Module Name: src Committed By: spz Date: Tue Jan 14 08:03:07 UTC 2014
Modified Files: src/external/bsd/bind/dist: version src/external/bsd/bind/dist/bin/named: query.c Log Message: a fix by ISC for CVE-2014-0591: 3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures when serving NSEC3 signed zones. [RT #35120] To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/version cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/bin/named/query.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/bind/dist/version diff -u src/external/bsd/bind/dist/version:1.7 src/external/bsd/bind/dist/version:1.8 --- src/external/bsd/bind/dist/version:1.7 Tue Dec 31 20:24:38 2013 +++ src/external/bsd/bind/dist/version Tue Jan 14 08:03:07 2014 @@ -4,10 +4,10 @@ # configure. # PRODUCT=BIND -DESCRIPTION="(Extended Support Version)" +DESCRIPTION="(Development release)" MAJORVER=9 MINORVER=9 PATCHVER=5 RELEASETYPE=b RELEASEVER=1 -EXTENSIONS= +EXTENSIONS=nb1 Index: src/external/bsd/bind/dist/bin/named/query.c diff -u src/external/bsd/bind/dist/bin/named/query.c:1.12 src/external/bsd/bind/dist/bin/named/query.c:1.13 --- src/external/bsd/bind/dist/bin/named/query.c:1.12 Tue Dec 31 20:24:39 2013 +++ src/external/bsd/bind/dist/bin/named/query.c Tue Jan 14 08:03:07 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: query.c,v 1.12 2013/12/31 20:24:39 christos Exp $ */ +/* $NetBSD: query.c,v 1.13 2014/01/14 08:03:07 spz Exp $ */ /* * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") @@ -5263,8 +5263,7 @@ query_findclosestnsec3(dns_name_t *qname dns_fixedname_t fixed; dns_hash_t hash; dns_name_t name; - int order; - unsigned int count; + unsigned int skip = 0, labels; dns_rdata_nsec3_t nsec3; dns_rdata_t rdata = DNS_RDATA_INIT; isc_boolean_t optout; @@ -5279,6 +5278,7 @@ query_findclosestnsec3(dns_name_t *qname dns_name_init(&name, NULL); dns_name_clone(qname, &name); + labels = dns_name_countlabels(&name); dns_clientinfomethods_init(&cm, ns_client_sourceip); dns_clientinfo_init(&ci, client); @@ -5312,13 +5312,14 @@ query_findclosestnsec3(dns_name_t *qname dns_rdata_reset(&rdata); optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); if (found != NULL && optout && - dns_name_fullcompare(&name, dns_db_origin(db), &order, - &count) == dns_namereln_subdomain) { + dns_name_issubdomain(&name, dns_db_origin(db))) + { dns_rdataset_disassociate(rdataset); if (dns_rdataset_isassociated(sigrdataset)) dns_rdataset_disassociate(sigrdataset); - count = dns_name_countlabels(&name) - 1; - dns_name_getlabelsequence(&name, 1, count, &name); + skip++; + dns_name_getlabelsequence(qname, skip, labels - skip, + &name); ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), "looking for closest provable encloser"); @@ -5336,7 +5337,11 @@ query_findclosestnsec3(dns_name_t *qname ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, NS_LOGMODULE_QUERY, ISC_LOG_WARNING, "expected covering NSEC3, got an exact match"); - if (found != NULL) + if (found == qname) { + if (skip != 0U) + dns_name_getlabelsequence(qname, skip, labels - skip, + found); + } else if (found != NULL) dns_name_copy(&name, found, NULL); return; }