Module Name: src Committed By: bouyer Date: Wed Oct 17 20:50:14 UTC 2012
Modified Files: src/dist/bind [netbsd-5-0]: CHANGES version src/dist/bind/bin/named [netbsd-5-0]: query.c Log Message: Apply patch, requested by spz in ticket #1801: dist/bind/CHANGES: patch dist/bind/version: patch dist/bind/bin/named/query.c: patch fix CVE-2012-5166: Specially crafted DNS data can cause a lockup in named To generate a diff of this commit: cvs rdiff -u -r1.1.1.11.8.8 -r1.1.1.11.8.9 src/dist/bind/CHANGES \ src/dist/bind/version cvs rdiff -u -r1.8.8.6 -r1.8.8.7 src/dist/bind/bin/named/query.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/dist/bind/CHANGES diff -u src/dist/bind/CHANGES:1.1.1.11.8.8 src/dist/bind/CHANGES:1.1.1.11.8.9 --- src/dist/bind/CHANGES:1.1.1.11.8.8 Fri Sep 14 00:00:41 2012 +++ src/dist/bind/CHANGES Wed Oct 17 20:50:13 2012 @@ -1,7 +1,8 @@ - --- 9.7.3-P4 released --- + --- 9.7.6-P4 released --- -3331. [security] dns_rdataslab_fromrdataset could produce bad - rdataslabs. [RT #29644] +3383. [security] A certain combination of records in the RBT could + cause named to hang while populating the additional + section of a response. [RT #31090] --- 9.7.6-P3 released --- Index: src/dist/bind/version diff -u src/dist/bind/version:1.1.1.11.8.8 src/dist/bind/version:1.1.1.11.8.9 --- src/dist/bind/version:1.1.1.11.8.8 Fri Sep 14 00:00:42 2012 +++ src/dist/bind/version Wed Oct 17 20:50:14 2012 @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=7 PATCHVER=6 RELEASETYPE=-P -RELEASEVER=3 +RELEASEVER=4 Index: src/dist/bind/bin/named/query.c diff -u src/dist/bind/bin/named/query.c:1.8.8.6 src/dist/bind/bin/named/query.c:1.8.8.7 --- src/dist/bind/bin/named/query.c:1.8.8.6 Wed Jul 25 12:02:52 2012 +++ src/dist/bind/bin/named/query.c Wed Oct 17 20:50:14 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: query.c,v 1.8.8.6 2012/07/25 12:02:52 jdc Exp $ */ +/* $NetBSD: query.c,v 1.8.8.7 2012/10/17 20:50:14 bouyer Exp $ */ /* * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") @@ -1027,13 +1027,6 @@ query_isduplicate(ns_client_t *client, d mname = NULL; } - /* - * If the dns_name_t we're looking up is already in the message, - * we don't want to trigger the caller's name replacement logic. - */ - if (name == mname) - mname = NULL; - if (mnamep != NULL) *mnamep = mname; @@ -1232,6 +1225,7 @@ query_addadditional(void *arg, dns_name_ if (dns_rdataset_isassociated(rdataset) && !query_isduplicate(client, fname, type, &mname)) { if (mname != NULL) { + INSIST(mname != fname); query_releasename(client, &fname); fname = mname; } else @@ -1301,11 +1295,13 @@ query_addadditional(void *arg, dns_name_ #endif if (!query_isduplicate(client, fname, dns_rdatatype_a, &mname)) { - if (mname != NULL) { - query_releasename(client, &fname); - fname = mname; - } else - need_addname = ISC_TRUE; + if (mname != fname) { + if (mname != NULL) { + query_releasename(client, &fname); + fname = mname; + } else + need_addname = ISC_TRUE; + } ISC_LIST_APPEND(fname->list, rdataset, link); added_something = ISC_TRUE; if (sigrdataset != NULL && @@ -1358,11 +1354,13 @@ query_addadditional(void *arg, dns_name_ #endif if (!query_isduplicate(client, fname, dns_rdatatype_aaaa, &mname)) { - if (mname != NULL) { - query_releasename(client, &fname); - fname = mname; - } else - need_addname = ISC_TRUE; + if (mname != fname) { + if (mname != NULL) { + query_releasename(client, &fname); + fname = mname; + } else + need_addname = ISC_TRUE; + } ISC_LIST_APPEND(fname->list, rdataset, link); added_something = ISC_TRUE; if (sigrdataset != NULL && @@ -1885,22 +1883,24 @@ query_addadditional2(void *arg, dns_name crdataset->type == dns_rdatatype_aaaa) { if (!query_isduplicate(client, fname, crdataset->type, &mname)) { - if (mname != NULL) { - /* - * A different type of this name is - * already stored in the additional - * section. We'll reuse the name. - * Note that this should happen at most - * once. Otherwise, fname->link could - * leak below. - */ - INSIST(mname0 == NULL); - - query_releasename(client, &fname); - fname = mname; - mname0 = mname; - } else - need_addname = ISC_TRUE; + if (mname != fname) { + if (mname != NULL) { + /* + * A different type of this name is + * already stored in the additional + * section. We'll reuse the name. + * Note that this should happen at most + * once. Otherwise, fname->link could + * leak below. + */ + INSIST(mname0 == NULL); + + query_releasename(client, &fname); + fname = mname; + mname0 = mname; + } else + need_addname = ISC_TRUE; + } ISC_LIST_UNLINK(cfname.list, crdataset, link); ISC_LIST_APPEND(fname->list, crdataset, link); added_something = ISC_TRUE;