bind

Manuel Bouyer Wed, 17 Oct 2012 13:50:19 -0700

Module Name:    src
Committed By:   bouyer
Date:           Wed Oct 17 20:50:14 UTC 2012


Modified Files:
        src/dist/bind [netbsd-5-0]: CHANGES version
        src/dist/bind/bin/named [netbsd-5-0]: query.c

Log Message:
Apply patch, requested by spz in ticket #1801:
        dist/bind/CHANGES:                      patch
        dist/bind/version:                      patch
        dist/bind/bin/named/query.c:            patch

fix CVE-2012-5166: Specially crafted DNS data can cause a lockup in named


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.11.8.8 -r1.1.1.11.8.9 src/dist/bind/CHANGES \
    src/dist/bind/version
cvs rdiff -u -r1.8.8.6 -r1.8.8.7 src/dist/bind/bin/named/query.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/bind/CHANGES
diff -u src/dist/bind/CHANGES:1.1.1.11.8.8 src/dist/bind/CHANGES:1.1.1.11.8.9
--- src/dist/bind/CHANGES:1.1.1.11.8.8	Fri Sep 14 00:00:41 2012
+++ src/dist/bind/CHANGES	Wed Oct 17 20:50:13 2012
@@ -1,7 +1,8 @@
-	--- 9.7.3-P4 released ---
+	--- 9.7.6-P4 released ---
 
-3331.	[security]	dns_rdataslab_fromrdataset could produce bad
-			rdataslabs. [RT #29644]
+3383.	[security]	A certain combination of records in the RBT could
+                        cause named to hang while populating the additional
+                        section of a response. [RT #31090]
 
 	--- 9.7.6-P3 released ---
 
Index: src/dist/bind/version
diff -u src/dist/bind/version:1.1.1.11.8.8 src/dist/bind/version:1.1.1.11.8.9
--- src/dist/bind/version:1.1.1.11.8.8	Fri Sep 14 00:00:42 2012
+++ src/dist/bind/version	Wed Oct 17 20:50:14 2012
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=7
 PATCHVER=6
 RELEASETYPE=-P
-RELEASEVER=3
+RELEASEVER=4

Index: src/dist/bind/bin/named/query.c
diff -u src/dist/bind/bin/named/query.c:1.8.8.6 src/dist/bind/bin/named/query.c:1.8.8.7
--- src/dist/bind/bin/named/query.c:1.8.8.6	Wed Jul 25 12:02:52 2012
+++ src/dist/bind/bin/named/query.c	Wed Oct 17 20:50:14 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: query.c,v 1.8.8.6 2012/07/25 12:02:52 jdc Exp $	*/
+/*	$NetBSD: query.c,v 1.8.8.7 2012/10/17 20:50:14 bouyer Exp $	*/
 
 /*
  * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
@@ -1027,13 +1027,6 @@ query_isduplicate(ns_client_t *client, d
 		mname = NULL;
 	}
 
-	/*
-	 * If the dns_name_t we're looking up is already in the message,
-	 * we don't want to trigger the caller's name replacement logic.
-	 */
-	if (name == mname)
-		mname = NULL;
-
 	if (mnamep != NULL)
 	*mnamep = mname;
 
@@ -1232,6 +1225,7 @@ query_addadditional(void *arg, dns_name_
 	if (dns_rdataset_isassociated(rdataset) &&
 	    !query_isduplicate(client, fname, type, &mname)) {
 		if (mname != NULL) {
+			INSIST(mname != fname);
 			query_releasename(client, &fname);
 			fname = mname;
 		} else
@@ -1301,11 +1295,13 @@ query_addadditional(void *arg, dns_name_
 #endif
 			if (!query_isduplicate(client, fname,
 					       dns_rdatatype_a, &mname)) {
-				if (mname != NULL) {
-					query_releasename(client, &fname);
-					fname = mname;
-				} else
-					need_addname = ISC_TRUE;
+				if (mname != fname) {
+					if (mname != NULL) {
+						query_releasename(client, &fname);
+						fname = mname;
+					} else
+						need_addname = ISC_TRUE;
+				}
 				ISC_LIST_APPEND(fname->list, rdataset, link);
 				added_something = ISC_TRUE;
 				if (sigrdataset != NULL &&
@@ -1358,11 +1354,13 @@ query_addadditional(void *arg, dns_name_
 #endif
 			if (!query_isduplicate(client, fname,
 					       dns_rdatatype_aaaa, &mname)) {
-				if (mname != NULL) {
-					query_releasename(client, &fname);
-					fname = mname;
-				} else
-					need_addname = ISC_TRUE;
+				if (mname != fname) {
+					if (mname != NULL) {
+						query_releasename(client, &fname);
+						fname = mname;
+					} else
+						need_addname = ISC_TRUE;
+				}
 				ISC_LIST_APPEND(fname->list, rdataset, link);
 				added_something = ISC_TRUE;
 				if (sigrdataset != NULL &&
@@ -1885,22 +1883,24 @@ query_addadditional2(void *arg, dns_name
 		    crdataset->type == dns_rdatatype_aaaa) {
 			if (!query_isduplicate(client, fname, crdataset->type,
 					       &mname)) {
-				if (mname != NULL) {
-					/*
-					 * A different type of this name is
-					 * already stored in the additional
-					 * section.  We'll reuse the name.
-					 * Note that this should happen at most
-					 * once.  Otherwise, fname->link could
-					 * leak below.
-					 */
-					INSIST(mname0 == NULL);
-
-					query_releasename(client, &fname);
-					fname = mname;
-					mname0 = mname;
-				} else
-					need_addname = ISC_TRUE;
+				if (mname != fname) {
+					if (mname != NULL) {
+						/*
+						 * A different type of this name is
+						 * already stored in the additional
+						 * section.  We'll reuse the name.
+						 * Note that this should happen at most
+						 * once.  Otherwise, fname->link could
+						 * leak below.
+						 */
+						INSIST(mname0 == NULL);
+
+						query_releasename(client, &fname);
+						fname = mname;
+						mname0 = mname;
+					} else
+						need_addname = ISC_TRUE;
+				}
 				ISC_LIST_UNLINK(cfname.list, crdataset, link);
 				ISC_LIST_APPEND(fname->list, crdataset, link);
 				added_something = ISC_TRUE;

CVS commit: [netbsd-5-0] src/dist/bind

Reply via email to