Module Name: src Committed By: msaitoh Date: Mon Feb 23 09:32:26 UTC 2015
Modified Files: src/dist/bind/lib/dns [netbsd-5]: zone.c Log Message: Pull up following revision(s) (requested by spz in ticket #1950): dist/bind/lib/dns/zone.c patch Patch for CVE-2015-1349: Revoking a managed trust anchor and supplying an untrusted replacement could cause named to crash with an assertion failure. To generate a diff of this commit: cvs rdiff -u -r1.1.1.6.4.4 -r1.1.1.6.4.5 src/dist/bind/lib/dns/zone.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/dist/bind/lib/dns/zone.c diff -u src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4 src/dist/bind/lib/dns/zone.c:1.1.1.6.4.5 --- src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4 Wed Jul 25 11:58:51 2012 +++ src/dist/bind/lib/dns/zone.c Mon Feb 23 09:32:26 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: zone.c,v 1.1.1.6.4.4 2012/07/25 11:58:51 jdc Exp $ */ +/* $NetBSD: zone.c,v 1.1.1.6.4.5 2015/02/23 09:32:26 msaitoh Exp $ */ /* * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") @@ -7671,8 +7671,15 @@ keyfetch_done(isc_task_t *task, isc_even namebuf, tag); trustkey = ISC_TRUE; } + } else { + /* + * No previously known key, and the key is not + * secure, so skip it. + */ + continue; } + /* Delete old version */ if (deletekey || !newkey) CHECK(update_one_rr(kfetch->db, ver, &diff, @@ -7717,7 +7724,7 @@ keyfetch_done(isc_task_t *task, isc_even trust_key(zone, keyname, &dnskey, mctx); } - if (!deletekey) + if (secure && !deletekey) set_refreshkeytimer(zone, &keydata, now); }