Module Name: src
Committed By: sborrill
Date: Fri Nov 18 23:05:07 UTC 2011
Modified Files:
src/dist/bind/bin/named [netbsd-5-0]: query.c
src/dist/bind/lib/dns [netbsd-5-0]: rbtdb.c
Log Message:
Pull up the following revisions(s) (requested by christos in ticket #1692):
dist/bind/bin/named/query.c patch
dist/bind/lib/dns/rbtdb.c patch
Cache lookup could return RRSIG data associated with nonexistent records,
leading to an assertion failure. Fixes CVE-2011-4313.
To generate a diff of this commit:
cvs rdiff -u -r1.8.8.4 -r1.8.8.5 src/dist/bind/bin/named/query.c
cvs rdiff -u -r1.1.1.6.8.5 -r1.1.1.6.8.6 src/dist/bind/lib/dns/rbtdb.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/bind/bin/named/query.c
diff -u src/dist/bind/bin/named/query.c:1.8.8.4 src/dist/bind/bin/named/query.c:1.8.8.5
--- src/dist/bind/bin/named/query.c:1.8.8.4 Sat Jun 18 11:35:06 2011
+++ src/dist/bind/bin/named/query.c Fri Nov 18 23:05:07 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.8.8.4 2011/06/18 11:35:06 bouyer Exp $ */
+/* $NetBSD: query.c,v 1.8.8.5 2011/11/18 23:05:07 sborrill Exp $ */
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -1282,11 +1282,9 @@ query_addadditional(void *arg, dns_name_
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1327,8 +1325,9 @@ query_addadditional(void *arg, dns_name_
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1777,10 +1776,8 @@ query_addadditional2(void *arg, dns_name
goto setcache;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(! dns_rdataset_isassociated(sigrdataset));
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
/* Remember the result as a cache */
Index: src/dist/bind/lib/dns/rbtdb.c
diff -u src/dist/bind/lib/dns/rbtdb.c:1.1.1.6.8.5 src/dist/bind/lib/dns/rbtdb.c:1.1.1.6.8.6
--- src/dist/bind/lib/dns/rbtdb.c:1.1.1.6.8.5 Thu Jul 7 20:27:41 2011
+++ src/dist/bind/lib/dns/rbtdb.c Fri Nov 18 23:05:07 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: rbtdb.c,v 1.1.1.6.8.5 2011/07/07 20:27:41 sborrill Exp $ */
+/* $NetBSD: rbtdb.c,v 1.1.1.6.8.6 2011/11/18 23:05:07 sborrill Exp $ */
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -4824,7 +4824,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
rdataset);
if (need_headerupdate(found, search.now))
update = found;
- if (foundsig != NULL) {
+ if (!NEGATIVE(found) && foundsig != NULL) {
bind_rdataset(search.rbtdb, node, foundsig, search.now,
sigrdataset);
if (need_headerupdate(foundsig, search.now))
@@ -5453,7 +5453,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
}
if (found != NULL) {
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
- if (foundsig != NULL)
+ if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(rbtdb, rbtnode, foundsig, now,
sigrdataset);
}
