Module Name:    src
Committed By:   christos
Date:           Tue Feb 13 15:24:47 UTC 2024

Modified Files:
        src/external/mpl/bind/dist/lib/dns: mapapi rbt.c rbtdb.c
        src/external/mpl/bind/dist/lib/dns/include/dns: rbt.h

Log Message:
Apply patch for CVE-2023-6516:

To keep its cache database efficient, `named` running as a recursive
resolver occasionally attempts to clean up the database. It uses
several methods, including some that are asynchronous: a small
chunk of memory pointing to the cache element that can be cleaned
up is first allocated and then queued for later processing. It was
discovered that if the resolver is continuously processing query
patterns triggering this type of cache-database maintenance, `named`
may not be able to handle the cleanup events in a timely manner.
This in turn enables the list of queued cleanup events to grow
infinitely large over time, allowing the configured `max-cache-size`
limit to be significantly exceeded. This issue affects BIND 9
versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.

To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/mpl/bind/dist/lib/dns/mapapi
cvs rdiff -u -r1.13 -r1.14 src/external/mpl/bind/dist/lib/dns/rbt.c
cvs rdiff -u -r1.17 -r1.18 src/external/mpl/bind/dist/lib/dns/rbtdb.c
cvs rdiff -u -r1.6 -r1.7 src/external/mpl/bind/dist/lib/dns/include/dns/rbt.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Reply via email to