Module Name:src
Committed By: msaitoh
Date: Mon Feb 23 09:37:48 UTC 2015
Modified Files:
src/dist/bind/lib/dns [netbsd-5-2]: zone.c
Log Message:
Pull up following revision(s) (requested by spz in ticket #1950):
dist/bind/lib/dns/zone.cpatch
Patch for CVE-2015-1349: Revoking a managed trust anchor and supplying
an untrusted replacement could cause named to crash with an assertion
failure.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6.4.4 -r1.1.1.6.4.4.2.1 src/dist/bind/lib/dns/zone.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/bind/lib/dns/zone.c
diff -u src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4 src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4.2.1
--- src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4 Wed Jul 25 11:58:51 2012
+++ src/dist/bind/lib/dns/zone.c Mon Feb 23 09:37:48 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: zone.c,v 1.1.1.6.4.4 2012/07/25 11:58:51 jdc Exp $ */
+/* $NetBSD: zone.c,v 1.1.1.6.4.4.2.1 2015/02/23 09:37:48 msaitoh Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
@@ -7671,8 +7671,15 @@ keyfetch_done(isc_task_t *task, isc_even
namebuf, tag);
trustkey = ISC_TRUE;
}
+ } else {
+ /*
+ * No previously known key, and the key is not
+ * secure, so skip it.
+ */
+ continue;
}
+
/* Delete old version */
if (deletekey || !newkey)
CHECK(update_one_rr(kfetch->db, ver, &diff,
@@ -7717,7 +7724,7 @@ keyfetch_done(isc_task_t *task, isc_even
trust_key(zone, keyname, &dnskey, mctx);
}
- if (!deletekey)
+ if (secure && !deletekey)
set_refreshkeytimer(zone, &keydata, now);
}