diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2011-11-17 13:11:21 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2011-11-17 13:11:21 +0000 |
| commit | 7a65c42b36c400e6fe0ec952b33eddfee04ec3df (patch) | |
| tree | 085ebe11e72cb1763ea4f8d8fd05fb6859c48bfe /usr.sbin | |
| parent | caa6f3501017614097a9b107f76361844bc77f55 (diff) | |
Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashes
with INSIST(! dns_rdataset_isassociated(sigrdataset))).
ok jakob@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/bind/bin/named/query.c | 19 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/dns/rbtdb.c | 7 |
2 files changed, 13 insertions, 13 deletions
diff --git a/usr.sbin/bind/bin/named/query.c b/usr.sbin/bind/bin/named/query.c index c492a1f243e..b7d9ddf5945 100644 --- a/usr.sbin/bind/bin/named/query.c +++ b/usr.sbin/bind/bin/named/query.c @@ -1239,11 +1239,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1284,8 +1282,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1733,10 +1732,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ diff --git a/usr.sbin/bind/lib/dns/rbtdb.c b/usr.sbin/bind/lib/dns/rbtdb.c index 456f2fdd1b3..519a9260a5c 100644 --- a/usr.sbin/bind/lib/dns/rbtdb.c +++ b/usr.sbin/bind/lib/dns/rbtdb.c @@ -244,6 +244,7 @@ typedef struct rdatasetheader { #define RDATASET_ATTR_IGNORE 0x0004 #define RDATASET_ATTR_RETAIN 0x0008 #define RDATASET_ATTR_NXDOMAIN 0x0010 +#define RDATASET_ATTR_NEGATIVE 0x0100 typedef struct acache_cbarg { dns_rdatasetadditional_t type; @@ -278,6 +279,8 @@ struct acachectl { (((header)->attributes & RDATASET_ATTR_RETAIN) != 0) #define NXDOMAIN(header) \ (((header)->attributes & RDATASET_ATTR_NXDOMAIN) != 0) +#define NEGATIVE(header) \ + (((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0) #define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */ #define DEFAULT_CACHE_NODE_LOCK_COUNT 1009 /*%< Should be prime. */ @@ -3648,7 +3651,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result == DNS_R_NCACHENXRRSET) { bind_rdataset(search.rbtdb, node, found, search.now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); } @@ -4234,7 +4237,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, } if (found != NULL) { bind_rdataset(rbtdb, rbtnode, found, now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(rbtdb, rbtnode, foundsig, now, sigrdataset); } |