Author: simon
Date: Mon Aug 6 21:33:11 2012
New Revision: 239108
URL: http://svn.freebsd.org/changeset/base/239108
Log:
Fix named(8) DNSSEC validation Denial of Service.
Security: FreeBSD-SA-12:05.bind
Security: CVE-2012-3817
Obtained from: ISC
Approved by: so (simon)
Modified:
stable/7/contrib/bind9/lib/dns/resolver.c
Changes in other areas also in this revision:
Modified:
releng/7.4/UPDATING
releng/7.4/contrib/bind9/lib/dns/resolver.c
releng/7.4/sys/conf/newvers.sh
releng/8.1/UPDATING
releng/8.1/contrib/bind9/lib/dns/resolver.c
releng/8.1/sys/conf/newvers.sh
releng/8.2/UPDATING
releng/8.2/contrib/bind9/lib/dns/resolver.c
releng/8.2/sys/conf/newvers.sh
releng/8.3/UPDATING
releng/8.3/contrib/bind9/lib/dns/resolver.c
releng/8.3/sys/conf/newvers.sh
releng/9.0/UPDATING
releng/9.0/contrib/bind9/lib/dns/resolver.c
releng/9.0/sys/conf/newvers.sh
Modified: stable/7/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- stable/7/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:24:43 2012
(r239107)
+++ stable/7/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:33:11 2012
(r239108)
@@ -7620,6 +7620,7 @@ dns_resolver_addbadcache(dns_resolver_t
}
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -7631,8 +7632,8 @@ dns_resolver_addbadcache(dns_resolver_t
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
