CVS commit: [netbsd-5-1] src/dist/bind/bin/named

[Manuel Bouyer]

Module Name:    src
Committed By:   bouyer
Date:           Wed Jan 15 10:11:37 UTC 2014

Modified Files:
        src/dist/bind/bin/named [netbsd-5-1]: query.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1897):
        dist/bind/bin/named/query.c: patch
a fix by ISC for CVE-2014-0591:
3693.  [security]      memcpy was incorrectly called with overlapping
                       ranges resulting in malformed names being generated
                       on some platforms.  This could cause INSIST failures
                       when serving NSEC3 signed zones.  [RT #35120]


To generate a diff of this commit:
cvs rdiff -u -r1.8.4.2.2.5 -r1.8.4.2.2.6 src/dist/bind/bin/named/query.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/dist/bind/bin/named/query.c
diff -u src/dist/bind/bin/named/query.c:1.8.4.2.2.5 src/dist/bind/bin/named/query.c:1.8.4.2.2.6
--- src/dist/bind/bin/named/query.c:1.8.4.2.2.5	Wed Oct 17 20:50:03 2012
+++ src/dist/bind/bin/named/query.c	Wed Jan 15 10:11:37 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: query.c,v 1.8.4.2.2.5 2012/10/17 20:50:03 bouyer Exp $	*/
+/*	$NetBSD: query.c,v 1.8.4.2.2.6 2014/01/15 10:11:37 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
@@ -3674,8 +3674,7 @@ query_findclosestnsec3(dns_name_t *qname
 	dns_fixedname_t fixed;
 	dns_hash_t hash;
 	dns_name_t name;
-	int order;
-	unsigned int count;
+	unsigned int skip = 0, labels;
 	dns_rdata_nsec3_t nsec3;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	isc_boolean_t optout;
@@ -3688,6 +3687,7 @@ query_findclosestnsec3(dns_name_t *qname
 
 	dns_name_init(&name, NULL);
 	dns_name_clone(qname, &name);
+	labels = dns_name_countlabels(&name);
 
 	/*
 	 * Map unknown algorithm to known value.
@@ -3719,13 +3719,14 @@ query_findclosestnsec3(dns_name_t *qname
 		dns_rdata_reset(&rdata);
 		optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
 		if (found != NULL && optout &&
-		    dns_name_fullcompare(&name, dns_db_origin(db), &order,
-					 &count) == dns_namereln_subdomain) {
+		    dns_name_issubdomain(&name, dns_db_origin(db)))
+		{
 			dns_rdataset_disassociate(rdataset);
 			if (dns_rdataset_isassociated(sigrdataset))
 				dns_rdataset_disassociate(sigrdataset);
-			count = dns_name_countlabels(&name) - 1;
-			dns_name_getlabelsequence(&name, 1, count, &name);
+			skip++;
+			dns_name_getlabelsequence(qname, skip, labels - skip,
+			                          &name);
 			ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
 				      NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
 				      "looking for closest provable encloser");
@@ -3743,7 +3744,11 @@ query_findclosestnsec3(dns_name_t *qname
 		ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
 			      NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
 			      "expected covering NSEC3, got an exact match");
-	if (found != NULL)
+	if (found == qname) {
+		if (skip != 0U)
+			dns_name_getlabelsequence(qname, skip, labels - skip,
+						  found);
+	} else if (found != NULL)
 		dns_name_copy(&name, found, NULL);
 	return;
 }