subject:"CVS commit\: \[netbsd\-4\] src\/dist\/bind"

CVS commit: [netbsd-4] src/dist/bind

2012-09-15 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sat Sep 15 09:09:33 UTC 2012

Modified Files:
src/dist/bind [netbsd-4]: CHANGES version
src/dist/bind/lib/dns [netbsd-4]: master.c rdata.c rdataslab.c
src/dist/bind/lib/dns/include/dns [netbsd-4]: rdata.h

Log Message:
Apply patch, requested by spz in ticket #1457
dist/bind/CHANGES   patch
dist/bind/version   patch
dist/bind/lib/dns/master.c  patch
dist/bind/lib/dns/rdata.c   patch
dist/bind/lib/dns/rdataslab.c   patch
dist/bind/lib/dns/include/dns/rdata.h   patch

apply fix for CVE-2012-4244 (Named could die on specially crafted
record) from upstream.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.10 -r1.1.1.4.4.11 src/dist/bind/CHANGES \
src/dist/bind/version
cvs rdiff -u -r1.1.1.4.4.4 -r1.1.1.4.4.5 src/dist/bind/lib/dns/master.c
cvs rdiff -u -r1.1.1.3.4.3 -r1.1.1.3.4.4 src/dist/bind/lib/dns/rdata.c
cvs rdiff -u -r1.1.1.3.4.4 -r1.1.1.3.4.5 src/dist/bind/lib/dns/rdataslab.c
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 \
src/dist/bind/lib/dns/include/dns/rdata.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.4.4.10 src/dist/bind/CHANGES:1.1.1.4.4.11
--- src/dist/bind/CHANGES:1.1.1.4.4.10	Tue Jul 24 20:38:38 2012
+++ src/dist/bind/CHANGES	Sat Sep 15 09:09:31 2012
@@ -1,3 +1,8 @@
+--- 9.4-ESV-R4-P2nb2: added patches from 9.7.6-P3 ---
+
+3364.	[security]	Named could die on specially crafted record.
+			[RT #30416]
+
 --- 9.4-ESV-R4-P2nb1: added patches from 9.6-ESV-R7-P2 ---
 
 3346.	[security]	Bad-cache data could be used before it was
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.4.4.10 src/dist/bind/version:1.1.1.4.4.11
--- src/dist/bind/version:1.1.1.4.4.10	Tue Jul 24 20:38:38 2012
+++ src/dist/bind/version	Sat Sep 15 09:09:31 2012
@@ -1,4 +1,4 @@
-# $Id: version,v 1.1.1.4.4.10 2012/07/24 20:38:38 riz Exp $
+# $Id: version,v 1.1.1.4.4.11 2012/09/15 09:09:31 bouyer Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=4
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R4-P2nb1
+RELEASEVER=-R4-P2nb2

Index: src/dist/bind/lib/dns/master.c
diff -u src/dist/bind/lib/dns/master.c:1.1.1.4.4.4 src/dist/bind/lib/dns/master.c:1.1.1.4.4.5
--- src/dist/bind/lib/dns/master.c:1.1.1.4.4.4	Sun Nov 20 13:02:27 2011
+++ src/dist/bind/lib/dns/master.c	Sat Sep 15 09:09:32 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: master.c,v 1.1.1.4.4.4 2011/11/20 13:02:27 bouyer Exp $	*/
+/*	$NetBSD: master.c,v 1.1.1.4.4.5 2012/09/15 09:09:32 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. (ISC)
@@ -77,7 +77,7 @@
 /*%
  * max message size - header - root - type - class - ttl - rdlen
  */
-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
+#define MINTSIZ DNS_RDATA_MAXLENGTH
 /*%
  * Size for tokens in the presentation format,
  * The largest tokens are the base64 blocks in KEY and CERT records,

Index: src/dist/bind/lib/dns/rdata.c
diff -u src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.3 src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.4
--- src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.3	Tue Jun  5 20:01:02 2012
+++ src/dist/bind/lib/dns/rdata.c	Sat Sep 15 09:09:32 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdata.c,v 1.1.1.3.4.3 2012/06/05 20:01:02 bouyer Exp $	*/
+/*	$NetBSD: rdata.c,v 1.1.1.3.4.4 2012/09/15 09:09:32 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. (ISC)
@@ -407,6 +407,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
 	isc_buffer_t st;
 	isc_boolean_t use_default = ISC_FALSE;
 	isc_uint32_t activelength;
+	size_t length;
 
 	REQUIRE(dctx != NULL);
 	if (rdata != NULL) {
@@ -437,6 +438,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
 	}
 
 	/*
+	 * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
+	 * as we cannot transmit it.
+	 */
+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(st);
+	if (result == ISC_R_SUCCESS  length  DNS_RDATA_MAXLENGTH)
+		result = DNS_R_FORMERR;
+
+	/*
 	 * We should have consumed all of our buffer.
 	 */
 	if (result == ISC_R_SUCCESS  !buffer_empty(source))
@@ -444,8 +453,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
 
 	if (rdata != NULL  result == ISC_R_SUCCESS) {
 		region.base = isc_buffer_used(st);
-		region.length = isc_buffer_usedlength(target) -
-isc_buffer_usedlength(st);
+		region.length = length;
 		dns_rdata_fromregion(rdata, rdclass, type, region);
 	}
 
@@ -580,6 +588,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
 	unsigned long line;
 	void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
 	isc_result_t tresult;
+	size_t length;

CVS commit: [netbsd-4] src/dist/bind

2012-07-24 Thread Jeff Rizzo

Module Name:src
Committed By:   riz
Date:   Tue Jul 24 20:38:40 UTC 2012

Modified Files:
src/dist/bind [netbsd-4]: CHANGES version
src/dist/bind/bin/tests/system/stub [netbsd-4]: tests.sh
src/dist/bind/lib/dns [netbsd-4]: resolver.c zone.c
src/dist/bind/lib/isc [netbsd-4]: random.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1455):
dist/bind/CHANGES
dist/bind/version
dist/bind/bin/tests/system/stub/tests.sh
dist/bind/lib/dns/resolver.c
dist/bind/lib/dns/zone.c
dist/bind/lib/isc/random.c

Address Heavy DNSSEC validation load can cause a bad cache assertion
failure in bind vulnerability.

It was generated out of the 9.6-ESV-R7-P1 patch from ISC


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.9 -r1.1.1.4.4.10 src/dist/bind/CHANGES \
src/dist/bind/version
cvs rdiff -u -r1.1.1.3.4.1 -r1.1.1.3.4.2 \
src/dist/bind/bin/tests/system/stub/tests.sh
cvs rdiff -u -r1.2.2.7 -r1.2.2.8 src/dist/bind/lib/dns/resolver.c
cvs rdiff -u -r1.1.1.4.4.3 -r1.1.1.4.4.4 src/dist/bind/lib/dns/zone.c
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 src/dist/bind/lib/isc/random.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.4.4.9 src/dist/bind/CHANGES:1.1.1.4.4.10
--- src/dist/bind/CHANGES:1.1.1.4.4.9	Tue Jun  5 20:01:02 2012
+++ src/dist/bind/CHANGES	Tue Jul 24 20:38:38 2012
@@ -1,3 +1,14 @@
+--- 9.4-ESV-R4-P2nb1: added patches from 9.6-ESV-R7-P2 ---
+
+3346.	[security]	Bad-cache data could be used before it was
+			initialized, causing an assert. [RT #30025]
+
+3343.	[bug]		Relax isc_random_jitter() REQUIRE tests. [RT #29821]
+
+3342.	[bug]		Change #3314 broke saving of stub zones to disk
+			resulting in excessive cpu usage in some cases.
+			[RT #29952]
+
 	--- 9.4-ESV-R4-P2 released ---
 
 3331.	[security]	dns_rdataslab_fromrdataset could produce bad
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.4.4.9 src/dist/bind/version:1.1.1.4.4.10
--- src/dist/bind/version:1.1.1.4.4.9	Tue Jun  5 20:01:02 2012
+++ src/dist/bind/version	Tue Jul 24 20:38:38 2012
@@ -1,4 +1,4 @@
-# $Id: version,v 1.1.1.4.4.9 2012/06/05 20:01:02 bouyer Exp $
+# $Id: version,v 1.1.1.4.4.10 2012/07/24 20:38:38 riz Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=4
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R4-P2
+RELEASEVER=-R4-P2nb1

Index: src/dist/bind/bin/tests/system/stub/tests.sh
diff -u src/dist/bind/bin/tests/system/stub/tests.sh:1.1.1.3.4.1 src/dist/bind/bin/tests/system/stub/tests.sh:1.1.1.3.4.2
--- src/dist/bind/bin/tests/system/stub/tests.sh:1.1.1.3.4.1	Thu May 17 00:36:53 2007
+++ src/dist/bind/bin/tests/system/stub/tests.sh	Tue Jul 24 20:38:39 2012
@@ -21,19 +21,38 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 status=0
+echo I:check that the stub zone has been saved to disk
+for i in 1 2 3 4 5 6 7 8 9 20
+do
+	[ -f ns3/child.example.st ]  break
+	sleep 1
+done
+[ -f ns3/child.example.st ] || { status=1;  echo I:failed; }
 
-echo I:trying an axfr that should be denied (NOTAUTH)
-$DIG +tcp data.child.example. @10.53.0.3 axfr -p 5300  dig.out.ns3 || status=1
+for pass in 1 2
+do
+
+echo I:trying an axfr that should be denied (NOTAUTH) (pass=$pass)
+$DIG +tcp child.example. @10.53.0.3 axfr -p 5300  dig.out.ns3 || status=1
 grep ; Transfer failed. dig.out.ns3  /dev/null || status=1
 
-echo I:look for stub zone data without recursion (should not be found)
+echo I:look for stub zone data without recursion (should not be found) (pass=$pass)
 $DIG +tcp +norec data.child.example. @10.53.0.3 txt -p 5300  dig.out.ns3 \
 	|| status=1
 $PERL ../digcomp.pl knowngood.dig.out.norec dig.out.ns3 || status=1
 
-echo I:look for stub zone data with recursion (should be found)
+echo I:look for stub zone data with recursion (should be found) (pass=$pass)
 $DIG +tcp data.child.example. @10.53.0.3 txt -p 5300  dig.out.ns3 || status=1
 $PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns3 || status=1
 
+[ $pass = 1 ]  {
+	echo I:stopping stub server
+	$PERL $SYSTEMTESTTOP/stop.pl . ns3
+
+	echo I:re-starting stub server
+	$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns3
+}
+done
+
 echo I:exit status: $status
 exit $status

Index: src/dist/bind/lib/dns/resolver.c
diff -u src/dist/bind/lib/dns/resolver.c:1.2.2.7 src/dist/bind/lib/dns/resolver.c:1.2.2.8
--- src/dist/bind/lib/dns/resolver.c:1.2.2.7	Sat Jul 16 00:45:38 2011
+++ src/dist/bind/lib/dns/resolver.c	Tue Jul 24 20:38:39 2012
@@ -1,4 +1,4 @@
-/*$NetBSD: resolver.c,v 1.2.2.7 2011/07/16 00:45:38 riz Exp $  */
+/*$NetBSD: resolver.c,v 1.2.2.8 2012/07/24 20:38:39 riz Exp $  */
 
 /*
  * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. (ISC)
@@ -7625,6 +7625,7 @@ dns_resolver_addbadcache(dns_resolver_t 
 		}
 		bad-type = type;
 		bad-hashval =

CVS commit: [netbsd-4] src/dist/bind

2012-06-05 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Tue Jun  5 20:01:03 UTC 2012

Modified Files:
src/dist/bind [netbsd-4]: CHANGES version
src/dist/bind/lib/dns [netbsd-4]: rdata.c rdataslab.c

Log Message:
Apply patch, requested by christos in ticket #1447
dist/bind/CHANGES   patch
dist/bind/version   patch
dist/bind/lib/dns/rdata.c   patch
dist/bind/lib/dns/rdataslab.c   patch
Update bind to 9.4-ESV-R4-P2
3331.  [security]  dns_rdataslab_fromrdataset could produce bad
   rdataslabs. [RT #29644]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.8 -r1.1.1.4.4.9 src/dist/bind/CHANGES \
src/dist/bind/version
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 src/dist/bind/lib/dns/rdata.c
cvs rdiff -u -r1.1.1.3.4.3 -r1.1.1.3.4.4 src/dist/bind/lib/dns/rdataslab.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.4.4.8 src/dist/bind/CHANGES:1.1.1.4.4.9
--- src/dist/bind/CHANGES:1.1.1.4.4.8	Sun Nov 20 13:02:25 2011
+++ src/dist/bind/CHANGES	Tue Jun  5 20:01:02 2012
@@ -1,3 +1,8 @@
+	--- 9.4-ESV-R4-P2 released ---
+
+3331.	[security]	dns_rdataslab_fromrdataset could produce bad
+			rdataslabs. [RT #29644]
+
 3218.   [security]  Cache lookup could return RRSIG data associated with
 nonexistent records, leading to an assertion
 failure. [RT #26590]
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.4.4.8 src/dist/bind/version:1.1.1.4.4.9
--- src/dist/bind/version:1.1.1.4.4.8	Sat Jun 18 10:36:30 2011
+++ src/dist/bind/version	Tue Jun  5 20:01:02 2012
@@ -1,4 +1,4 @@
-# $Id: version,v 1.1.1.4.4.8 2011/06/18 10:36:30 bouyer Exp $
+# $Id: version,v 1.1.1.4.4.9 2012/06/05 20:01:02 bouyer Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=4
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R4-P1
+RELEASEVER=-R4-P2

Index: src/dist/bind/lib/dns/rdata.c
diff -u src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.2 src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.3
--- src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.2	Sun Jan 23 21:47:39 2011
+++ src/dist/bind/lib/dns/rdata.c	Tue Jun  5 20:01:02 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdata.c,v 1.1.1.3.4.2 2011/01/23 21:47:39 bouyer Exp $	*/
+/*	$NetBSD: rdata.c,v 1.1.1.3.4.3 2012/06/05 20:01:02 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. (ISC)
@@ -338,6 +338,8 @@ dns_rdata_compare(const dns_rdata_t *rda
 	REQUIRE(rdata2 != NULL);
 	REQUIRE(rdata1-data != NULL);
 	REQUIRE(rdata2-data != NULL);
+	REQUIRE(rdata1-length == 0 || rdata1-data != NULL);
+	REQUIRE(rdata2-length == 0 || rdata2-data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 

Index: src/dist/bind/lib/dns/rdataslab.c
diff -u src/dist/bind/lib/dns/rdataslab.c:1.1.1.3.4.3 src/dist/bind/lib/dns/rdataslab.c:1.1.1.3.4.4
--- src/dist/bind/lib/dns/rdataslab.c:1.1.1.3.4.3	Sun Jan 23 21:47:39 2011
+++ src/dist/bind/lib/dns/rdataslab.c	Tue Jun  5 20:01:03 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdataslab.c,v 1.1.1.3.4.3 2011/01/23 21:47:39 bouyer Exp $	*/
+/*	$NetBSD: rdataslab.c,v 1.1.1.3.4.4 2012/06/05 20:01:03 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. (ISC)
@@ -130,6 +130,11 @@ isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, unsigned int reservelen)
 {
+	/*
+	 * Use removed as a sentinal pointer for duplicate
+	 * rdata as rdata.data == NULL is valid.
+	 */
+	static unsigned char removed;
 	struct xrdata  *x;
 	unsigned char  *rawbuf;
 #if DNS_RDATASET_FIXED
@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 		INSIST(result == ISC_R_SUCCESS);
 		dns_rdata_init(x[i].rdata);
 		dns_rdataset_current(rdataset, x[i].rdata);
+		INSIST(x[i].rdata.data != removed);
 #if DNS_RDATASET_FIXED
 		x[i].order = i;
 #endif
@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 	 */
 	for (i = 1; i  nalloc; i++) {
 		if (compare_rdata(x[i-1].rdata, x[i].rdata) == 0) {
-			x[i-1].rdata.data = NULL;
-			x[i-1].rdata.length = 0;
+			x[i-1].rdata.data = removed;
 #if DNS_RDATASET_FIXED
 			/*
 			 * Preserve the least order so A, B, A - A, B
@@ -277,7 +282,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 #endif
 
 	for (i = 0; i  nalloc; i++) {
-		if (x[i].rdata.data == NULL)
+		if (x[i].rdata.data == removed)
 			continue;
 #if DNS_RDATASET_FIXED
 		offsettable[x[i].order] = rawbuf - offsetbase;

CVS commit: [netbsd-4] src/dist/bind

2011-11-20 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sun Nov 20 13:02:27 UTC 2011

Modified Files:
src/dist/bind [netbsd-4]: CHANGES
src/dist/bind/bin/named [netbsd-4]: query.c
src/dist/bind/bin/nsupdate [netbsd-4]: nsupdate.8
src/dist/bind/lib/dns [netbsd-4]: master.c rbtdb.c
src/dist/bind/lib/isc/nothreads [netbsd-4]: condition.c mutex.c
src/dist/bind/lib/isc/unix [netbsd-4]: time.c
src/dist/bind/lib/lwres/include/lwres [netbsd-4]: lwres.h

Log Message:
Apply patch, requested by christos in ticket #1437:
src/dist/bind/CHANGES
src/dist/bind/bin/named/query.c
src/dist/bind/bin/nsupdate/nsupdate.8
src/dist/bind/lib/dns/master.c
src/dist/bind/lib/dns/rbtdb.c
src/dist/bind/lib/isc/nothreads/condition.c
src/dist/bind/lib/isc/nothreads/mutex.c
src/dist/bind/lib/isc/unix/time.c
src/dist/bind/lib/lwres/include/lwres/lwres.h
Cache lookup could return RRSIG data associated with nonexistent
records, leading to an assertion failure.  Fixes CVE-2011-4313.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.7 -r1.1.1.4.4.8 src/dist/bind/CHANGES
cvs rdiff -u -r1.3.2.4 -r1.3.2.5 src/dist/bind/bin/named/query.c
cvs rdiff -u -r1.1.1.3.4.3 -r1.1.1.3.4.4 \
src/dist/bind/bin/nsupdate/nsupdate.8
cvs rdiff -u -r1.1.1.4.4.3 -r1.1.1.4.4.4 src/dist/bind/lib/dns/master.c
cvs rdiff -u -r1.1.1.4.4.5 -r1.1.1.4.4.6 src/dist/bind/lib/dns/rbtdb.c
cvs rdiff -u -r1.1.1.3.4.1 -r1.1.1.3.4.2 \
src/dist/bind/lib/isc/nothreads/condition.c \
src/dist/bind/lib/isc/nothreads/mutex.c
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 src/dist/bind/lib/isc/unix/time.c
cvs rdiff -u -r1.1.1.3.4.1 -r1.1.1.3.4.2 \
src/dist/bind/lib/lwres/include/lwres/lwres.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.4.4.7 src/dist/bind/CHANGES:1.1.1.4.4.8
--- src/dist/bind/CHANGES:1.1.1.4.4.7	Sat Jun 18 10:36:30 2011
+++ src/dist/bind/CHANGES	Sun Nov 20 13:02:25 2011
@@ -1,3 +1,7 @@
+3218.   [security]  Cache lookup could return RRSIG data associated with
+nonexistent records, leading to an assertion
+failure. [RT #26590]
+
 	--- 9.4-ESV-R4-P1 released ---
 
 3121.   [security]  An authoritative name server sending a negative

Index: src/dist/bind/bin/named/query.c
diff -u src/dist/bind/bin/named/query.c:1.3.2.4 src/dist/bind/bin/named/query.c:1.3.2.5
--- src/dist/bind/bin/named/query.c:1.3.2.4	Sun Jan 23 21:47:10 2011
+++ src/dist/bind/bin/named/query.c	Sun Nov 20 13:02:26 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: query.c,v 1.3.2.4 2011/01/23 21:47:10 bouyer Exp $	*/
+/*	$NetBSD: query.c,v 1.3.2.5 2011/11/20 13:02:26 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. (ISC)
@@ -1253,11 +1253,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			/*
-			 * Negative cache entries don't have sigrdatasets.
-			 */
-			INSIST(sigrdataset == NULL ||
-			   ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL 
+			dns_rdataset_isassociated(sigrdataset))
+dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1298,8 +1296,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			INSIST(sigrdataset == NULL ||
-			   ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL 
+			dns_rdataset_isassociated(sigrdataset))
+dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1748,10 +1747,8 @@ query_addadditional2(void *arg, dns_name
 		goto setcache;
 	if (result == DNS_R_NCACHENXRRSET) {
 		dns_rdataset_disassociate(rdataset);
-		/*
-		 * Negative cache entries don't have sigrdatasets.
-		 */
-		INSIST(! dns_rdataset_isassociated(sigrdataset));
+		if (dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
 	}
 	if (result == ISC_R_SUCCESS) {
 		/* Remember the result as a cache */

Index: src/dist/bind/bin/nsupdate/nsupdate.8
diff -u src/dist/bind/bin/nsupdate/nsupdate.8:1.1.1.3.4.3 src/dist/bind/bin/nsupdate/nsupdate.8:1.1.1.3.4.4
--- src/dist/bind/bin/nsupdate/nsupdate.8:1.1.1.3.4.3	Sun Jan 23 21:47:11 2011
+++ src/dist/bind/bin/nsupdate/nsupdate.8	Sun Nov 20 13:02:26 2011
@@ -1,2 +1,443 @@
-.\	$NetBSD: nsupdate.8,v 1.1.1.3.4.3 2011/01/23 21:47:11 bouyer Exp $
+.\	$NetBSD: nsupdate.8,v 1.1.1.3.4.4 2011/11/20 13:02:26 bouyer Exp $
 .\
+.\ Copyright (C) 2004-2010 Internet Systems Consortium, Inc. (ISC)
+.\ Copyright (C) 2000-2003 Internet Software Consortium.
+.\ 
+.\ Permission to use, copy, modify, and/or distribute this software for any
+.\

CVS commit: [netbsd-4] src/dist/bind/lib/dns

2011-07-15 Thread Jeff Rizzo

Module Name:src
Committed By:   riz
Date:   Sat Jul 16 00:45:39 UTC 2011

Modified Files:
src/dist/bind/lib/dns [netbsd-4]: masterdump.c message.c ncache.c
rbtdb.c rdataset.c resolver.c validator.c
src/dist/bind/lib/dns/include/dns [netbsd-4]: rdataset.h

Log Message:
dist/bind/lib/dns/masterdump.c  patch
dist/bind/lib/dns/message.c patch
dist/bind/lib/dns/ncache.c  patch
dist/bind/lib/dns/rbtdb.c   patch
dist/bind/lib/dns/rdataset.cpatch
dist/bind/lib/dns/resolver.cpatch
dist/bind/lib/dns/validator.c   patch
dist/bind/lib/dns/include/dns/rdataset.hpatch

Patch bind to address CVE-2011-2464.
[spz, ticket #1431]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.3 -r1.1.1.4.4.4 src/dist/bind/lib/dns/masterdump.c
cvs rdiff -u -r1.2.4.3 -r1.2.4.4 src/dist/bind/lib/dns/message.c
cvs rdiff -u -r1.1.1.3.4.3 -r1.1.1.3.4.4 src/dist/bind/lib/dns/ncache.c \
src/dist/bind/lib/dns/rdataset.c
cvs rdiff -u -r1.1.1.4.4.4 -r1.1.1.4.4.5 src/dist/bind/lib/dns/rbtdb.c
cvs rdiff -u -r1.2.2.6 -r1.2.2.7 src/dist/bind/lib/dns/resolver.c
cvs rdiff -u -r1.4.4.6 -r1.4.4.7 src/dist/bind/lib/dns/validator.c
cvs rdiff -u -r1.1.1.3.4.3 -r1.1.1.3.4.4 \
src/dist/bind/lib/dns/include/dns/rdataset.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/lib/dns/masterdump.c
diff -u src/dist/bind/lib/dns/masterdump.c:1.1.1.4.4.3 src/dist/bind/lib/dns/masterdump.c:1.1.1.4.4.4
--- src/dist/bind/lib/dns/masterdump.c:1.1.1.4.4.3	Sun Jan 23 21:47:38 2011
+++ src/dist/bind/lib/dns/masterdump.c	Sat Jul 16 00:45:36 2011
@@ -1,7 +1,7 @@
-/*	$NetBSD: masterdump.c,v 1.1.1.4.4.3 2011/01/23 21:47:38 bouyer Exp $	*/
+/*	$NetBSD: masterdump.c,v 1.1.1.4.4.4 2011/07/16 00:45:36 riz Exp $	*/
 
 /*
- * Copyright (C) 2004-2006, 2008, 2009  Internet Systems Consortium, Inc. (ISC)
+ * Copyright (C) 2004-2006, 2008, 2009, 2011  Internet Systems Consortium, Inc. (ISC)
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* Id: masterdump.c,v 1.73.18.19 2009/11/25 04:50:24 marka Exp */
+/* Id: masterdump.h,v 1.31.14.7 2011-05-27 23:49:08 tbox Exp */
 
 /*! \file */
 
@@ -357,6 +357,7 @@
 	isc_uint32_t current_ttl;
 	isc_boolean_t current_ttl_valid;
 	dns_rdatatype_t type;
+	unsigned int type_start;
 
 	REQUIRE(DNS_RDATASET_VALID(rdataset));
 
@@ -438,29 +439,26 @@
 		 * Type.
 		 */
 
-		if (rdataset-type == 0) {
+		if ((rdataset-attributes  DNS_RDATASETATTR_NEGATIVE) != 0) {
 			type = rdataset-covers;
 		} else {
 			type = rdataset-type;
 		}
 
-		{
-			unsigned int type_start;
-			INDENT_TO(type_column);
-			type_start = target-used;
-			if (rdataset-type == 0)
-RETERR(str_totext(\\-, target));
-			result = dns_rdatatype_totext(type, target);
-			if (result != ISC_R_SUCCESS)
-return (result);
-			column += (target-used - type_start);
-		}
+		INDENT_TO(type_column);
+		type_start = target-used;
+		if ((rdataset-attributes  DNS_RDATASETATTR_NEGATIVE) != 0)
+			RETERR(str_totext(\\-, target));
+		result = dns_rdatatype_totext(type, target);
+		if (result != ISC_R_SUCCESS)
+			return (result);
+		column += (target-used - type_start);
 
 		/*
 		 * Rdata.
 		 */
 		INDENT_TO(rdata_column);
-		if (rdataset-type == 0) {
+		if ((rdataset-attributes  DNS_RDATASETATTR_NEGATIVE) != 0) {
 			if (NXDOMAIN(rdataset))
 RETERR(str_totext(;-$NXDOMAIN\n, target));
 			else
@@ -831,7 +829,7 @@
 	sizeof(trustnames[0])));
 			fprintf(f, ; %s\n, trustnames[trust]);
 		}
-		if (rds-type == 0 
+		if (((rds-attributes  DNS_RDATASETATTR_NEGATIVE) != 0) 
 		(ctx-style.flags  DNS_STYLEFLAG_NCACHE) == 0) {
 			/* Omit negative cache entries */
 		} else {
@@ -987,7 +985,7 @@
 		dns_rdataset_init(rdataset);
 		dns_rdatasetiter_current(rdsiter, rdataset);
 
-		if (rdataset.type == 0 
+		if (((rdataset.attributes  DNS_RDATASETATTR_NEGATIVE) != 0) 
 		(ctx-style.flags  DNS_STYLEFLAG_NCACHE) == 0) {
 			/* Omit negative cache entries */
 		} else {

Index: src/dist/bind/lib/dns/message.c
diff -u src/dist/bind/lib/dns/message.c:1.2.4.3 src/dist/bind/lib/dns/message.c:1.2.4.4
--- src/dist/bind/lib/dns/message.c:1.2.4.3	Sun Jan 23 21:47:38 2011
+++ src/dist/bind/lib/dns/message.c	Sat Jul 16 00:45:37 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: message.c,v 1.2.4.3 2011/01/23 21:47:38 bouyer Exp $	*/
+/*	$NetBSD: message.c,v 1.2.4.4 2011/07/16 00:45:37 riz Exp $	*/
 
 /*
  * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. (ISC)
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* Id: message.c,v 1.222.18.18 2009/01/19 23:46:15 tbox Exp */
+/* Id:

CVS commit: [netbsd-4] src/dist/bind

2011-06-18 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sat Jun 18 10:36:32 UTC 2011

Modified Files:
src/dist/bind [netbsd-4]: CHANGES version
src/dist/bind/lib/dns [netbsd-4]: api ncache.c rdataset.c validator.c
src/dist/bind/lib/dns/include/dns [netbsd-4]: rdataset.h

Log Message:
Apply patch, requested by spz in ticket #1430:
dist/bind/CHANGES:  patch
dist/bind/version:  patch
dist/bind/lib/dns/api:  patch
dist/bind/lib/dns/ncache.c: patch
dist/bind/lib/dns/rdataset.c:   patch
dist/bind/lib/dns/validator.c:  patch
dist/bind/lib/dns/include/dns/rdataset.h:   patch

Fix security issue: An authoritative name server sending a negative
 response containing a very large RRset could
 trigger an off-by-one error in the ncache code
 and crash named.
Fix bug: Named could fail to validate zones listed in a DLV
 that validated insecure without using DLV and had
 DS records in the parent zone.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.6 -r1.1.1.4.4.7 src/dist/bind/CHANGES
cvs rdiff -u -r1.1.1.4.4.7 -r1.1.1.4.4.8 src/dist/bind/version
cvs rdiff -u -r1.1.1.4.4.5 -r1.1.1.4.4.6 src/dist/bind/lib/dns/api
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 src/dist/bind/lib/dns/ncache.c \
src/dist/bind/lib/dns/rdataset.c
cvs rdiff -u -r1.4.4.5 -r1.4.4.6 src/dist/bind/lib/dns/validator.c
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 \
src/dist/bind/lib/dns/include/dns/rdataset.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.4.4.6 src/dist/bind/CHANGES:1.1.1.4.4.7
--- src/dist/bind/CHANGES:1.1.1.4.4.6	Sun Jan 23 21:47:02 2011
+++ src/dist/bind/CHANGES	Sat Jun 18 10:36:30 2011
@@ -1,3 +1,14 @@
+	--- 9.4-ESV-R4-P1 released ---
+
+3121.   [security]  An authoritative name server sending a negative
+response containing a very large RRset could
+trigger an off-by-one error in the ncache code
+and crash named. [RT #24650]
+
+3120.	[bug]		Named could fail to validate zones listed in a DLV
+			that validated insecure without using DLV and had
+			DS records in the parent zone. [RT #24631]
+
 	--- 9.4-ESV-R4 released ---
 
 2970.	[security]	Adding a NO DATA negative cache entry failed to clear

Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.4.4.7 src/dist/bind/version:1.1.1.4.4.8
--- src/dist/bind/version:1.1.1.4.4.7	Sun Jan 23 21:47:07 2011
+++ src/dist/bind/version	Sat Jun 18 10:36:30 2011
@@ -1,4 +1,4 @@
-# Id: version,v 1.29.134.32 2010/11/18 01:34:50 marka Exp
+# $Id: version,v 1.1.1.4.4.8 2011/06/18 10:36:30 bouyer Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@
 MINORVER=4
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R4
+RELEASEVER=-R4-P1

Index: src/dist/bind/lib/dns/api
diff -u src/dist/bind/lib/dns/api:1.1.1.4.4.5 src/dist/bind/lib/dns/api:1.1.1.4.4.6
--- src/dist/bind/lib/dns/api:1.1.1.4.4.5	Sun Jan 23 21:47:37 2011
+++ src/dist/bind/lib/dns/api	Sat Jun 18 10:36:31 2011
@@ -1,3 +1,3 @@
 LIBINTERFACE = 39
-LIBREVISION = 1
+LIBREVISION = 3
 LIBAGE = 1

Index: src/dist/bind/lib/dns/ncache.c
diff -u src/dist/bind/lib/dns/ncache.c:1.1.1.3.4.2 src/dist/bind/lib/dns/ncache.c:1.1.1.3.4.3
--- src/dist/bind/lib/dns/ncache.c:1.1.1.3.4.2	Sun Jan 23 21:47:38 2011
+++ src/dist/bind/lib/dns/ncache.c	Sat Jun 18 10:36:31 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: ncache.c,v 1.1.1.3.4.2 2011/01/23 21:47:38 bouyer Exp $	*/
+/*	$NetBSD: ncache.c,v 1.1.1.3.4.3 2011/06/18 10:36:31 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004, 2005, 2010  Internet Systems Consortium, Inc. (ISC)
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* Id: ncache.c,v 1.36.18.8 2010/06/03 23:46:10 tbox Exp */
+/* Id: ncache.c,v 1.36.18.8.10.1 2011-05-26 23:56:27 each Exp */
 
 /*! \file */
 
@@ -177,7 +177,7 @@
 	 */
 	isc_buffer_availableregion(buffer,
    r);
-	if (r.length  2)
+	if (r.length  3)
 		return (ISC_R_NOSPACE);
 	isc_buffer_putuint16(buffer,
 			 rdataset-type);
Index: src/dist/bind/lib/dns/rdataset.c
diff -u src/dist/bind/lib/dns/rdataset.c:1.1.1.3.4.2 src/dist/bind/lib/dns/rdataset.c:1.1.1.3.4.3
--- src/dist/bind/lib/dns/rdataset.c:1.1.1.3.4.2	Sun Jan 23 21:47:39 2011
+++ src/dist/bind/lib/dns/rdataset.c	Sat Jun 18 10:36:31 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdataset.c,v 1.1.1.3.4.2 2011/01/23 21:47:39 bouyer Exp $	*/
+/*	$NetBSD: rdataset.c,v 1.1.1.3.4.3 2011/06/18 10:36:31 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2006, 2009, 2010  Internet Systems Consortium, Inc. (ISC)
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* Id: rdataset.c,v 1.72.18.9 2010/02/26 23:46:36 tbox

CVS commit: [netbsd-4] src/dist/bind/lib/isc/alpha/include/isc

2011-01-29 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sat Jan 29 17:37:27 UTC 2011

Modified Files:
src/dist/bind/lib/isc/alpha/include/isc [netbsd-4]: atomic.h

Log Message:
Add __unused to inline functions; fix alpha build after ticket #1413


To generate a diff of this commit:
cvs rdiff -u -r1.2.2.3 -r1.2.2.4 \
src/dist/bind/lib/isc/alpha/include/isc/atomic.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/lib/isc/alpha/include/isc/atomic.h
diff -u src/dist/bind/lib/isc/alpha/include/isc/atomic.h:1.2.2.3 src/dist/bind/lib/isc/alpha/include/isc/atomic.h:1.2.2.4
--- src/dist/bind/lib/isc/alpha/include/isc/atomic.h:1.2.2.3	Sun Jan 23 21:47:43 2011
+++ src/dist/bind/lib/isc/alpha/include/isc/atomic.h	Sat Jan 29 17:37:27 2011
@@ -1,4 +1,4 @@
-/*$NetBSD: atomic.h,v 1.2.2.3 2011/01/23 21:47:43 bouyer Exp $  */
+/*$NetBSD: atomic.h,v 1.2.2.4 2011/01/29 17:37:27 bouyer Exp $  */
 
 /*
  * Copyright (C) 2005, 2009  Internet Systems Consortium, Inc. (ISC)
@@ -68,7 +68,7 @@
  * can be critical, so we add explicit memory block instructions at the
  * beginning and the end of it (same for other functions).
  */
-static inline isc_int32_t
+static inline isc_int32_t __unused
 isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
 	return (asm(mb;
 		1:
@@ -84,7 +84,7 @@
 /*
  * This routine atomically stores the value 'val' in 'p'.
  */
-static inline void
+static inline void __unused
 isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
 	(void)asm(mb;
 		  1:
@@ -101,7 +101,7 @@
  * original value is equal to 'cmpval'.  The original value is returned in any
  * case.
  */
-static inline isc_int32_t
+static inline isc_int32_t __unused
 isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
 
 	return(asm(mb;
@@ -118,7 +118,7 @@
 		   p, cmpval, val));
 }
 #elif defined (ISC_PLATFORM_USEGCCASM)
-static inline isc_int32_t
+static inline isc_int32_t __unused
 isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
 	isc_int32_t temp, prev;
 
@@ -138,7 +138,7 @@
 	return (prev);
 }
 
-static inline void
+static inline void __unused
 isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
 	isc_int32_t temp;
 
@@ -155,7 +155,7 @@
 		: memory);
 }
 
-static inline isc_int32_t
+static inline isc_int32_t __unused
 isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
 	isc_int32_t temp, prev;

CVS commit: [netbsd-4] src/dist/bind/bin/named

2009-07-28 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Tue Jul 28 22:18:51 UTC 2009

Modified Files:
src/dist/bind/bin/named [netbsd-4]: update.c

Log Message:
Apply patch (requested by christos in ticket #1347):
Fix CVE-2009-0696.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.2 -r1.1.1.4.4.3 src/dist/bind/bin/named/update.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/bin/named/update.c
diff -u src/dist/bind/bin/named/update.c:1.1.1.4.4.2 src/dist/bind/bin/named/update.c:1.1.1.4.4.3
--- src/dist/bind/bin/named/update.c:1.1.1.4.4.2	Wed Jul 16 01:56:33 2008
+++ src/dist/bind/bin/named/update.c	Tue Jul 28 22:18:51 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: update.c,v 1.1.1.4.4.2 2008/07/16 01:56:33 snj Exp $	*/
+/*	$NetBSD: update.c,v 1.1.1.4.4.3 2009/07/28 22:18:51 snj Exp $	*/
 
 /*
  * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. (ISC)
@@ -863,7 +863,11 @@
 			if (type == dns_rdatatype_rrsig ||
 			type == dns_rdatatype_sig)
 covers = dns_rdata_covers(t-rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+dns_db_detachnode(db, node);
+dns_diff_clear(trash);
+return (DNS_R_NXRRSET);
+			} else
 covers = 0;
 
 			/*

CVS commit: [netbsd-4] src/dist/bind

CVS commit: [netbsd-4] src/dist/bind

CVS commit: [netbsd-4] src/dist/bind

CVS commit: [netbsd-4] src/dist/bind

CVS commit: [netbsd-4] src/dist/bind/lib/dns

CVS commit: [netbsd-4] src/dist/bind

CVS commit: [netbsd-4] src/dist/bind/lib/isc/alpha/include/isc

CVS commit: [netbsd-4] src/dist/bind/bin/named

8 matches

Site Navigation

Mail list logo

Footer information