NULL);

  	REQUIRE(dns_name_isabsolute(qname));

  

  	INIT_BUFFERED_NAME(iter->qname);

- 	CHECK(dns_name_copy(qname, &iter->qname, NULL));

+ 	dns_name_copynf(qname, &iter->qname);

  

  	INIT_BUFFERED_NAME(iter->ezname);

  	iter->nextidx = 0;
@@ -243,9 +241,6 @@ 

  	dns_zt_attach(ztable, &iter->zonetable);

  

  	return empty_zone_search_next(iter);

- 

- cleanup:

- 	return result;

  }

  

  /**
@@ -298,7 +293,7 @@ 

   *    it failed and user configured policy != only.

   */

  isc_result_t

- empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,

+ empty_zone_handle_conflicts(const dns_name_t *name, dns_zt_t *zonetable,

  			    bool warn_only)

  {

  	isc_result_t result;

file modified
+2 -2
@@ -21,11 +21,11 @@ 

  empty_zone_search_stop(empty_zone_search_t *iter) ATTR_NONNULLS;

  

  isc_result_t

- empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname,

+ empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname,

  		       dns_zt_t *ztable) ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,

+ empty_zone_handle_conflicts(const dns_name_t *name, dns_zt_t *zonetable,

  			    bool warn_only) ATTR_NONNULLS ATTR_CHECKRESULT;

  

  /* Trigger to execute empty_zone_handle_conflicts() for dns_rootname. */

file modified
+4 -1
@@ -79,7 +79,10 @@ 

  	char curr_path[PATH_MAX + 1];

  	char *end = NULL;

  

- 	CHECK(isc_string_copy(curr_path, PATH_MAX, path));

+ 	/* isc_string_copy has been removed */

+ 	if (strlcpy(curr_path, path, PATH_MAX) >= PATH_MAX) {

+ 		CLEANUP_WITH(ISC_R_NOSPACE);

+ 	}

  

  	for (end = strchr(curr_path, '/');

  	     end != NULL;

file modified
+15 -19
@@ -49,7 +49,6 @@ 

  	isc_buffer_region(out_buf, &old_space);

  	new_space.length = isc_buffer_length(out_buf) + textlen + 1;

  	new_space.base = isc_mem_get(out_buf->mctx, new_space.length);

- 	RUNTIME_CHECK(new_space.base != NULL);

  	isc_buffer_reinit(out_buf, new_space.base, new_space.length);

  	if (old_space.base != NULL)

  		isc_mem_put(out_buf->mctx, old_space.base, old_space.length);
@@ -86,7 +85,6 @@ 

  static isc_result_t

  fwd_list_gen_dummy_config_string(isc_mem_t *mctx, size_t list_len,

  				 isc_buffer_t **dummy_string) {

- 	isc_result_t result;

  	const char prefix[] = "{ ";

  	const char suffix[] = "} // dummy string, please ignore";

  	const char fill[] = "127.0.0.1; ";
@@ -98,7 +96,9 @@ 

  

  	REQUIRE(dummy_string != NULL && *dummy_string == NULL);

  

- 	CHECK(isc_buffer_allocate(mctx, &output, target_size));

+ 	/* No CHECK here as isc_buffer_allocate is void and can not fail.

+ 	 *  See bind9: a038f77d92a857bc11750683c9317d70da6fcfdf */

+ 	isc_buffer_allocate(mctx, &output, target_size);

  	isc_buffer_putstr(output, prefix);

  	for (size_t i = 0; i < list_len; i++)

  		isc_buffer_putstr(output, fill);
@@ -106,11 +106,7 @@ 

  	isc_buffer_putuint8(output, '\0');

  	*dummy_string = output;

  

- cleanup:

- 	if (result != ISC_R_SUCCESS && output != NULL)

- 		isc_buffer_free(&output);

- 

- 	return result;

+ 	return ISC_R_SUCCESS;

  }

  

  /**
@@ -122,7 +118,6 @@ 

  isc_result_t

  fwd_print_bracketed_values_buf(isc_mem_t *mctx, ldap_valuelist_t *values,

  			      isc_buffer_t **string) {

- 	isc_result_t result;

  	ldap_value_t *value;

  	const char prefix[] = "{ ";

  	const char suffix[] = "}";
@@ -143,13 +138,14 @@ 

  	buffer_append_str(&tmp_buf, suffix, 2);

  

  	/* create and copy string from tmp to output buffer */

- 	CHECK(isc_buffer_allocate(mctx, string, tmp_buf.used));

+         /* No CHECK here as isc_buffer_allocate is void and can not fail.

+          *  See bind9: a038f77d92a857bc11750683c9317d70da6fcfdf */

+ 	isc_buffer_allocate(mctx, string, tmp_buf.used);

  	isc_buffer_putmem(*string, isc_buffer_base(&tmp_buf), tmp_buf.used);

  

- cleanup:

  	if (tmp_buf.base != NULL)

  		isc_mem_put(mctx, tmp_buf.base, tmp_buf.length);

- 	return result;

+ 	return ISC_R_SUCCESS;

  }

  

  isc_result_t
@@ -182,8 +178,8 @@ 

  	list_len = fwd_list_len(fwdrs);

  	CHECK(fwd_list_gen_dummy_config_string(mctx,

  					       list_len, &dummy_fwdr_buf));

- 	CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf,

- 			       cfg_type_forwarders, &forwarders_cfg));

+ 	CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf, NULL, 0,

+ 			       cfg_type_forwarders, 0, &forwarders_cfg));

  

  	/* Walk through internal representation and cfg representation and copy

  	 * data from the internal one to cfg data structures.*/
@@ -199,7 +195,7 @@ 

  	cfg_print(faddresses, buffer_append_str, &tmp_buf);

  

  	/* create and copy string from tmp to output buffer */

- 	CHECK(isc_buffer_allocate(mctx, out_buf, tmp_buf.used));

+ 	isc_buffer_allocate(mctx, out_buf, tmp_buf.used);

  	isc_buffer_putmem(*out_buf, isc_buffer_base(&tmp_buf),

  			  isc_buffer_usedlength(&tmp_buf));

  
@@ -275,7 +271,7 @@ 

  		addr = *cfg_obj_assockaddr(fwdr_cfg);

  		if (isc_sockaddr_getport(&addr) == 0)

  			isc_sockaddr_setport(&addr, port);

- 		CHECKED_MEM_GET_PTR(mctx, fwdr);

+ 		fwdr = isc_mem_get(mctx, sizeof(*(fwdr)));

  		fwdr->addr = addr;

  		fwdr->dscp = cfg_obj_getdscp(fwdr_cfg);

  		ISC_LINK_INIT(fwdr, link);
@@ -494,7 +490,7 @@ 

   */

  isc_result_t

  fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,

- 		   dns_name_t *name)

+ 		   const dns_name_t *name)

  {

  	isc_result_t result;

  	isc_mem_t *mctx = NULL;
@@ -582,7 +578,7 @@ 

  		CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs,

  					  fwdpolicy));

  	}

- 	dns_view_flushcache(view);

+ 	dns_view_flushcache(view, false);

  	run_exclusive_exit(inst, lock_state);

  	lock_state = ISC_R_IGNORE; /* prevent double-unlock */

  	log_debug(5, "%s %s: forwarder table was updated: %s",
@@ -607,7 +603,7 @@ 

  }

  

  isc_result_t

- fwd_delete_table(dns_view_t *view, dns_name_t *name,

+ fwd_delete_table(dns_view_t *view, const dns_name_t *name,

  		 const char *msg_obj_type, const char *logname) {

  	isc_result_t result;

  

file modified
+2 -2
@@ -26,11 +26,11 @@ 

  	       ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, dns_name_t *name)

+ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, const dns_name_t *name)

  		   ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- fwd_delete_table(dns_view_t *view, dns_name_t *name,

+ fwd_delete_table(dns_view_t *view, const dns_name_t *name,

  		 const char *msg_obj_type, const char *logname)

  		 ATTR_NONNULLS ATTR_CHECKRESULT;

  

file modified
+4 -5
@@ -31,7 +31,7 @@ 

  

  	REQUIRE(fwdrp != NULL && *fwdrp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, fwdr);

+ 	fwdr = isc_mem_get(mctx, sizeof(*(fwdr)));

  	ZERO_PTR(fwdr);

  	isc_mem_attach(mctx, &fwdr->mctx);

  	CHECK(dns_rbt_create(mctx, NULL, NULL, &fwdr->rbt));
@@ -41,11 +41,10 @@ 

  	return ISC_R_SUCCESS;

  

  cleanup:

- 	if (fwdr != NULL) {

- 		if (fwdr->rbt != NULL)

- 			dns_rbt_destroy(&fwdr->rbt);

- 		MEM_PUT_AND_DETACH(fwdr);

+ 	if (fwdr->rbt != NULL) {

+ 		dns_rbt_destroy(&fwdr->rbt);

  	}

+ 	MEM_PUT_AND_DETACH(fwdr);

  

  	return result;

  }

file modified
+31 -16
@@ -131,7 +131,7 @@ 

  	} else if (idx == 1) { /* zone only */

  		if (iszone != NULL)

  			*iszone = true;

- 		CHECK(dns_name_copy(dns_rootname, &origin, NULL));

+ 		dns_name_copynf(dns_rootname, &origin);

  		CHECK(dns_name_fromtext(&name, &name_buf, dns_rootname, 0, NULL));

  	} else if (idx == 2) { /* owner and zone */

  		if (iszone != NULL)
@@ -237,6 +237,7 @@ 

  	int idx_symb_first = -1; /* index of first "nice" printable symbol in dns_str */

  	int dns_idx = 0;

  	int esc_idx = 0;

+ 	int s_len;

  

  	REQUIRE(dns_str != NULL);

  	REQUIRE(ldap_name != NULL && *ldap_name == NULL);
@@ -247,7 +248,7 @@ 

  	 * In worst case each symbol from DNS dns_str will be represented

  	 * as "\xy" in ldap_name. (xy are hexadecimal digits)

  	 */

- 	CHECKED_MEM_ALLOCATE(mctx, *ldap_name, 3 * dns_str_len + 1);

+ 	*ldap_name = isc_mem_allocate(mctx, 3 * dns_str_len + 1);

  	esc_name = *ldap_name;

  

  	for (dns_idx = 0; dns_idx < dns_str_len; dns_idx++) {
@@ -286,8 +287,13 @@ 

  			}

  			/* LDAP uses \xy escaping. "xy" represent two hexadecimal digits.*/

  			/* TODO: optimize to bit mask & rotate & dec->hex table? */

- 			CHECK(isc_string_printf(esc_name + esc_idx, 4, "\\%02x", ascii_val));

- 			esc_idx += 3; /* isc_string_printf wrote 4 bytes including '\0' */

+ 			/* isc_string_printf has been removed */

+ 			s_len = snprintf(esc_name + esc_idx,

+ 					 4, "\\%02x", ascii_val);

+ 			if (s_len < 0 || s_len >= 4) {

+ 				CLEANUP_WITH(ISC_R_NOSPACE);

+ 			}

+ 			esc_idx += 3; /* snprintf wrote 4 bytes including '\0' */

  		}

  	}

  	if (idx_symb_first != -1) { /* copy last nice part */
@@ -302,10 +308,8 @@ 

  	if (result == DNS_R_BADESCAPE)

  		log_bug("improperly escaped DNS string: '%s'", dns_str);

  

- 	if (*ldap_name) {

- 		isc_mem_free(mctx, *ldap_name);

- 		*ldap_name = NULL;

- 	}

+ 	isc_mem_free(mctx, *ldap_name);

+ 	*ldap_name = NULL;

  	return result;

  }

  
@@ -430,20 +434,30 @@ 

  rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target,

  			    unsigned int size, bool unknown)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_SUCCESS;

  	char rdtype_str[DNS_RDATATYPE_FORMATSIZE];

  

  	if (unknown) {

  		/* "UnknownRecord;TYPE65333" */

- 		CHECK(isc_string_copy(target, size,

- 				      LDAP_RDATATYPE_UNKNOWN_PREFIX));

+ 		/* isc_string_copy and isc_string_append have been removed */

+ 		if (strlcpy(target, LDAP_RDATATYPE_UNKNOWN_PREFIX, size)

+ 		    >= size) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

  		snprintf(rdtype_str, sizeof(rdtype_str), "TYPE%u", rdtype);

- 		CHECK(isc_string_append(target, size, rdtype_str));

+ 		if (strlcat(target, rdtype_str, size) >= size) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

  	} else {

  		/* "ARecord" */

  		dns_rdatatype_format(rdtype, rdtype_str, DNS_RDATATYPE_FORMATSIZE);

- 		CHECK(isc_string_copy(target, size, rdtype_str));

- 		CHECK(isc_string_append(target, size, LDAP_RDATATYPE_SUFFIX));

+ 		/* isc_string_copy and isc_string_append have been removed */

+ 		if (strlcpy(target, rdtype_str, size) >= size) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

+ 		if (strlcat(target, LDAP_RDATATYPE_SUFFIX, size) >= size) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

  	}

  

  cleanup:
@@ -463,8 +477,9 @@ 

  	dns_rdata_toregion(rdata, &rdata_reg);

  	REQUIRE(rdata_reg.length <= 65535);

  

- 	result = isc_string_printf(buf, sizeof(buf), "\\# %u", rdata_reg.length);

- 	INSIST(result == ISC_R_SUCCESS);

+ 	/* isc_string_printf has been removed */

+ 	result = snprintf(buf, sizeof(buf), "\\# %u", rdata_reg.length);

+ 	RUNTIME_CHECK(result < sizeof(buf));

  	isc_buffer_putstr(target, buf);

  	if (rdata_reg.length != 0U) {

  		isc_buffer_putstr(target, " ");

file modified
+42 -34
@@ -30,6 +30,7 @@ 

  #include <dns/result.h>

  #include <dns/soa.h>

  #include <dns/types.h>

+ #include <dns/rpz.h>

  

  #include <string.h> /* For memcpy */

  
@@ -118,7 +119,7 @@ 

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

- 	isc_refcount_increment(&ldapdb->refs, NULL);

+ 	isc_refcount_increment(&ldapdb->refs);

  	*targetp = source;

  }

  
@@ -126,6 +127,8 @@ 

  static void ATTR_NONNULLS

  free_ldapdb(ldapdb_t *ldapdb)

  {

+ 	REQUIRE(VALID_LDAPDB(ldapdb));

+ 

  #ifdef RBTDB_DEBUG

  	isc_result_t result;

  	dns_dbversion_t *version = NULL;
@@ -153,8 +156,8 @@ 

  #endif

  	dns_db_detach(&ldapdb->rbtdb);

  	dns_name_free(&ldapdb->common.origin, ldapdb->common.mctx);

- 	RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock)

- 		      == ISC_R_SUCCESS);

+ 	/* isc_mutex_destroy is failing fatal now */

+ 	isc_mutex_destroy(&ldapdb->newversion_lock);

  	isc_mem_putanddetach(&ldapdb->common.mctx, ldapdb, sizeof(*ldapdb));

  }

  
@@ -162,17 +165,14 @@ 

  static void

  detach(dns_db_t **dbp)

  {

+ 	REQUIRE(dbp != NULL && VALID_LDAPDB((ldapdb_t *)(*dbp)));

  	ldapdb_t *ldapdb = (ldapdb_t *)(*dbp);

- 	unsigned int refs;

- 

- 	REQUIRE(VALID_LDAPDB(ldapdb));

  

- 	isc_refcount_decrement(&ldapdb->refs, &refs);

+ 	*dbp = NULL;

  

- 	if (refs == 0)

+ 	if (isc_refcount_decrement(&ldapdb->refs) == 1) {

  		free_ldapdb(ldapdb);

- 

- 	*dbp = NULL;

+ 	}

  }

  

  
@@ -322,7 +322,7 @@ 

  }

  

  static isc_result_t

- findnode(dns_db_t *db, dns_name_t *name, bool create,

+ findnode(dns_db_t *db, const dns_name_t *name, bool create,

  	 dns_dbnode_t **nodep)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -333,7 +333,7 @@ 

  }

  

  static isc_result_t

- find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,

+ find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,

       dns_rdatatype_t type, unsigned int options, isc_stdtime_t now,

       dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset,

       dns_rdataset_t *sigrdataset)
@@ -347,16 +347,17 @@ 

  }

  

  static isc_result_t

- findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,

+ findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options,

  	    isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname,

- 	    dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)

+ 	    dns_name_t *dcname, dns_rdataset_t *rdataset,

+ 	    dns_rdataset_t *sigrdataset)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

  	return dns_db_findzonecut(ldapdb->rbtdb, name, options, now, nodep,

- 				  foundname, rdataset, sigrdataset);

+ 				  foundname, dcname, rdataset, sigrdataset);

  }

  

  static void
@@ -473,9 +474,7 @@ 

  	char buff[DNS_NAME_FORMATSIZE];

  	isc_result_t result;

  

- 	dns_fixedname_init(&fname);

- 

- 	CHECK(ldapdb_name_fromnode(node, dns_fixedname_name(&fname)));

+ 	CHECK(ldapdb_name_fromnode(node, dns_fixedname_initname(&fname)));

  

  	result = dns_db_allrdatasets(db, node, version, now, &rds_iter);

  	if (result == ISC_R_NOTFOUND) {
@@ -683,7 +682,7 @@ 

  }

  

  static isc_result_t

- findnsec3node(dns_db_t *db, dns_name_t *name, bool create,

+ findnsec3node(dns_db_t *db, const dns_name_t *name, bool create,

  	      dns_dbnode_t **nodep)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -745,15 +744,22 @@ 

  }

  

  void

- rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num)

+ rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;

+ 	dns_rpz_zones_t *rpzs = (dns_rpz_zones_t *) void_rpzs;

+ 	isc_result_t result;

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

- 	dns_db_rpz_attach(ldapdb->rbtdb, rpzs, rpz_num);

+ 	rpzs->zones[rpz_num]->db_registered = true;

+ 	result = dns_db_updatenotify_register(ldapdb->rbtdb,

+ 					      dns_rpz_dbupdate_callback,

+ 					      rpzs->zones[rpz_num]);

+ 	REQUIRE(result == ISC_R_SUCCESS);

  }

  

+ /*

  isc_result_t

  rpz_ready(dns_db_t *db)

  {
@@ -763,9 +769,10 @@ 

  

  	return dns_db_rpz_ready(ldapdb->rbtdb);

  }

+ */

  

  static isc_result_t

- findnodeext(dns_db_t *db, dns_name_t *name,

+ findnodeext(dns_db_t *db, const dns_name_t *name,

  		   bool create, dns_clientinfomethods_t *methods,

  		   dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep)

  {
@@ -778,7 +785,7 @@ 

  }

  

  static isc_result_t

- findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,

+ findext(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,

  	       dns_rdatatype_t type, unsigned int options, isc_stdtime_t now,

  	       dns_dbnode_t **nodep, dns_name_t *foundname,

  	       dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo,
@@ -882,7 +889,7 @@ 

  	isdnssec,

  	getrrsetstats,

  	rpz_attach,

- 	rpz_ready,

+ 	NULL, /* rpz_ready */

  	findnodeext,

  	findext,

  	setcachestats,
@@ -893,6 +900,7 @@ 

  	setservestalettl,

  	getservestalettl,

  #endif

+ 	NULL /* setgluecachestats */

  };

  

  isc_result_t ATTR_NONNULLS
@@ -942,7 +950,7 @@ 

   * @param[in] argv [0] is database instance name

   */

  isc_result_t

- ldapdb_associate(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,

+ ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type,

  		 dns_rdataclass_t rdclass, unsigned int argc, char *argv[],

  		 void *driverarg, dns_db_t **dbp) {

  
@@ -982,14 +990,14 @@ 

  	REQUIRE(driverarg != NULL);

  	REQUIRE(dbp != NULL && *dbp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, ldapdb);

+ 	ldapdb = isc_mem_get(mctx, sizeof(*(ldapdb)));

  	ZERO_PTR(ldapdb);

  

  	isc_mem_attach(mctx, &ldapdb->common.mctx);

- 	CHECK(isc_mutex_init(&ldapdb->newversion_lock));

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&ldapdb->newversion_lock);

  	lock_ready = true;

  	dns_name_init(&ldapdb->common.origin, NULL);

- 	isc_ondestroy_init(&ldapdb->common.ondest);

  

  	ldapdb->common.magic = DNS_DB_MAGIC;

  	ldapdb->common.impmagic = LDAPDB_MAGIC;
@@ -1000,7 +1008,7 @@ 

  

  	CHECK(dns_name_dupwithoffsets(name, mctx, &ldapdb->common.origin));

  

- 	CHECK(isc_refcount_init(&ldapdb->refs, 1));

+ 	isc_refcount_init(&ldapdb->refs, 1);

  	ldapdb->ldap_inst = driverarg;

  

  	CHECK(dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
@@ -1012,9 +1020,10 @@ 

  

  cleanup:

  	if (ldapdb != NULL) {

- 		if (lock_ready == true)

- 			RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock)

- 				      == ISC_R_SUCCESS);

+ 		if (lock_ready == true) {

+ 			/* isc_mutex_destroy errors are now fatal */

+ 			isc_mutex_destroy(&ldapdb->newversion_lock);

+ 		}

  		if (dns_name_dynamic(&ldapdb->common.origin))

  			dns_name_free(&ldapdb->common.origin, mctx);

  
@@ -1088,11 +1097,10 @@ 

  		isc_lib_register();

  		isc_log_setcontext(dctx->lctx);

  		dns_log_setcontext(dctx->lctx);

+ 		isc_hash_set_initializer(dctx->hashinit);

  		log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9);

  	}

  

- 	isc_hash_set_initializer(dctx->hashinit);

- 

  	log_debug(2, "registering dynamic ldap driver for %s.", name);

  

  	/* Finally, create the instance. */

file modified
+1 -1
@@ -23,7 +23,7 @@ 

  	      ATTR_NONNULL(1,2,5,6);

  

  isc_result_t

- ldapdb_associate(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,

+ ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type,

  		 dns_rdataclass_t rdclass, unsigned int argc, char *argv[],

  		 void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,7,8);

  dns_db_t *

file modified
+4 -11
@@ -68,7 +68,6 @@ 

  ldap_attr_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry,

  		 ldap_attribute_t *attr)

  {

- 	isc_result_t result;

  	char **values;

  	ldap_value_t *val;

  
@@ -84,7 +83,7 @@ 

  	attr->ldap_values = values;

  

  	for (unsigned int i = 0; values[i] != NULL; i++) {

- 		CHECKED_MEM_GET_PTR(mctx, val);

+ 		val = isc_mem_get(mctx, sizeof(*(val)));

  		val->value = values[i];

  		INIT_LINK(val, link);

  
@@ -92,12 +91,6 @@ 

  	}

  

  	return ISC_R_SUCCESS;

- 

- cleanup:

- 	ldap_valuelist_destroy(mctx, &attr->values);

- 	ldap_value_free(values);

- 

- 	return result;

  }

  

  /**
@@ -112,7 +105,7 @@ 

  	REQUIRE(entryp != NULL);

  	REQUIRE(*entryp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, entry);

+ 	entry = isc_mem_get(mctx, sizeof(*(entry)));

  	ZERO_PTR(entry);

  	isc_mem_attach(mctx, &entry->mctx);

  	INIT_LIST(entry->attrs);
@@ -120,7 +113,7 @@ 

  	INIT_BUFFERED_NAME(entry->fqdn);

  	INIT_BUFFERED_NAME(entry->zone_name);

  

- 	CHECKED_MEM_GET(mctx, entry->rdata_target_mem, DNS_RDATA_MAXLENGTH);

+ 	entry->rdata_target_mem = isc_mem_get(mctx, DNS_RDATA_MAXLENGTH);

  	CHECK(isc_lex_create(mctx, TOKENSIZ, &entry->lex));

  

  	*entryp = entry;
@@ -203,7 +196,7 @@ 

  	for (attribute = ldap_first_attribute(ld, ldap_entry, &ber);

  	     attribute != NULL;

  	     attribute = ldap_next_attribute(ld, ldap_entry, ber)) {

- 		CHECKED_MEM_GET_PTR(mctx, attr);

+ 		attr = isc_mem_get(mctx, sizeof(*(attr)));

  		ZERO_PTR(attr);

  

  		attr->name = attribute;

file modified
+136 -107
@@ -3,6 +3,8 @@ 

   */

  

  #include "config.h"

+ #define HAVE_TLS 1

+ #define HAVE_THREAD_LOCAL 1

  

  #include <dns/dyndb.h>

  #include <dns/diff.h>
@@ -390,6 +392,7 @@ 

  	char print_buff[PRINT_BUFF_SIZE];

  	const char *auth_method_str = NULL;

  	ldap_auth_t auth_method_enum = AUTH_INVALID;

+ 	int s_len;

  

  	if (strlen(inst->db_name) <= 0) {

  		log_error("LDAP instance name cannot be empty");
@@ -445,7 +448,12 @@ 

  			  auth_method_str);

  		CLEANUP_WITH(ISC_R_FAILURE);

  	}

- 	CHECK(isc_string_printf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum));

+ 	/* isc_string_printf has been removed */

+ 	s_len = snprintf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum);

+ 	if (s_len < 0 || s_len >= PRINT_BUFF_SIZE) {

+ 		CLEANUP_WITH(ISC_R_NOSPACE);

+ 	}

+ 

  	CHECK(setting_set("auth_method_enum", inst->local_settings, print_buff));

  

  	/* check we have the right data when SASL/GSSAPI is selected */
@@ -543,11 +551,11 @@ 

  

  	REQUIRE(ldap_instp != NULL && *ldap_instp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, ldap_inst);

+ 	ldap_inst = isc_mem_get(mctx, sizeof(*(ldap_inst)));

  	ZERO_PTR(ldap_inst);

- 	CHECK(isc_refcount_init(&ldap_inst->errors, 0));

+ 	isc_refcount_init(&ldap_inst->errors, 0);

  	isc_mem_attach(mctx, &ldap_inst->mctx);

- 	CHECKED_MEM_STRDUP(mctx, db_name, ldap_inst->db_name);

+ 	ldap_inst->db_name = isc_mem_strdup(mctx, db_name);

  	dns_view_attach(dctx->view, &ldap_inst->view);

  	dns_zonemgr_attach(dctx->zmgr, &ldap_inst->zmgr);

  	isc_task_attach(dctx->task, &ldap_inst->task);
@@ -555,16 +563,18 @@ 

  	ldap_inst->watcher = 0;

  	CHECK(sync_ctx_init(ldap_inst->mctx, ldap_inst, &ldap_inst->sctx));

  

- 	isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 				   SETTING_SET_NAME_LOCAL " for database %s",

- 				   ldap_inst->db_name);

+ 	/* truncation is allowed */

+ 	snprintf(settings_name, PRINT_BUFF_SIZE,

+ 		 SETTING_SET_NAME_LOCAL " for database %s",

+ 		 ldap_inst->db_name);

  	CHECK(settings_set_create(mctx, settings_local_default,

  	      sizeof(settings_local_default), settings_name,

  	      &settings_default_set, &ldap_inst->local_settings));

  

- 	isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 				   SETTING_SET_NAME_GLOBAL " for database %s",

- 				   ldap_inst->db_name);

+ 	/* truncation is allowed */

+ 	snprintf(settings_name, PRINT_BUFF_SIZE,

+ 		 SETTING_SET_NAME_GLOBAL " for database %s",

+ 		 ldap_inst->db_name);

  	CHECK(settings_set_create(mctx, settings_global_default,

  	      sizeof(settings_global_default), settings_name,

  	      ldap_inst->local_settings, &ldap_inst->global_settings));
@@ -576,7 +586,7 @@ 

  	/* copy global forwarders setting for configuration roll back in

  	 * configure_zone_forwarders() */

  	result = dns_fwdtable_find(ldap_inst->view->fwdtable, dns_rootname,

- 				   &named_conf_forwarders);

+ 				   NULL, &named_conf_forwarders);

  	if (result == ISC_R_SUCCESS) {

  		/* Copy forwarding config from named.conf into local_settings */

  		CHECK(fwd_print_list_buff(mctx, named_conf_forwarders,
@@ -602,8 +612,6 @@ 

  					empty_zone_handle_globalfwd_ev,

  					ldap_inst->view->zonetable,

  					sizeof(ldap_globalfwd_handleez_t));

- 		if (gfwdevent == NULL)

- 			CLEANUP_WITH(ISC_R_NOMEMORY);

  		/* policy == first does not override automatic empty zones */

  		gfwdevent->warn_only = (named_conf_forwarders->fwdpolicy

  					== dns_fwdpolicy_first);
@@ -628,14 +636,16 @@ 

  	/* zero-length server_id means undefined value */

  	CHECK(setting_get_str("server_id", ldap_inst->local_settings,

  			      &server_id));

- 	if (strlen(server_id) == 0)

- 		isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 					   SETTING_SET_NAME_SERVER

- 					   " for undefined server_id");

- 	else

- 		isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 					   SETTING_SET_NAME_SERVER

- 					   " for server id %s", server_id);

+ 	if (strlen(server_id) == 0) {

+ 		/* truncation is allowed */

+ 		snprintf(settings_name, PRINT_BUFF_SIZE,

+ 			 SETTING_SET_NAME_SERVER " for undefined server_id");

+ 	} else {

+ 		/* truncation is allowed */

+ 		snprintf(settings_name, PRINT_BUFF_SIZE,

+ 			 SETTING_SET_NAME_SERVER

+ 			 " for server id %s", server_id);

+ 	}

  

  	CHECK(settings_set_create(mctx, settings_server_ldap_default,

  	      sizeof(settings_server_ldap_default), settings_name,
@@ -656,7 +666,8 @@ 

  	CHECK(fwdr_create(ldap_inst->mctx, &ldap_inst->fwd_register));

  	CHECK(mldap_new(mctx, &ldap_inst->mldapdb));

  

- 	CHECK(isc_mutex_init(&ldap_inst->kinit_lock));

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&ldap_inst->kinit_lock);

  

  	CHECK(ldap_pool_create(mctx, connections, &ldap_inst->pool));

  	CHECK(ldap_pool_connect(ldap_inst->pool, ldap_inst));
@@ -666,13 +677,16 @@ 

  			      mctx, &ldap_inst->db_imp));

  

  	/* Start the watcher thread */

- 	result = isc_thread_create(ldap_syncrepl_watcher, ldap_inst,

- 				   &ldap_inst->watcher);

- 	if (result != ISC_R_SUCCESS) {

- 		ldap_inst->watcher = 0;

- 		log_error("Failed to create syncrepl watcher thread");

- 		goto cleanup;

- 	}

+ 	/* isc_thread_create assert internally on failure */

+ 	isc_thread_create(ldap_syncrepl_watcher, ldap_inst,

+ 			  &ldap_inst->watcher);

+ 	/*

+ 	 * if (result != ISC_R_SUCCESS) {

+ 	 *	ldap_inst->watcher = 0;

+ 	 *	log_error("Failed to create syncrepl watcher thread");

+ 	 *	goto cleanup;

+ 	 * }

+ 	 */

  

  cleanup:

  	if (forwarders_list != NULL)
@@ -714,8 +728,8 @@ 

  				  "(already terminated?)");

  	}

  

- 	RUNTIME_CHECK(isc_thread_join(ldap_inst->watcher, NULL)

- 		      == ISC_R_SUCCESS);

+ 	/* isc_thread_join assert internally on failure */

+ 	isc_thread_join(ldap_inst->watcher, NULL);

  }

  

  void
@@ -749,7 +763,8 @@ 

  	if (ldap_inst->task != NULL)

  		isc_task_detach(&ldap_inst->task);

  

- 	DESTROYLOCK(&ldap_inst->kinit_lock);

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_destroy(&ldap_inst->kinit_lock);

  

  	settings_set_free(&ldap_inst->global_settings);

  	settings_set_free(&ldap_inst->local_settings);
@@ -773,31 +788,28 @@ 

  static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT

  new_ldap_connection(ldap_pool_t *pool, ldap_connection_t **ldap_connp)

  {

- 	isc_result_t result;

  	ldap_connection_t *ldap_conn;

  

  	REQUIRE(pool != NULL);

  	REQUIRE(ldap_connp != NULL && *ldap_connp == NULL);

  

- 	CHECKED_MEM_GET_PTR(pool->mctx, ldap_conn);

+ 	ldap_conn = isc_mem_get(pool->mctx, sizeof(*(ldap_conn)));

  	ZERO_PTR(ldap_conn);

  

- 	result = isc_mutex_init(&ldap_conn->lock);

- 	if (result != ISC_R_SUCCESS) {

- 		SAFE_MEM_PUT_PTR(pool->mctx, ldap_conn);

- 		return result;

- 	}

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&ldap_conn->lock);

+ 	/*

+ 	 * if (result != ISC_R_SUCCESS) {

+ 	 *	SAFE_MEM_PUT_PTR(pool->mctx, ldap_conn);

+ 	 *	return result;

+ 	 * }

+ 	 */

  

  	isc_mem_attach(pool->mctx, &ldap_conn->mctx);

  

  	*ldap_connp = ldap_conn;

  

  	return ISC_R_SUCCESS;

- 

- cleanup:

- 	destroy_ldap_connection(&ldap_conn);

- 

- 	return result;

  }

  

  static void
@@ -811,7 +823,8 @@ 

  	if (ldap_conn == NULL)

  		return;

  

- 	DESTROYLOCK(&ldap_conn->lock);

+ 	 /* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_destroy(&ldap_conn->lock);

  	if (ldap_conn->handle != NULL)

  		ldap_unbind_ext_s(ldap_conn->handle, NULL, NULL);

  
@@ -825,6 +838,7 @@ 

  	const char *filename = NULL;

  	dns_zone_t *raw = NULL;

  	int namelen;

+ 	int s_len;

  	char bck_filename[PATH_MAX];

  

  	dns_zone_getraw(zone, &raw);
@@ -847,8 +861,11 @@ 

  	namelen = strlen(filename);

  	if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0)

  		namelen -= 4;

- 	CHECK(isc_string_printf(bck_filename, sizeof(bck_filename),

- 				"%.*s.jbk", namelen, filename));

+ 	s_len = snprintf(bck_filename, sizeof(bck_filename),

+ 			 "%.*s.jbk", namelen, filename);

+ 	if (s_len < 0 || (unsigned)s_len >= sizeof(bck_filename)) {

+ 		CLEANUP_WITH(ISC_R_NOSPACE);

+ 	}

  	CHECK(fs_file_remove(bck_filename));

  

  cleanup:
@@ -941,7 +958,8 @@ 

  	CHECK(zr_get_zone_path(mctx, ldap_instance_getsettings_local(inst),

  			       dns_zone_getorigin(zone),

  			       (issecure ? "signed" : "raw"), &file_name));

- 	CHECK(dns_zone_setfile(zone, str_buf(file_name)));

+ 	CHECK(dns_zone_setfile(zone, str_buf(file_name), dns_masterformat_text,

+ 			       &dns_master_style_default));

  	if (issecure == true) {

  		CHECK(zr_get_zone_path(mctx,

  				       ldap_instance_getsettings_local(inst),
@@ -990,8 +1008,9 @@ 

  	dns_zone_setclass(raw, dns_rdataclass_in);

  	dns_zone_settype(raw, dns_zone_master);

  	/* dns_zone_setview(raw, view); */

- 	CHECK(dns_zone_setdbtype(raw, sizeof(ldap_argv)/sizeof(ldap_argv[0]),

- 				 ldap_argv));

+ 	/* dns_zone_setdbtype is now void as it could no longer return */

+ 	dns_zone_setdbtype(raw, sizeof(ldap_argv)/sizeof(ldap_argv[0]),

+ 			   ldap_argv);

  	CHECK(configure_paths(inst->mctx, inst, raw, false));

  

  	if (want_secure == false) {
@@ -1003,7 +1022,9 @@ 

  		dns_zone_setclass(secure, dns_rdataclass_in);

  		dns_zone_settype(secure, dns_zone_master);

  		/* dns_zone_setview(secure, view); */

- 		CHECK(dns_zone_setdbtype(secure, 1, rbt_argv));

+ 		/* dns_zone_setdbtype is now void as it could no longer

+ 		 * return */

+ 		dns_zone_setdbtype(secure, 1, rbt_argv);

  		CHECK(dns_zonemgr_managezone(inst->zmgr, secure));

  		CHECK(dns_zone_link(secure, raw));

  		dns_zone_rekey(secure, true);
@@ -1055,7 +1076,7 @@ 

  	uint32_t serial;

  	dns_zone_t *raw = NULL;

  

- 	result = dns_zone_load(zone);

+ 	result = dns_zone_load(zone, false);

  	if (result != ISC_R_SUCCESS && result != DNS_R_UPTODATE

  	    && result != DNS_R_DYNAMIC && result != DNS_R_CONTINUE)

  		goto cleanup;
@@ -1067,11 +1088,11 @@ 

  		zone = NULL;

  	}

  

- 	CHECK(dns_zone_getserial2(raw, &serial));

+ 	CHECK(dns_zone_getserial(raw, &serial));

  	if (log == true)

  		dns_zone_log(raw, ISC_LOG_INFO, "loaded serial %u", serial);

  	if (zone != NULL) {

- 		result = dns_zone_getserial2(zone, &serial);

+ 		result = dns_zone_getserial(zone, &serial);

  		if (result == ISC_R_SUCCESS && log == true)

  			dns_zone_log(zone, ISC_LOG_INFO, "loaded serial %u",

  				     serial);
@@ -1708,6 +1729,7 @@ 

  	LDAPMod change;

  	LDAPMod *changep[2] = { &change, NULL };

  	ld_string_t *dn = NULL;

+ 	int s_len;

  

  	REQUIRE(inst != NULL);

  
@@ -1717,7 +1739,10 @@ 

  	change.mod_op = LDAP_MOD_REPLACE;

  	change.mod_type = "idnsSOAserial";

  	change.mod_values = values;

- 	CHECK(isc_string_printf(serial_char, MAX_SERIAL_LENGTH, "%u", serial));

+ 	s_len = snprintf(serial_char, MAX_SERIAL_LENGTH, "%u", serial);

+ 	if (s_len < 0 || (unsigned)s_len >= MAX_SERIAL_LENGTH) {

+ 		CLEANUP_WITH(ISC_R_NOSPACE);

+ 	}

  

  	CHECK(ldap_modify_do(inst, str_buf(dn), changep, false));

  
@@ -2250,7 +2275,7 @@ 

  

  	result = ldapdb_rdatalist_findrdatatype(rdatalist, rdtype, &rdlist);

  	if (result != ISC_R_SUCCESS) {

- 		CHECKED_MEM_GET_PTR(mctx, rdlist);

+ 		rdlist = isc_mem_get(mctx, sizeof(*(rdlist)));

  

  		dns_rdatalist_init(rdlist);

  		rdlist->rdclass = rdclass;
@@ -2371,7 +2396,7 @@ 

  		CLEANUP_WITH(ISC_R_UNEXPECTED);

  

  	CHECK(str_new(mctx, &replaced));

- 	CHECKED_MEM_STRDUP(mctx, str_buf(orig_val), tmp);

+ 	tmp = isc_mem_strdup(mctx, str_buf(orig_val));

  

  	while (regexec(&regex, tmp + processed,

  		       sizeof(matches)/sizeof(regmatch_t),
@@ -2419,9 +2444,7 @@ 

  	result = ISC_R_SUCCESS;

  

  cleanup:

- 	if (tmp != NULL)

- 		isc_mem_free(mctx, tmp);

- 

+ 	isc_mem_free(mctx, tmp);

  	str_destroy(&replaced);

  	return result;

  }
@@ -2659,11 +2682,11 @@ 

  	CHECK(dns_rdata_fromtext(NULL, rdclass, rdtype, entry->lex, origin,

  				 0, mctx, &entry->rdata_target, NULL));

  

- 	CHECKED_MEM_GET_PTR(mctx, rdata);

+ 	rdata = isc_mem_get(mctx, sizeof(*(rdata)));

  	dns_rdata_init(rdata);

  

  	rdatamem.length = isc_buffer_usedlength(&entry->rdata_target);

- 	CHECKED_MEM_GET(mctx, rdatamem.base, rdatamem.length);

+ 	rdatamem.base = isc_mem_get(mctx, rdatamem.length);

  

  	memcpy(rdatamem.base, isc_buffer_base(&entry->rdata_target),

  	       rdatamem.length);
@@ -3144,22 +3167,15 @@ 

  ldap_mod_create(isc_mem_t *mctx, LDAPMod **changep)

  {

  	LDAPMod *change = NULL;

- 	isc_result_t result;

  

  	REQUIRE(changep != NULL && *changep == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, change);

+ 	change = isc_mem_get(mctx, sizeof(*(change)));

  	ZERO_PTR(change);

- 	CHECKED_MEM_GET(mctx, change->mod_type, LDAP_ATTR_FORMATSIZE);

+ 	change->mod_type = isc_mem_get(mctx, LDAP_ATTR_FORMATSIZE);

  

  	*changep = change;

  	return ISC_R_SUCCESS;

- 

- cleanup:

- 	if (change != NULL)

- 		SAFE_MEM_PUT_PTR(mctx, change);

- 

- 	return result;

  }

  

  /**
@@ -3204,7 +3220,7 @@ 

  ldap_rdata_to_char_array(isc_mem_t *mctx, dns_rdata_t *rdata_head,

  			 bool unknown, char ***valsp)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_FAILURE;

  	char **vals;

  	unsigned int i;

  	unsigned int rdata_count = 0;
@@ -3219,7 +3235,7 @@ 

  

  	vals_size = (rdata_count + 1) * sizeof(char *);

  

- 	CHECKED_MEM_ALLOCATE(mctx, vals, vals_size);

+ 	vals = isc_mem_allocate(mctx, vals_size);

  	memset(vals, 0, vals_size);

  

  	rdata = rdata_head;
@@ -3237,7 +3253,7 @@ 

  		isc_buffer_usedregion(&buffer, &region);

  

  		/* Now allocate the string with the right size. */

- 		CHECKED_MEM_ALLOCATE(mctx, vals[i], region.length + 1);

+ 		vals[i] = isc_mem_allocate(mctx, region.length + 1);

  		memcpy(vals[i], region.base, region.length);

  		vals[i][region.length] = '\0';

  		
@@ -3287,13 +3303,17 @@ 

  

  	CHECK(ldap_mod_create(mctx, &change));

  	change->mod_op = LDAP_MOD_REPLACE;

- 	CHECK(isc_string_copy(change->mod_type, LDAP_ATTR_FORMATSIZE, "dnsTTL"));

+ 	/* isc_string_copy has been removed */

+ 	if (strlcpy(change->mod_type, "dnsTTL", LDAP_ATTR_FORMATSIZE)

+ 	   >= LDAP_ATTR_FORMATSIZE) {

+ 		CLEANUP_WITH(ISC_R_NOSPACE);

+ 	}

  

- 	CHECKED_MEM_ALLOCATE(mctx, vals, 2 * sizeof(char *));

+ 	vals = isc_mem_allocate(mctx, 2 * sizeof(char *));

  	memset(vals, 0, 2 * sizeof(char *));

  	change->mod_values = vals;

  

- 	CHECKED_MEM_ALLOCATE(mctx, vals[0], str_len(ttlval) + 1);

+ 	vals[0] = isc_mem_allocate(mctx, str_len(ttlval) + 1);

  	memcpy(vals[0], str_buf(ttlval), str_len(ttlval) + 1);

  

  	*changep = change;
@@ -3314,8 +3334,9 @@ 

  modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn,

  		  dns_rdata_t *rdata)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_SUCCESS;

  	dns_rdata_soa_t soa;

+ 	int s_len;

  	LDAPMod change[5];

  	LDAPMod *changep[6] = {

  		&change[0], &change[1], &change[2], &change[3], &change[4],
@@ -3332,8 +3353,11 @@ 

  	change[index].mod_values = alloca(2 * sizeof(char *)); \

  	change[index].mod_values[0] = alloca(MAX_SOANUM_LENGTH); \

  	change[index].mod_values[1] = NULL; \

- 	CHECK(isc_string_printf(change[index].mod_values[0], \

- 		MAX_SOANUM_LENGTH, "%u", soa.name));

+ 	s_len = snprintf(change[index].mod_values[0], MAX_SOANUM_LENGTH, \

+ 			 "%u", soa.name); \

+ 	if (s_len < 0 || s_len >= MAX_SOANUM_LENGTH) { \

+ 		CLEANUP_WITH(ISC_R_NOSPACE); \

+ 	}

  

  	dns_rdata_tostruct(rdata, (void *)&soa, ldap_inst->mctx);

  
@@ -3500,8 +3524,10 @@ 

  		change[0]->mod_vals.modv_strvals = NULL;

  		CHECK(rdatatype_to_ldap_attribute(type, attr, sizeof(attr),

  						  unknown_type));

- 		CHECK(isc_string_copy(change[0]->mod_type, LDAP_ATTR_FORMATSIZE,

- 				      attr));

+ 		if (strlcpy(change[0]->mod_type, attr, LDAP_ATTR_FORMATSIZE)

+ 		    >= LDAP_ATTR_FORMATSIZE) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

  		CHECK(ldap_modify_do(ldap_inst, str_buf(dn), change, false));

  		ldap_mod_free(ldap_inst->mctx, &change[0]);

  		unknown_type = !unknown_type;
@@ -3561,13 +3587,13 @@ 

  

  	REQUIRE(poolp != NULL && *poolp == NULL);

  

- 	CHECKED_MEM_GET(mctx, pool, sizeof(*pool));

+ 	pool = isc_mem_get(mctx, sizeof(*pool));

  	ZERO_PTR(pool);

  	isc_mem_attach(mctx, &pool->mctx);

  	

  	CHECK(semaphore_init(&pool->conn_semaphore, connections));

- 	CHECKED_MEM_GET(mctx, pool->conns,

- 			connections * sizeof(ldap_connection_t *));

+ 	pool->conns = isc_mem_get(mctx,

+ 				  connections * sizeof(ldap_connection_t *));

  	memset(pool->conns, 0, connections * sizeof(ldap_connection_t *));

  	pool->connections = connections;

  
@@ -3973,7 +3999,7 @@ 

  	/* Check if the zone is loaded or not.

  	 * No other function above returns DNS_R_NOTLOADED. */

  	if (sync_state == sync_finished)

- 		result = dns_zone_getserial2(raw, &serial);

+ 		result = dns_zone_getserial(raw, &serial);

  

  cleanup:

  #ifdef RBTDB_DEBUG
@@ -4010,7 +4036,7 @@ 

  				     "caused by change in %s",

  				     ldap_entry_logname(entry));

  			zone_reloaded = true;

- 			result = dns_zone_getserial2(raw, &serial);

+ 			result = dns_zone_getserial(raw, &serial);

  			if (result == ISC_R_SUCCESS)

  				goto update_restart;

  		} else {
@@ -4146,7 +4172,7 @@ 

  

  	/* This code is disabled because we don't have UUID->DN database yet.

  	if (SYNCREPL_MODDN(chgtype)) {

- 		CHECKED_MEM_STRDUP(mctx, prevdn_ldap, prevdn);

+ 		prevdn = isc_mem_strdup(mctx, prevdn_ldap);

  	}

  	*/

  
@@ -4171,11 +4197,6 @@ 

  				action, NULL,

  				sizeof(ldap_syncreplevent_t));

  

- 	if (pevent == NULL) {

- 		result = ISC_R_NOMEMORY;

- 		goto cleanup;

- 	}

- 

  	pevent->mctx = NULL;

  	isc_mem_attach(inst->mctx, &pevent->mctx);

  	pevent->inst = inst;
@@ -4607,6 +4628,7 @@ 

  	       const char * const filter_objcs, int mode) {

  	isc_result_t result;

  	int ret;

+ 	int s_len;

  	ldap_sync_t *ldap_sync = NULL;

  	const char *err_hint = "";

  	char filter[1024];
@@ -4620,14 +4642,22 @@ 

  

  	/* request idnsServerConfig object only if server_id is specified */

  	CHECK(setting_get_str("server_id", inst->server_ldap_settings, &server_id));

- 	if (strlen(server_id) == 0)

- 		CHECK(isc_string_printf(filter, sizeof(filter), config_template,

- 				        "", "", "", filter_objcs));

- 	else

- 		CHECK(isc_string_printf(filter, sizeof(filter), config_template,

- 					"  (&(objectClass=idnsServerConfigObject)"

- 				        "    (idnsServerId=", server_id, "))",

- 					filter_objcs));

+ 	if (strlen(server_id) == 0) {

+ 		s_len = snprintf(filter, sizeof(filter),

+ 				 config_template, "", "", "", filter_objcs);

+ 		if (s_len < 0 || (unsigned)s_len >= sizeof(filter)) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

+ 	} else {

+ 		s_len = snprintf(filter, sizeof(filter),

+ 				 config_template,

+ 				 "  (&(objectClass=idnsServerConfigObject)"

+ 				 "    (idnsServerId=", server_id, "))",

+ 				 filter_objcs);

+ 		if (s_len < 0 || (unsigned)s_len >= sizeof(filter)) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

+ 	}

  

  	result = ldap_sync_prepare(inst, inst->server_ldap_settings,

  				   filter, conn, &ldap_sync);
@@ -4821,7 +4851,7 @@ 

   * (if it is even possible). */

  void

  ldap_instance_taint(ldap_instance_t *ldap_inst) {

- 	isc_refcount_increment0(&ldap_inst->errors, NULL);

+ 	isc_refcount_increment0(&ldap_inst->errors);

  }

  

  bool
@@ -4850,13 +4880,12 @@ 

   */

  isc_result_t

  ldap_instance_untaint_finish(ldap_instance_t *ldap_inst, unsigned int count) {

- 	unsigned int remaining = 0;

  	while (count > 0) {

- 		isc_refcount_decrement(&ldap_inst->errors, &remaining);

+ 		isc_refcount_decrement(&ldap_inst->errors);

  		count--;

  	}

- 	if (remaining != 0)

- 		return DNS_R_CONTINUE;

- 	else

+ 	if (isc_refcount_current(&ldap_inst->errors) == 0) {

  		return ISC_R_SUCCESS;

+ 	}

+ 	return DNS_R_CONTINUE;

  }

file modified
+11 -10
@@ -40,12 +40,13 @@ 

  

  	REQUIRE(mdbp != NULL && *mdbp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, mdb);

+ 	mdb = isc_mem_get(mctx, sizeof(*(mdb)));

  	ZERO_PTR(mdb);

  

  	isc_mem_attach(mctx, &mdb->mctx);

  

- 	CHECK(isc_mutex_init(&mdb->newversion_lock));

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&mdb->newversion_lock);

  	lock_ready = true;

  	CHECK(dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,

  			    dns_rdataclass_in, 0, NULL, &mdb->rbtdb));
@@ -54,12 +55,11 @@ 

  	return result;

  

  cleanup:

- 	if (mdb != NULL) {

- 		if (lock_ready == true)

- 			RUNTIME_CHECK(isc_mutex_destroy(&mdb->newversion_lock)

- 				      == ISC_R_SUCCESS);

- 		MEM_PUT_AND_DETACH(mdb);

+ 	if (lock_ready == true) {

+ 	/* isc_mutex_destroy errors are now fatal */

+ 		isc_mutex_destroy(&mdb->newversion_lock);

  	}

+ 	MEM_PUT_AND_DETACH(mdb);

  	return result;

  }

  
@@ -79,7 +79,8 @@ 

  	dns_db_dump(mdb->rbtdb, NULL, "/tmp/mdb.db");

  #endif

  	dns_db_detach(&mdb->rbtdb);

- 	RUNTIME_CHECK(isc_mutex_destroy(&mdb->newversion_lock) == ISC_R_SUCCESS);

+ 	/* isc_mutex_destroy errors are now fatal */

+ 	isc_mutex_destroy(&mdb->newversion_lock);

  	MEM_PUT_AND_DETACH(mdb);

  

  	*mdbp = NULL;
@@ -160,7 +161,7 @@ 

  	REQUIRE(mdb != NULL);

  	REQUIRE(miterp != NULL && *miterp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mdb->mctx, miter);

+ 	miter = isc_mem_get(mdb->mctx, sizeof(*(miter)));

  	ZERO_PTR(miter);

  

  	isc_mem_attach(mdb->mctx, &miter->mctx);
@@ -258,7 +259,7 @@ 

  

  	REQUIRE(nodep != NULL && *nodep == NULL);

  

- 	CHECKED_MEM_GET_PTR(mdb->mctx, node);

+ 	node = isc_mem_get(mdb->mctx, sizeof(*(node)));

  	ZERO_PTR(node);

  

  	isc_mem_attach(mdb->mctx, &node->mctx);

file modified
+11 -16
@@ -59,11 +59,11 @@ 

  

  	REQUIRE(mldapp != NULL && *mldapp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, mldap);

+ 	mldap = isc_mem_get(mctx, sizeof(*(mldap)));

  	ZERO_PTR(mldap);

  	isc_mem_attach(mctx, &mldap->mctx);

  

- 	CHECK(isc_refcount_init(&mldap->generation, 0));

+ 	isc_refcount_init(&mldap->generation, 0);

  	CHECK(metadb_new(mctx, &mldap->mdb));

  

  	*mldapp = mldap;
@@ -107,7 +107,7 @@ 

  void mldap_cur_generation_bump(mldapdb_t *mldap) {

  	REQUIRE(mldap != NULL);

  

- 	isc_refcount_increment0(&mldap->generation, NULL);

+ 	isc_refcount_increment0(&mldap->generation);

  }

  

  /*
@@ -118,17 +118,12 @@ 

   * isc_refcount_t abstractions and returns underlying type used for storing the

   * reference counter value.

   */

- STATIC_ASSERT((uint32_t)

- 		(typeof(((isc_refcount_t *)0)->refs))

- 		-1

- 	      == 0xFFFFFFFF, \

- 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");

  

- STATIC_ASSERT((uint32_t)

- 		(typeof(((isc_refcount_t *)0)->refs))

- 		0x90ABCDEF12345678

- 	      == 0x12345678, \

- 	      "positive isc_refcount_t cannot be properly shortened to 32 bits");

+ /* isc_refcount_t is simply atomic_uint_fast32_t now */

+ STATIC_ASSERT((uint32_t)((isc_refcount_t) -1) == 0xFFFFFFFF, \

+ 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");

+ STATIC_ASSERT((uint32_t)((isc_refcount_t) 0x90ABCDEF12345678) == 0x12345678, \

+ 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");

  

  /**

   * Get current MetaLDAP generation number.
@@ -327,8 +322,8 @@ 

  	CHECK(metadb_rdataset_get(node, dns_rdatatype_rp, &rdataset));

  	dns_rdataset_current(&rdataset, &rdata);

  	CHECK(dns_rdata_tostruct(&rdata, &rp, NULL));

- 	CHECK(dns_name_copy(&rp.mail, fqdn, NULL));

- 	CHECK(dns_name_copy(&rp.text, zone, NULL));

+ 	dns_name_copynf(&rp.mail, fqdn);

+ 	dns_name_copynf(&rp.text, zone);

  

  cleanup:

  	if (dns_rdataset_isassociated(&rdataset))
@@ -430,7 +425,7 @@ 

  	REQUIRE(iterp != NULL && *iterp == NULL);

  

  	CHECK(metadb_iterator_create(mldap->mdb, &iter));

- 	CHECKED_MEM_GET(mldap->mctx, iter->state, sizeof(uint32_t));

+ 	iter->state = isc_mem_get(mldap->mctx, sizeof(uint32_t));

  	result = dns_dbiterator_seek(iter->iter, &uuid_rootname);

  	if (result == ISC_R_NOTFOUND) /* metaLDAP is empty */

  		CLEANUP_WITH(ISC_R_NOMORE);

file modified
+2 -2
@@ -87,11 +87,11 @@ 

  	REQUIRE(rwlock != NULL);

  	REQUIRE(iterp != NULL && *iterp == NULL);

  

- 	CHECKED_MEM_GET_PTR(mctx, iter);

+ 	iter = isc_mem_get(mctx, sizeof(*(iter)));

  	ZERO_PTR(iter);

  

  	isc_mem_attach(mctx, &iter->mctx);

- 	dns_rbtnodechain_init(&iter->chain, mctx);

+ 	dns_rbtnodechain_init(&iter->chain);

  	iter->rbt = rbt;

  	iter->rwlock = rwlock;

  	iter->locktype = isc_rwlocktype_read;

file modified
+12 -9
@@ -34,19 +34,21 @@ 

  isc_result_t

  semaphore_init(semaphore_t *sem, int value)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_SUCCESS;

  

  	REQUIRE(sem != NULL);

  	REQUIRE(value > 0);

  

  	sem->value = value;

- 	result = isc_mutex_init(&sem->mutex);

- 	if (result != ISC_R_SUCCESS)

- 		return result;

- 

- 	result = isc_condition_init(&sem->cond);

- 	if (result != ISC_R_SUCCESS)

- 		DESTROYLOCK(&sem->mutex);

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&sem->mutex);

+ 	isc_condition_init(&sem->cond);

+ 	/*

+ 	 * if (result != ISC_R_SUCCESS) {

+ 	 *	// isc_mutex_destroy failures are now fatal

+ 	 *	isc_mutex_destroy(&sem->mutex);

+ 	 * }

+ 	 */

  

  	return result;

  }
@@ -62,7 +64,8 @@ 

  	if (sem == NULL)

  		return;

  

- 	RUNTIME_CHECK(isc_mutex_destroy(&sem->mutex) == ISC_R_SUCCESS);

+ 	/* isc_mutex_destroy is now fatal */

+ 	isc_mutex_destroy(&sem->mutex);

  	RUNTIME_CHECK(isc_condition_destroy(&sem->cond) == ISC_R_SUCCESS);

  }

  

file modified
+22 -23
@@ -279,9 +279,12 @@ 

  		len = strlen(value) + 1;

  		if (setting->is_dynamic)

  			isc_mem_free(mctx, setting->value.value_char);

- 		CHECKED_MEM_ALLOCATE(mctx, setting->value.value_char, len);

+ 		setting->value.value_char = isc_mem_allocate(mctx, len);

  		setting->is_dynamic = true;

- 		CHECK(isc_string_copy(setting->value.value_char, len, value));

+ 		/* isc_string_copy has been removed */

+ 		if (strlcpy(setting->value.value_char, value, len) >= len) {

+ 			CLEANUP_WITH(ISC_R_NOSPACE);

+ 		}

  		break;

  

  	case ST_UNSIGNED_INTEGER:
@@ -481,37 +484,30 @@ 

  		    const unsigned int default_set_length, const char *set_name,

  		    const settings_set_t *const parent_set,

  		    settings_set_t **target) {

- 	isc_result_t result = ISC_R_FAILURE;

  	settings_set_t *new_set = NULL;

  

  	REQUIRE(target != NULL && *target == NULL);

  	REQUIRE(default_settings != NULL);

  	REQUIRE(default_set_length > 0);

  

- 	CHECKED_MEM_ALLOCATE(mctx, new_set, default_set_length);

+ 	new_set = isc_mem_allocate(mctx, default_set_length);

  	ZERO_PTR(new_set);

  	isc_mem_attach(mctx, &new_set->mctx);

  

- 	CHECKED_MEM_GET_PTR(mctx, new_set->lock);

- 	result = isc_mutex_init(new_set->lock);

- 	INSIST(result == ISC_R_SUCCESS);

+ 	new_set->lock = isc_mem_get(mctx, sizeof(*(new_set->lock)));

+ 	/* isc_mutex_init failures are now fatal */

+ 	isc_mutex_init(new_set->lock);

  

  	new_set->parent_set = parent_set;

  

- 	CHECKED_MEM_ALLOCATE(mctx, new_set->first_setting, default_set_length);

+ 	new_set->first_setting = isc_mem_allocate(mctx, default_set_length);

  	memcpy(new_set->first_setting, default_settings, default_set_length);

  

- 	CHECKED_MEM_ALLOCATE(mctx, new_set->name, strlen(set_name) + 1);

+ 	new_set->name = isc_mem_allocate(mctx, strlen(set_name) + 1);

  	strcpy(new_set->name, set_name);

  

  	*target = new_set;

- 	result = ISC_R_SUCCESS;

- 

- cleanup:

- 	if (result != ISC_R_SUCCESS)

- 		settings_set_free(&new_set);

- 

- 	return result;

+ 	return ISC_R_SUCCESS;

  }

  

  /**
@@ -531,7 +527,8 @@ 

  		mctx = (*set)->mctx;

  

  		if ((*set)->lock != NULL) {

- 			DESTROYLOCK((*set)->lock);

+ 			/* isc_mutex_destroy failures are now fatal */

+ 			isc_mutex_destroy((*set)->lock);

  			SAFE_MEM_PUT_PTR(mctx, (*set)->lock);

  		}

  
@@ -577,7 +574,7 @@ 

  static isc_result_t

  settings_set_fill(const cfg_obj_t *config, settings_set_t *set)

  {