svn commit: r236586 - in head/contrib/bind9: . lib/dns

Doug Barton Mon, 04 Jun 2012 15:12:26 -0700

Author: dougb
Date: Mon Jun  4 22:11:20 2012
New Revision: 236586
URL: http://svn.freebsd.org/changeset/base/236586


Log:
  Upgrade to 9.8.3-P1, the latest from ISC. This version contains
  a critical bugfix:
  
    Processing of DNS resource records where the rdata field is zero length
    may cause various issues for the servers handling them.
  
    Processing of these records may lead to unexpected outcomes. Recursive
    servers may crash or disclose some portion of memory to the client.
    Secondary servers may crash on restart after transferring a zone
    containing these records. Master servers may corrupt zone data if the
    zone option "auto-dnssec" is set to "maintain". Other unexpected
    problems that are not listed here may also be encountered.
  
  All BIND users are strongly encouraged to upgrade.

Modified:
  head/contrib/bind9/CHANGES
  head/contrib/bind9/lib/dns/rdata.c
  head/contrib/bind9/lib/dns/rdataslab.c
  head/contrib/bind9/version
Directory Properties:
  head/contrib/bind9/   (props changed)

Modified: head/contrib/bind9/CHANGES
==============================================================================
--- head/contrib/bind9/CHANGES  Mon Jun  4 22:07:05 2012        (r236585)
+++ head/contrib/bind9/CHANGES  Mon Jun  4 22:11:20 2012        (r236586)
@@ -1,3 +1,8 @@
+       --- 9.8.3-P1 released ---
+
+3331.  [security]      dns_rdataslab_fromrdataset could produce bad
+                       rdataslabs. [RT #29644]
+                       
        --- 9.8.3 released ---
 
 3318.  [tuning]        Reduce the amount of work performed while holding a

Modified: head/contrib/bind9/lib/dns/rdata.c
==============================================================================
--- head/contrib/bind9/lib/dns/rdata.c  Mon Jun  4 22:07:05 2012        
(r236585)
+++ head/contrib/bind9/lib/dns/rdata.c  Mon Jun  4 22:11:20 2012        
(r236586)
@@ -329,8 +329,8 @@ dns_rdata_compare(const dns_rdata_t *rda
 
        REQUIRE(rdata1 != NULL);
        REQUIRE(rdata2 != NULL);
-       REQUIRE(rdata1->data != NULL);
-       REQUIRE(rdata2->data != NULL);
+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 
@@ -360,8 +360,8 @@ dns_rdata_casecompare(const dns_rdata_t 
 
        REQUIRE(rdata1 != NULL);
        REQUIRE(rdata2 != NULL);
-       REQUIRE(rdata1->data != NULL);
-       REQUIRE(rdata2->data != NULL);
+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 

Modified: head/contrib/bind9/lib/dns/rdataslab.c
==============================================================================
--- head/contrib/bind9/lib/dns/rdataslab.c      Mon Jun  4 22:07:05 2012        
(r236585)
+++ head/contrib/bind9/lib/dns/rdataslab.c      Mon Jun  4 22:11:20 2012        
(r236586)
@@ -126,6 +126,11 @@ isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
                           isc_region_t *region, unsigned int reservelen)
 {
+       /*
+        * Use &removed as a sentinal pointer for duplicate
+        * rdata as rdata.data == NULL is valid.
+        */
+       static unsigned char removed;
        struct xrdata  *x;
        unsigned char  *rawbuf;
 #if DNS_RDATASET_FIXED
@@ -169,6 +174,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
                INSIST(result == ISC_R_SUCCESS);
                dns_rdata_init(&x[i].rdata);
                dns_rdataset_current(rdataset, &x[i].rdata);
+               INSIST(x[i].rdata.data != &removed);
 #if DNS_RDATASET_FIXED
                x[i].order = i;
 #endif
@@ -201,8 +207,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
         */
        for (i = 1; i < nalloc; i++) {
                if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
-                       x[i-1].rdata.data = NULL;
-                       x[i-1].rdata.length = 0;
+                       x[i-1].rdata.data = &removed;
 #if DNS_RDATASET_FIXED
                        /*
                         * Preserve the least order so A, B, A -> A, B
@@ -292,7 +297,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 #endif
 
        for (i = 0; i < nalloc; i++) {
-               if (x[i].rdata.data == NULL)
+               if (x[i].rdata.data == &removed)
                        continue;
 #if DNS_RDATASET_FIXED
                offsettable[x[i].order] = rawbuf - offsetbase;

Modified: head/contrib/bind9/version
==============================================================================
--- head/contrib/bind9/version  Mon Jun  4 22:07:05 2012        (r236585)
+++ head/contrib/bind9/version  Mon Jun  4 22:11:20 2012        (r236586)
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=8
 PATCHVER=3
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r236586 - in head/contrib/bind9: . lib/dns

Reply via email to