Module Name: src
Committed By: riz
Date: Fri Sep 14 00:00:44 UTC 2012
Modified Files:
src/dist/bind [netbsd-5-0]: CHANGES version
src/dist/bind/lib/dns [netbsd-5-0]: master.c rdata.c rdataslab.c
src/dist/bind/lib/dns/include/dns [netbsd-5-0]: rdata.h
Log Message:
Pull up following revision(s) (requested by 1796 in ticket #spz):
external/bsd/bind/dist/lib/dns/tests/rdata_test.c: revision 1.1
external/bsd/bind/dist/lib/dns/tests/testdata/master/master16.data:
revision 1.1
external/bsd/bind/dist/version: revision 1.3
external/bsd/bind/dist/lib/dns/rdataslab.c: revision 1.6
external/bsd/bind/dist/lib/dns/master.c: revision 1.7
external/bsd/bind/dist/lib/dns/include/dns/rdata.h: revision 1.5
external/bsd/bind/dist/CHANGES: revision 1.6
external/bsd/bind/dist/lib/dns/tests/master_test.c: revision 1.2
external/bsd/bind/dist/lib/dns/tests/testdata/master/master15.data:
revision 1.1
external/bsd/bind/dist/lib/dns/tests/Makefile.in: revision 1.2
external/bsd/bind/dist/lib/dns/rdata.c: revision 1.5
apply fix for CVE-2012-4244 from upstream
upstream changelog:
--- 9.9.1-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.11.8.7 -r1.1.1.11.8.8 src/dist/bind/CHANGES \
src/dist/bind/version
cvs rdiff -u -r1.2.8.4 -r1.2.8.5 src/dist/bind/lib/dns/master.c
cvs rdiff -u -r1.1.1.5.8.5 -r1.1.1.5.8.6 src/dist/bind/lib/dns/rdata.c \
src/dist/bind/lib/dns/rdataslab.c
cvs rdiff -u -r1.1.1.5.8.4 -r1.1.1.5.8.5 \
src/dist/bind/lib/dns/include/dns/rdata.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.11.8.7 src/dist/bind/CHANGES:1.1.1.11.8.8
--- src/dist/bind/CHANGES:1.1.1.11.8.7 Wed Jul 25 12:02:34 2012
+++ src/dist/bind/CHANGES Fri Sep 14 00:00:41 2012
@@ -3,6 +3,11 @@
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
+ --- 9.7.6-P3 released ---
+
+3364. [security] Named could die on specially crafted record.
+ [RT #30416]
+
--- 9.7.6-P2 released ---
3346. [security] Bad-cache data could be used before it was
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.11.8.7 src/dist/bind/version:1.1.1.11.8.8
--- src/dist/bind/version:1.1.1.11.8.7 Wed Jul 25 12:02:40 2012
+++ src/dist/bind/version Fri Sep 14 00:00:42 2012
@@ -7,4 +7,4 @@ MAJORVER=9
MINORVER=7
PATCHVER=6
RELEASETYPE=-P
-RELEASEVER=2
+RELEASEVER=3
Index: src/dist/bind/lib/dns/master.c
diff -u src/dist/bind/lib/dns/master.c:1.2.8.4 src/dist/bind/lib/dns/master.c:1.2.8.5
--- src/dist/bind/lib/dns/master.c:1.2.8.4 Wed Jul 25 12:05:57 2012
+++ src/dist/bind/lib/dns/master.c Fri Sep 14 00:00:42 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: master.c,v 1.2.8.4 2012/07/25 12:05:57 jdc Exp $ */
+/* $NetBSD: master.c,v 1.2.8.5 2012/09/14 00:00:42 riz Exp $ */
/*
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
@@ -77,7 +77,7 @@
/*%
* max message size - header - root - type - class - ttl - rdlen
*/
-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
+#define MINTSIZ DNS_RDATA_MAXLENGTH
/*%
* Size for tokens in the presentation format,
* The largest tokens are the base64 blocks in KEY and CERT records,
Index: src/dist/bind/lib/dns/rdata.c
diff -u src/dist/bind/lib/dns/rdata.c:1.1.1.5.8.5 src/dist/bind/lib/dns/rdata.c:1.1.1.5.8.6
--- src/dist/bind/lib/dns/rdata.c:1.1.1.5.8.5 Wed Jul 25 12:06:02 2012
+++ src/dist/bind/lib/dns/rdata.c Fri Sep 14 00:00:43 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: rdata.c,v 1.1.1.5.8.5 2012/07/25 12:06:02 jdc Exp $ */
+/* $NetBSD: rdata.c,v 1.1.1.5.8.6 2012/09/14 00:00:43 riz Exp $ */
/*
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
@@ -431,6 +431,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
isc_buffer_t st;
isc_boolean_t use_default = ISC_FALSE;
isc_uint32_t activelength;
+ size_t length;
REQUIRE(dctx != NULL);
if (rdata != NULL) {
@@ -461,6 +462,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
}
/*
+ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
+ * as we cannot transmit it.
+ */
+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+ result = DNS_R_FORMERR;
+
+ /*
* We should have consumed all of our buffer.
*/
if (result == ISC_R_SUCCESS && !buffer_empty(source))
@@ -468,8 +477,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
if (rdata != NULL && result == ISC_R_SUCCESS) {
region.base = isc_buffer_used(&st);
- region.length = isc_buffer_usedlength(target) -
- isc_buffer_usedlength(&st);
+ region.length = length;
dns_rdata_fromregion(rdata, rdclass, type, ®ion);
}
@@ -604,6 +612,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
unsigned long line;
void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
isc_result_t tresult;
+ size_t length;
REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
if (rdata != NULL) {
@@ -675,10 +684,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
}
} while (1);
+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+ result = ISC_R_NOSPACE;
+
if (rdata != NULL && result == ISC_R_SUCCESS) {
region.base = isc_buffer_used(&st);
- region.length = isc_buffer_usedlength(target) -
- isc_buffer_usedlength(&st);
+ region.length = length;
dns_rdata_fromregion(rdata, rdclass, type, ®ion);
}
if (result != ISC_R_SUCCESS) {
@@ -806,6 +818,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
isc_buffer_t st;
isc_region_t region;
isc_boolean_t use_default = ISC_FALSE;
+ size_t length;
REQUIRE(source != NULL);
if (rdata != NULL) {
@@ -820,10 +833,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
if (use_default)
(void)NULL;
+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+ result = ISC_R_NOSPACE;
+
if (rdata != NULL && result == ISC_R_SUCCESS) {
region.base = isc_buffer_used(&st);
- region.length = isc_buffer_usedlength(target) -
- isc_buffer_usedlength(&st);
+ region.length = length;
dns_rdata_fromregion(rdata, rdclass, type, ®ion);
}
if (result != ISC_R_SUCCESS)
Index: src/dist/bind/lib/dns/rdataslab.c
diff -u src/dist/bind/lib/dns/rdataslab.c:1.1.1.5.8.5 src/dist/bind/lib/dns/rdataslab.c:1.1.1.5.8.6
--- src/dist/bind/lib/dns/rdataslab.c:1.1.1.5.8.5 Wed Jul 25 12:06:02 2012
+++ src/dist/bind/lib/dns/rdataslab.c Fri Sep 14 00:00:43 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: rdataslab.c,v 1.1.1.5.8.5 2012/07/25 12:06:02 jdc Exp $ */
+/* $NetBSD: rdataslab.c,v 1.1.1.5.8.6 2012/09/14 00:00:43 riz Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
@@ -300,6 +300,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
length = x[i].rdata.length;
if (rdataset->type == dns_rdatatype_rrsig)
length++;
+ INSIST(length <= 0xffff);
*rawbuf++ = (length & 0xff00) >> 8;
*rawbuf++ = (length & 0x00ff);
#if DNS_RDATASET_FIXED
Index: src/dist/bind/lib/dns/include/dns/rdata.h
diff -u src/dist/bind/lib/dns/include/dns/rdata.h:1.1.1.5.8.4 src/dist/bind/lib/dns/include/dns/rdata.h:1.1.1.5.8.5
--- src/dist/bind/lib/dns/include/dns/rdata.h:1.1.1.5.8.4 Wed Jul 25 12:06:17 2012
+++ src/dist/bind/lib/dns/include/dns/rdata.h Fri Sep 14 00:00:43 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: rdata.h,v 1.1.1.5.8.4 2012/07/25 12:06:17 jdc Exp $ */
+/* $NetBSD: rdata.h,v 1.1.1.5.8.5 2012/09/14 00:00:43 riz Exp $ */
/*
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
@@ -149,6 +149,17 @@ struct dns_rdata {
(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
/*
+ * The maximum length of a RDATA that can be sent on the wire.
+ * Max packet size (65535) less header (12), less name (1), type (2),
+ * class (2), ttl(4), length (2).
+ *
+ * None of the defined types that support name compression can exceed
+ * this and all new types are to be sent uncompressed.
+ */
+
+#define DNS_RDATA_MAXLENGTH 65512U
+
+/*
* Flags affecting rdata formatting style. Flags 0xFFFF0000
* are used by masterfile-level formatting and defined elsewhere.
* See additional comments at dns_rdata_tofmttext().
