svn commit: r227594 - in vendor/bind9/dist: . bin/named lib/dns
Doug Barton
dougb at FreeBSD.org
Thu Nov 17 00:16:16 UTC 2011
Author: dougb
Date: Thu Nov 17 00:16:15 2011
New Revision: 227594
URL: http://svn.freebsd.org/changeset/base/227594
Log:
Vendor import of BIND 9.8.1-P1
Modified:
vendor/bind9/dist/CHANGES
vendor/bind9/dist/bin/named/query.c
vendor/bind9/dist/lib/dns/rbtdb.c
vendor/bind9/dist/version
Modified: vendor/bind9/dist/CHANGES
==============================================================================
--- vendor/bind9/dist/CHANGES Wed Nov 16 23:29:27 2011 (r227593)
+++ vendor/bind9/dist/CHANGES Thu Nov 17 00:16:15 2011 (r227594)
@@ -1,3 +1,9 @@
+ --- 9.8.1-P1 released ---
+
+3218. [security] Cache lookup could return RRSIG data associated with
+ nonexistent records, leading to an assertion
+ failure. [RT #26590]
+
--- 9.8.1 released ---
--- 9.8.1rc1 released ---
Modified: vendor/bind9/dist/bin/named/query.c
==============================================================================
--- vendor/bind9/dist/bin/named/query.c Wed Nov 16 23:29:27 2011 (r227593)
+++ vendor/bind9/dist/bin/named/query.c Thu Nov 17 00:16:15 2011 (r227594)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
+/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */
/*! \file */
@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
goto setcache;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(! dns_rdataset_isassociated(sigrdataset));
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
/* Remember the result as a cache */
Modified: vendor/bind9/dist/lib/dns/rbtdb.c
==============================================================================
--- vendor/bind9/dist/lib/dns/rbtdb.c Wed Nov 16 23:29:27 2011 (r227593)
+++ vendor/bind9/dist/lib/dns/rbtdb.c Thu Nov 17 00:16:15 2011 (r227594)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */
+/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */
/*! \file */
@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
rdataset);
if (need_headerupdate(found, search.now))
update = found;
- if (foundsig != NULL) {
+ if (!NEGATIVE(found) && foundsig != NULL) {
bind_rdataset(search.rbtdb, node, foundsig, search.now,
sigrdataset);
if (need_headerupdate(foundsig, search.now))
@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
}
if (found != NULL) {
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
- if (foundsig != NULL)
+ if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(rbtdb, rbtnode, foundsig, now,
sigrdataset);
}
Modified: vendor/bind9/dist/version
==============================================================================
--- vendor/bind9/dist/version Wed Nov 16 23:29:27 2011 (r227593)
+++ vendor/bind9/dist/version Thu Nov 17 00:16:15 2011 (r227594)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $
+# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -6,5 +6,5 @@
MAJORVER=9
MINORVER=8
PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1
More information about the svn-src-vendor
mailing list