svn commit: r227597 - in vendor/bind9/dist-9.6: . bin/named lib/dns
Doug Barton
dougb at FreeBSD.org
Thu Nov 17 00:33:39 UTC 2011
Author: dougb
Date: Thu Nov 17 00:33:38 2011
New Revision: 227597
URL: http://svn.freebsd.org/changeset/base/227597
Log:
Vendor import of BIND 9.6-ESV-R5-P1
Modified:
vendor/bind9/dist-9.6/CHANGES
vendor/bind9/dist-9.6/bin/named/query.c
vendor/bind9/dist-9.6/lib/dns/rbtdb.c
vendor/bind9/dist-9.6/version
Modified: vendor/bind9/dist-9.6/CHANGES
==============================================================================
--- vendor/bind9/dist-9.6/CHANGES Thu Nov 17 00:25:35 2011 (r227596)
+++ vendor/bind9/dist-9.6/CHANGES Thu Nov 17 00:33:38 2011 (r227597)
@@ -1,3 +1,9 @@
+ --- 9.6-ESV-R5-P1 released ---
+
+3218. [security] Cache lookup could return RRSIG data associated with
+ nonexistent records, leading to an assertion
+ failure. [RT #26590]
+
--- 9.6-ESV-R5 released ---
3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
Modified: vendor/bind9/dist-9.6/bin/named/query.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/named/query.c Thu Nov 17 00:25:35 2011 (r227596)
+++ vendor/bind9/dist-9.6/bin/named/query.c Thu Nov 17 00:33:38 2011 (r227597)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.313.20.27 2011-03-19 09:47:54 marka Exp $ */
+/* $Id: query.c,v 1.313.20.27.8.1 2011-11-16 09:11:42 marka Exp $ */
/*! \file */
@@ -1280,11 +1280,9 @@ query_addadditional(void *arg, dns_name_
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1325,8 +1323,9 @@ query_addadditional(void *arg, dns_name_
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1776,10 +1775,8 @@ query_addadditional2(void *arg, dns_name
goto setcache;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(! dns_rdataset_isassociated(sigrdataset));
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
/* Remember the result as a cache */
Modified: vendor/bind9/dist-9.6/lib/dns/rbtdb.c
==============================================================================
--- vendor/bind9/dist-9.6/lib/dns/rbtdb.c Thu Nov 17 00:25:35 2011 (r227596)
+++ vendor/bind9/dist-9.6/lib/dns/rbtdb.c Thu Nov 17 00:33:38 2011 (r227597)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.270.12.32 2011-06-09 00:16:35 each Exp $ */
+/* $Id: rbtdb.c,v 1.270.12.32.8.1 2011-11-16 09:11:42 marka Exp $ */
/*! \file */
@@ -4681,7 +4681,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
rdataset);
if (need_headerupdate(found, search.now))
update = found;
- if (foundsig != NULL) {
+ if (!NEGATIVE(found) && foundsig != NULL) {
bind_rdataset(search.rbtdb, node, foundsig, search.now,
sigrdataset);
if (need_headerupdate(foundsig, search.now))
@@ -5313,7 +5313,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
}
if (found != NULL) {
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
- if (foundsig != NULL)
+ if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(rbtdb, rbtnode, foundsig, now,
sigrdataset);
}
Modified: vendor/bind9/dist-9.6/version
==============================================================================
--- vendor/bind9/dist-9.6/version Thu Nov 17 00:25:35 2011 (r227596)
+++ vendor/bind9/dist-9.6/version Thu Nov 17 00:33:38 2011 (r227597)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.14 2011-07-21 02:48:13 marka Exp $
+# $Id: version,v 1.43.12.14.10.1 2011-11-16 09:18:28 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -7,4 +7,4 @@ MAJORVER=9
MINORVER=6
PATCHVER=
RELEASETYPE=-ESV
-RELEASEVER=-R5
+RELEASEVER=-R5-P1
More information about the svn-src-all
mailing list