Module Name: src
Committed By: spz
Date: Tue Jan 14 08:03:07 UTC 2014
Modified Files:
src/external/bsd/bind/dist: version
src/external/bsd/bind/dist/bin/named: query.c
Log Message:
a fix by ISC for CVE-2014-0591:
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/version
cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/bin/named/query.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/bind/dist/version
diff -u src/external/bsd/bind/dist/version:1.7 src/external/bsd/bind/dist/version:1.8
--- src/external/bsd/bind/dist/version:1.7 Tue Dec 31 20:24:38 2013
+++ src/external/bsd/bind/dist/version Tue Jan 14 08:03:07 2014
@@ -4,10 +4,10 @@
# configure.
#
PRODUCT=BIND
-DESCRIPTION="(Extended Support Version)"
+DESCRIPTION="(Development release)"
MAJORVER=9
MINORVER=9
PATCHVER=5
RELEASETYPE=b
RELEASEVER=1
-EXTENSIONS=
+EXTENSIONS=nb1
Index: src/external/bsd/bind/dist/bin/named/query.c
diff -u src/external/bsd/bind/dist/bin/named/query.c:1.12 src/external/bsd/bind/dist/bin/named/query.c:1.13
--- src/external/bsd/bind/dist/bin/named/query.c:1.12 Tue Dec 31 20:24:39 2013
+++ src/external/bsd/bind/dist/bin/named/query.c Tue Jan 14 08:03:07 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.12 2013/12/31 20:24:39 christos Exp $ */
+/* $NetBSD: query.c,v 1.13 2014/01/14 08:03:07 spz Exp $ */
/*
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
@@ -5263,8 +5263,7 @@ query_findclosestnsec3(dns_name_t *qname
dns_fixedname_t fixed;
dns_hash_t hash;
dns_name_t name;
- int order;
- unsigned int count;
+ unsigned int skip = 0, labels;
dns_rdata_nsec3_t nsec3;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_boolean_t optout;
@@ -5279,6 +5278,7 @@ query_findclosestnsec3(dns_name_t *qname
dns_name_init(&name, NULL);
dns_name_clone(qname, &name);
+ labels = dns_name_countlabels(&name);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
@@ -5312,13 +5312,14 @@ query_findclosestnsec3(dns_name_t *qname
dns_rdata_reset(&rdata);
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
if (found != NULL && optout &&
- dns_name_fullcompare(&name, dns_db_origin(db), &order,
- &count) == dns_namereln_subdomain) {
+ dns_name_issubdomain(&name, dns_db_origin(db)))
+ {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset);
- count = dns_name_countlabels(&name) - 1;
- dns_name_getlabelsequence(&name, 1, count, &name);
+ skip++;
+ dns_name_getlabelsequence(qname, skip, labels - skip,
+ &name);
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
"looking for closest provable encloser");
@@ -5336,7 +5337,11 @@ query_findclosestnsec3(dns_name_t *qname
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
"expected covering NSEC3, got an exact match");
- if (found != NULL)
+ if (found == qname) {
+ if (skip != 0U)
+ dns_name_getlabelsequence(qname, skip, labels - skip,
+ found);
+ } else if (found != NULL)
dns_name_copy(&name, found, NULL);
return;
}
