Tags: security, patch find the Ubuntu patch attached.
best regards,
Adi Kriegisch
=== modified file 'bin/named/query.c'
--- bin/named/query.c 2011-11-16 14:22:11 +0000
+++ bin/named/query.c 2012-10-05 09:45:39 +0000
@@ -1024,13 +1024,6 @@
mname = NULL;
}
- /*
- * If the dns_name_t we're looking up is already in the message,
- * we don't want to trigger the caller's name replacement logic.
- */
- if (name == mname)
- mname = NULL;
-
*mnamep = mname;
CTRACE("query_isduplicate: false: done");
@@ -1228,6 +1221,7 @@
if (dns_rdataset_isassociated(rdataset) &&
!query_isduplicate(client, fname, type, &mname)) {
if (mname != NULL) {
+ INSIST(mname != fname);
query_releasename(client, &fname);
fname = mname;
} else
@@ -1288,11 +1282,13 @@
mname = NULL;
if (!query_isduplicate(client, fname,
dns_rdatatype_a, &mname)) {
- if (mname != NULL) {
- query_releasename(client, &fname);
- fname = mname;
- } else
- need_addname = ISC_TRUE;
+ if (mname != fname) {
+ if (mname != NULL) {
+ query_releasename(client, &fname);
+ fname = mname;
+ } else
+ need_addname = ISC_TRUE;
+ }
ISC_LIST_APPEND(fname->list, rdataset, link);
added_something = ISC_TRUE;
if (sigrdataset != NULL &&
@@ -1331,11 +1327,13 @@
mname = NULL;
if (!query_isduplicate(client, fname,
dns_rdatatype_aaaa, &mname)) {
- if (mname != NULL) {
- query_releasename(client, &fname);
- fname = mname;
- } else
- need_addname = ISC_TRUE;
+ if (mname != fname) {
+ if (mname != NULL) {
+ query_releasename(client, &fname);
+ fname = mname;
+ } else
+ need_addname = ISC_TRUE;
+ }
ISC_LIST_APPEND(fname->list, rdataset, link);
added_something = ISC_TRUE;
if (sigrdataset != NULL &&
@@ -1846,22 +1844,24 @@
crdataset->type == dns_rdatatype_aaaa) {
if (!query_isduplicate(client, fname, crdataset->type,
&mname)) {
- if (mname != NULL) {
- /*
- * A different type of this name is
- * already stored in the additional
- * section. We'll reuse the name.
- * Note that this should happen at most
- * once. Otherwise, fname->link could
- * leak below.
- */
- INSIST(mname0 == NULL);
+ if (mname != fname) {
+ if (mname != NULL) {
+ /*
+ * A different type of this name is
+ * already stored in the additional
+ * section. We'll reuse the name.
+ * Note that this should happen at most
+ * once. Otherwise, fname->link could
+ * leak below.
+ */
+ INSIST(mname0 == NULL);
- query_releasename(client, &fname);
- fname = mname;
- mname0 = mname;
- } else
- need_addname = ISC_TRUE;
+ query_releasename(client, &fname);
+ fname = mname;
+ mname0 = mname;
+ } else
+ need_addname = ISC_TRUE;
+ }
ISC_LIST_UNLINK(cfname.list, crdataset, link);
ISC_LIST_APPEND(fname->list, crdataset, link);
added_something = ISC_TRUE;
=== modified file 'debian/changelog'
--- debian/changelog 2012-09-12 16:16:57 +0000
+++ debian/changelog 2012-10-05 09:45:39 +0000
@@ -1,3 +1,12 @@
+bind9 (1:9.7.3.dfsg-1ubuntu4.5) oneiric-security; urgency=low
+
+ * SECURITY UPDATE: denial of service via specific combinations of RDATA
+ - bin/named/query.c: fix logic
+ - Patch backported from 9.8.3-P4
+ - CVE-2012-5166
+
+ -- Marc Deslauriers <[email protected]> Fri, 05 Oct 2012 09:45:39 -0400
+
bind9 (1:9.7.3.dfsg-1ubuntu4.4) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via large crafted resource record
signature.asc
Description: Digital signature
