bind

Manuel Bouyer Tue, 05 Jun 2012 12:52:44 -0700

Module Name:    src
Committed By:   bouyer
Date:           Tue Jun  5 19:53:03 UTC 2012


Modified Files:
        src/dist/bind [netbsd-5-1]: CHANGES version
        src/dist/bind/bin/tests/system/unknown [netbsd-5-1]: clean.sh tests.sh
        src/dist/bind/bin/tests/system/unknown/ns1 [netbsd-5-1]: example-in.db
        src/dist/bind/lib/dns [netbsd-5-1]: rdata.c rdataslab.c

Log Message:
Apply patch, requested by christos in ticket #1767
        src/dist/bind/CHANGES                                           patch
        src/dist/bind/version                                           patch
        src/dist/bind/bin/tests/system/unknown/clean.sh                 patch
        src/dist/bind/bin/tests/system/unknown/tests.sh                 patch
        src/dist/bind/bin/tests/system/unknown/ns1/example-in.db        patch
        src/dist/bind/lib/dns/rdata.c                                   patch
        src/dist/bind/lib/dns/rdataslab.c                               patch
Update bind to 9.7.3-P4:
3331.  [security]      dns_rdataslab_fromrdataset could produce bad
                       rdataslabs. [RT #29644]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.11.4.2.2.3 -r1.1.1.11.4.2.2.4 src/dist/bind/CHANGES \
    src/dist/bind/version
cvs rdiff -u -r1.1.1.5.12.1 -r1.1.1.5.12.2 \
    src/dist/bind/bin/tests/system/unknown/clean.sh \
    src/dist/bind/bin/tests/system/unknown/tests.sh
cvs rdiff -u -r1.1.1.5.12.1 -r1.1.1.5.12.2 \
    src/dist/bind/bin/tests/system/unknown/ns1/example-in.db
cvs rdiff -u -r1.1.1.5.4.1.2.2 -r1.1.1.5.4.1.2.3 \
    src/dist/bind/lib/dns/rdata.c src/dist/bind/lib/dns/rdataslab.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.11.4.2.2.3 src/dist/bind/CHANGES:1.1.1.11.4.2.2.4
--- src/dist/bind/CHANGES:1.1.1.11.4.2.2.3	Fri Jul  8 21:04:03 2011
+++ src/dist/bind/CHANGES	Tue Jun  5 19:53:02 2012
@@ -1,3 +1,8 @@
+	--- 9.7.3-P4 released ---
+
+3331.	[security]	dns_rdataslab_fromrdataset could produce bad
+			rdataslabs. [RT #29644]
+
 	--- 9.7.3-P3 released ---
 
 3124.	[bug]		Use an rdataset attribute flag to indicate
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.11.4.2.2.3 src/dist/bind/version:1.1.1.11.4.2.2.4
--- src/dist/bind/version:1.1.1.11.4.2.2.3	Fri Jul  8 21:04:03 2011
+++ src/dist/bind/version	Tue Jun  5 19:53:02 2012
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=7
 PATCHVER=3
 RELEASETYPE=-P
-RELEASEVER=3
+RELEASEVER=4

Index: src/dist/bind/bin/tests/system/unknown/clean.sh
diff -u src/dist/bind/bin/tests/system/unknown/clean.sh:1.1.1.5.12.1 src/dist/bind/bin/tests/system/unknown/clean.sh:1.1.1.5.12.2
--- src/dist/bind/bin/tests/system/unknown/clean.sh:1.1.1.5.12.1	Sat Jun 18 11:27:46 2011
+++ src/dist/bind/bin/tests/system/unknown/clean.sh	Tue Jun  5 19:53:02 2012
@@ -19,3 +19,6 @@
 
 rm -f dig.out
 rm -f */named.memstats
+rm -f */*.bk
+rm -f */*.bk.*
+rm -f ns3/Kexample.*
Index: src/dist/bind/bin/tests/system/unknown/tests.sh
diff -u src/dist/bind/bin/tests/system/unknown/tests.sh:1.1.1.5.12.1 src/dist/bind/bin/tests/system/unknown/tests.sh:1.1.1.5.12.2
--- src/dist/bind/bin/tests/system/unknown/tests.sh:1.1.1.5.12.1	Sat Jun 18 11:27:46 2011
+++ src/dist/bind/bin/tests/system/unknown/tests.sh	Tue Jun  5 19:53:02 2012
@@ -22,13 +22,13 @@ SYSTEMTESTTOP=..
 
 status=0
 
-DIGOPTS="@10.53.0.1 -p 5300"
+DIGOPTS="-p 5300"
 
 echo "I:querying for various representations of an IN A record"
 for i in 1 2 3 4 5 6 7 8 9 10 11 12
 do
 	ret=0
-	$DIG +short $DIGOPTS a$i.example a in > dig.out || ret=1
+	$DIG +short $DIGOPTS @10.53.0.1 a$i.example a in > dig.out || ret=1
 	echo 10.0.0.1 | diff - dig.out || ret=1
 	if [ $ret != 0 ]
 	then
@@ -41,7 +41,7 @@ echo "I:querying for various representat
 for i in 1 2 3 4 5 6 7
 do
 	ret=0
-	$DIG +short $DIGOPTS txt$i.example txt in > dig.out || ret=1
+	$DIG +short $DIGOPTS @10.53.0.1 txt$i.example txt in > dig.out || ret=1
 	echo '"hello"' | diff - dig.out || ret=1
 	if [ $ret != 0 ]
 	then
@@ -54,7 +54,7 @@ echo "I:querying for various representat
 for i in 1 2 3
 do
 	ret=0
-	$DIG +short $DIGOPTS unk$i.example type123 in > dig.out || ret=1
+	$DIG +short $DIGOPTS @10.53.0.1 unk$i.example type123 in > dig.out || ret=1
 	echo '\# 1 00' | diff - dig.out || ret=1
 	if [ $ret != 0 ]
 	then
@@ -67,7 +67,7 @@ echo "I:querying for various representat
 for i in 1 2
 do
 	ret=0
-	$DIG +short $DIGOPTS a$i.example a class10 > dig.out || ret=1
+	$DIG +short $DIGOPTS @10.53.0.1 a$i.example a class10 > dig.out || ret=1
 	echo '\# 4 0A000001' | diff - dig.out || ret=1
 	if [ $ret != 0 ]
 	then
@@ -80,7 +80,7 @@ echo "I:querying for various representat
 for i in 1 2 3 4
 do
 	ret=0
-	$DIG +short $DIGOPTS txt$i.example txt class10 > dig.out || ret=1
+	$DIG +short $DIGOPTS @10.53.0.1 txt$i.example txt class10 > dig.out || ret=1
 	echo '"hello"' | diff - dig.out || ret=1
 	if [ $ret != 0 ]
 	then
@@ -93,7 +93,7 @@ echo "I:querying for various representat
 for i in 1 2
 do
 	ret=0
-	$DIG +short $DIGOPTS unk$i.example type123 class10 > dig.out || ret=1
+	$DIG +short $DIGOPTS @10.53.0.1 unk$i.example type123 class10 > dig.out || ret=1
 	echo '\# 1 00' | diff - dig.out || ret=1
 	if [ $ret != 0 ]
 	then
@@ -102,11 +102,25 @@ do
 	status=`expr $status + $ret`
 done
 
+echo "I:querying for NULL record"
+ret=0
+$DIG +short $DIGOPTS @10.53.0.1 null.example null in > dig.out || ret=1
+echo '\# 1 00' | diff - dig.out || ret=1
+[ $ret = 0 ] || echo "I: failed"
+status=`expr $status + $ret`
+ 
+echo "I:querying for empty NULL record"
+ret=0
+$DIG +short $DIGOPTS @10.53.0.1 empty.example null in > dig.out || ret=1
+echo '\# 0' | diff - dig.out || ret=1
+[ $ret = 0 ] || echo "I: failed"
+status=`expr $status + $ret`
+
 echo "I:querying for SOAs of zone that should have failed to load"
 for i in 1 2 3 4
 do
 	ret=0
-	$DIG $DIGOPTS broken$i. soa in > dig.out || ret=1
+	$DIG $DIGOPTS @10.53.0.1 broken$i. soa in > dig.out || ret=1
 	grep "SERVFAIL" dig.out > /dev/null || ret=1
 	if [ $ret != 0 ]
 	then
@@ -115,5 +129,30 @@ do
 	status=`expr $status + $ret`
 done
 
+echo "I:checking large unknown record loading on master"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 +tcp +short large.example TYPE45234 > dig.out || { ret=1 ; echo I: dig failed ; }
+diff -s large.out dig.out > /dev/null || { ret=1 ; echo "I: diff failed"; }
+[ $ret = 0 ] || echo "I: failed"
+status=`expr $status + $ret`
+
+echo "I:checking large unknown record loading on slave"
+ret=0
+$DIG $DIGOPTS @10.53.0.2 +tcp +short large.example TYPE45234 > dig.out || { ret=1 ; echo I: dig failed ; }
+diff -s large.out dig.out > /dev/null || { ret=1 ; echo "I: diff failed"; }
+[ $ret = 0 ] || echo "I: failed"
+status=`expr $status + $ret`
+
+echo "I:stop and restart slave"
+$PERL $SYSTEMTESTTOP/stop.pl . ns2
+$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns2
+
+echo "I:checking large unknown record loading on slave"
+ret=0
+$DIG $DIGOPTS @10.53.0.2 +tcp +short large.example TYPE45234 > dig.out || { ret=1 ; echo I: dig failed ; }
+diff -s large.out dig.out > /dev/null || { ret=1 ; echo "I: diff failed"; }
+[ $ret = 0 ] || echo "I: failed"
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status

Index: src/dist/bind/bin/tests/system/unknown/ns1/example-in.db
diff -u src/dist/bind/bin/tests/system/unknown/ns1/example-in.db:1.1.1.5.12.1 src/dist/bind/bin/tests/system/unknown/ns1/example-in.db:1.1.1.5.12.2
--- src/dist/bind/bin/tests/system/unknown/ns1/example-in.db:1.1.1.5.12.1	Sat Jun 18 11:27:47 2011
+++ src/dist/bind/bin/tests/system/unknown/ns1/example-in.db	Tue Jun  5 19:53:02 2012
@@ -39,6 +39,13 @@ a10		IN	TYPE1	\# 4 0A000001
 a11		IN	TYPE1	\# 4 0a000001
 a12		IN	A	\# 4 0A000001
 
+null		IN	NULL	\# 1 00
+empty		IN	NULL	\# 0
+empty		IN	TYPE124	\# 0
+
+emptyplus	IN	TYPE125 \# 0
+emptyplus	IN	TYPE125 \# 1 11
+
 txt1		IN	TXT	"hello"
 txt2		CLASS1	TXT	"hello"
 txt3		IN	TYPE16	"hello"
@@ -50,3 +57,4 @@ txt7		IN	TXT	\# 6 0568656C6C6F
 unk1			TYPE123	\# 1 00
 unk2		CLASS1	TYPE123	\# 1 00
 unk3		IN	TYPE123	\# 1 00
+$INCLUDE large.db

Index: src/dist/bind/lib/dns/rdata.c
diff -u src/dist/bind/lib/dns/rdata.c:1.1.1.5.4.1.2.2 src/dist/bind/lib/dns/rdata.c:1.1.1.5.4.1.2.3
--- src/dist/bind/lib/dns/rdata.c:1.1.1.5.4.1.2.2	Sat Jun 18 11:28:27 2011
+++ src/dist/bind/lib/dns/rdata.c	Tue Jun  5 19:53:03 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdata.c,v 1.1.1.5.4.1.2.2 2011/06/18 11:28:27 bouyer Exp $	*/
+/*	$NetBSD: rdata.c,v 1.1.1.5.4.1.2.3 2012/06/05 19:53:03 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
@@ -327,8 +327,8 @@ dns_rdata_compare(const dns_rdata_t *rda
 
 	REQUIRE(rdata1 != NULL);
 	REQUIRE(rdata2 != NULL);
-	REQUIRE(rdata1->data != NULL);
-	REQUIRE(rdata2->data != NULL);
+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 
@@ -358,8 +358,8 @@ dns_rdata_casecompare(const dns_rdata_t 
 
 	REQUIRE(rdata1 != NULL);
 	REQUIRE(rdata2 != NULL);
-	REQUIRE(rdata1->data != NULL);
-	REQUIRE(rdata2->data != NULL);
+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 
Index: src/dist/bind/lib/dns/rdataslab.c
diff -u src/dist/bind/lib/dns/rdataslab.c:1.1.1.5.4.1.2.2 src/dist/bind/lib/dns/rdataslab.c:1.1.1.5.4.1.2.3
--- src/dist/bind/lib/dns/rdataslab.c:1.1.1.5.4.1.2.2	Sat Jun 18 11:28:28 2011
+++ src/dist/bind/lib/dns/rdataslab.c	Tue Jun  5 19:53:03 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdataslab.c,v 1.1.1.5.4.1.2.2 2011/06/18 11:28:28 bouyer Exp $	*/
+/*	$NetBSD: rdataslab.c,v 1.1.1.5.4.1.2.3 2012/06/05 19:53:03 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
@@ -127,6 +127,11 @@ isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, unsigned int reservelen)
 {
+	/*
+	 * Use &removed as a sentinal pointer for duplicate
+	 * rdata as rdata.data == NULL is valid.
+	 */
+	static unsigned char removed;
 	struct xrdata  *x;
 	unsigned char  *rawbuf;
 #if DNS_RDATASET_FIXED
@@ -166,6 +171,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 		INSIST(result == ISC_R_SUCCESS);
 		dns_rdata_init(&x[i].rdata);
 		dns_rdataset_current(rdataset, &x[i].rdata);
+		INSIST(x[i].rdata.data != &removed);
 #if DNS_RDATASET_FIXED
 		x[i].order = i;
 #endif
@@ -198,8 +204,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 	 */
 	for (i = 1; i < nalloc; i++) {
 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
-			x[i-1].rdata.data = NULL;
-			x[i-1].rdata.length = 0;
+			x[i-1].rdata.data = &removed;
 #if DNS_RDATASET_FIXED
 			/*
 			 * Preserve the least order so A, B, A -> A, B
@@ -286,7 +291,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 #endif
 
 	for (i = 0; i < nalloc; i++) {
-		if (x[i].rdata.data == NULL)
+		if (x[i].rdata.data == &removed)
 			continue;
 #if DNS_RDATASET_FIXED
 		offsettable[x[i].order] = rawbuf - offsetbase;

CVS commit: [netbsd-5-1] src/dist/bind

Reply via email to