CVS commit: [netbsd-4] src/dist/bind

Tue, 05 Jun 2012 13:00:41 -0700 

Module Name:    src
Committed By:   bouyer
Date:           Tue Jun  5 20:01:03 UTC 2012

Modified Files:
        src/dist/bind [netbsd-4]: CHANGES version
        src/dist/bind/lib/dns [netbsd-4]: rdata.c rdataslab.c

Log Message:
Apply patch, requested by christos in ticket #1447
        dist/bind/CHANGES                               patch
        dist/bind/version                               patch
        dist/bind/lib/dns/rdata.c                       patch
        dist/bind/lib/dns/rdataslab.c                   patch
Update bind to 9.4-ESV-R4-P2
3331.  [security]      dns_rdataslab_fromrdataset could produce bad
                       rdataslabs. [RT #29644]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.8 -r1.1.1.4.4.9 src/dist/bind/CHANGES \
    src/dist/bind/version
cvs rdiff -u -r1.1.1.3.4.2 -r1.1.1.3.4.3 src/dist/bind/lib/dns/rdata.c
cvs rdiff -u -r1.1.1.3.4.3 -r1.1.1.3.4.4 src/dist/bind/lib/dns/rdataslab.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.4.4.8 src/dist/bind/CHANGES:1.1.1.4.4.9
--- src/dist/bind/CHANGES:1.1.1.4.4.8	Sun Nov 20 13:02:25 2011
+++ src/dist/bind/CHANGES	Tue Jun  5 20:01:02 2012
@@ -1,3 +1,8 @@
+	--- 9.4-ESV-R4-P2 released ---
+
+3331.	[security]	dns_rdataslab_fromrdataset could produce bad
+			rdataslabs. [RT #29644]
+
 3218.   [security]      Cache lookup could return RRSIG data associated with
                         nonexistent records, leading to an assertion
                         failure. [RT #26590]
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.4.4.8 src/dist/bind/version:1.1.1.4.4.9
--- src/dist/bind/version:1.1.1.4.4.8	Sat Jun 18 10:36:30 2011
+++ src/dist/bind/version	Tue Jun  5 20:01:02 2012
@@ -1,4 +1,4 @@
-# $Id: version,v 1.1.1.4.4.8 2011/06/18 10:36:30 bouyer Exp $
+# $Id: version,v 1.1.1.4.4.9 2012/06/05 20:01:02 bouyer Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=4
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R4-P1
+RELEASEVER=-R4-P2

Index: src/dist/bind/lib/dns/rdata.c
diff -u src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.2 src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.3
--- src/dist/bind/lib/dns/rdata.c:1.1.1.3.4.2	Sun Jan 23 21:47:39 2011
+++ src/dist/bind/lib/dns/rdata.c	Tue Jun  5 20:01:02 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdata.c,v 1.1.1.3.4.2 2011/01/23 21:47:39 bouyer Exp $	*/
+/*	$NetBSD: rdata.c,v 1.1.1.3.4.3 2012/06/05 20:01:02 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. ("ISC")
@@ -338,6 +338,8 @@ dns_rdata_compare(const dns_rdata_t *rda
 	REQUIRE(rdata2 != NULL);
 	REQUIRE(rdata1->data != NULL);
 	REQUIRE(rdata2->data != NULL);
+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 

Index: src/dist/bind/lib/dns/rdataslab.c
diff -u src/dist/bind/lib/dns/rdataslab.c:1.1.1.3.4.3 src/dist/bind/lib/dns/rdataslab.c:1.1.1.3.4.4
--- src/dist/bind/lib/dns/rdataslab.c:1.1.1.3.4.3	Sun Jan 23 21:47:39 2011
+++ src/dist/bind/lib/dns/rdataslab.c	Tue Jun  5 20:01:03 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: rdataslab.c,v 1.1.1.3.4.3 2011/01/23 21:47:39 bouyer Exp $	*/
+/*	$NetBSD: rdataslab.c,v 1.1.1.3.4.4 2012/06/05 20:01:03 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
@@ -130,6 +130,11 @@ isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, unsigned int reservelen)
 {
+	/*
+	 * Use &removed as a sentinal pointer for duplicate
+	 * rdata as rdata.data == NULL is valid.
+	 */
+	static unsigned char removed;
 	struct xrdata  *x;
 	unsigned char  *rawbuf;
 #if DNS_RDATASET_FIXED
@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 		INSIST(result == ISC_R_SUCCESS);
 		dns_rdata_init(&x[i].rdata);
 		dns_rdataset_current(rdataset, &x[i].rdata);
+		INSIST(x[i].rdata.data != &removed);
 #if DNS_RDATASET_FIXED
 		x[i].order = i;
 #endif
@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 	 */
 	for (i = 1; i < nalloc; i++) {
 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
-			x[i-1].rdata.data = NULL;
-			x[i-1].rdata.length = 0;
+			x[i-1].rdata.data = &removed;
 #if DNS_RDATASET_FIXED
 			/*
 			 * Preserve the least order so A, B, A -> A, B
@@ -277,7 +282,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 #endif
 
 	for (i = 0; i < nalloc; i++) {
-		if (x[i].rdata.data == NULL)
+		if (x[i].rdata.data == &removed)
 			continue;
 #if DNS_RDATASET_FIXED
 		offsettable[x[i].order] = rawbuf - offsetbase;

Reply via email to