Author: simon
Date: Mon Aug 6 21:33:11 2012
New Revision: 239108
URL: http://svn.freebsd.org/changeset/base/239108
Log:
Fix named(8) DNSSEC validation Denial of Service.
Security: FreeBSD-SA-12:05.bind
Security: CVE-2012-3817
Obtained from: ISC
Approved by: so (simon)
Modified:
releng/7.4/UPDATING
releng/7.4/contrib/bind9/lib/dns/resolver.c
releng/7.4/sys/conf/newvers.sh
releng/8.1/UPDATING
releng/8.1/contrib/bind9/lib/dns/resolver.c
releng/8.1/sys/conf/newvers.sh
releng/8.2/UPDATING
releng/8.2/contrib/bind9/lib/dns/resolver.c
releng/8.2/sys/conf/newvers.sh
releng/8.3/UPDATING
releng/8.3/contrib/bind9/lib/dns/resolver.c
releng/8.3/sys/conf/newvers.sh
releng/9.0/UPDATING
releng/9.0/contrib/bind9/lib/dns/resolver.c
releng/9.0/sys/conf/newvers.sh
Changes in other areas also in this revision:
Modified:
stable/7/contrib/bind9/lib/dns/resolver.c
Modified: releng/7.4/UPDATING
==============================================================================
--- releng/7.4/UPDATING Mon Aug 6 21:24:43 2012 (r239107)
+++ releng/7.4/UPDATING Mon Aug 6 21:33:11 2012 (r239108)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20120806: p10 FreeBSD-SA-12:05.bind
+ Fix named(8) DNSSEC validation Denial of Service.
+
20120612: p9 FreeBSD-SA-12:03.bind
FreeBSD-SA-12:04.sysret
Fix a problem where zero-length RDATA fields can cause named to crash.
Modified: releng/7.4/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/7.4/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/7.4/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:33:11 2012
(r239108)
@@ -7622,6 +7622,7 @@ dns_resolver_addbadcache(dns_resolver_t
}
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -7633,8 +7634,8 @@ dns_resolver_addbadcache(dns_resolver_t
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
Modified: releng/7.4/sys/conf/newvers.sh
==============================================================================
--- releng/7.4/sys/conf/newvers.sh Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/7.4/sys/conf/newvers.sh Mon Aug 6 21:33:11 2012
(r239108)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="7.4"
-BRANCH="RELEASE-p9"
+BRANCH="RELEASE-p10"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/8.1/UPDATING
==============================================================================
--- releng/8.1/UPDATING Mon Aug 6 21:24:43 2012 (r239107)
+++ releng/8.1/UPDATING Mon Aug 6 21:33:11 2012 (r239108)
@@ -16,6 +16,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
sun4v support still needs work to become production ready.
+20120806: p13 FreeBSD-SA-12:05.bind
+ Fix named(8) DNSSEC validation Denial of Service.
+
20120618: p12 FreeBSD-SA-12:04.sysret
Correct patch for FreeBSD-SA-12:04.sysret.
Modified: releng/8.1/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/8.1/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/8.1/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:33:11 2012
(r239108)
@@ -7929,6 +7929,7 @@ dns_resolver_addbadcache(dns_resolver_t
}
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -7940,8 +7941,8 @@ dns_resolver_addbadcache(dns_resolver_t
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
Modified: releng/8.1/sys/conf/newvers.sh
==============================================================================
--- releng/8.1/sys/conf/newvers.sh Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/8.1/sys/conf/newvers.sh Mon Aug 6 21:33:11 2012
(r239108)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="8.1"
-BRANCH="RELEASE-p12"
+BRANCH="RELEASE-p13"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/8.2/UPDATING
==============================================================================
--- releng/8.2/UPDATING Mon Aug 6 21:24:43 2012 (r239107)
+++ releng/8.2/UPDATING Mon Aug 6 21:33:11 2012 (r239108)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
debugging tools present in HEAD were left in place because
sun4v support still needs work to become production ready.
+20120806: p10 FreeBSD-SA-12:05.bind
+ Fix named(8) DNSSEC validation Denial of Service.
+
20120612: p9 FreeBSD-SA-12:03.bind
FreeBSD-SA-12:04.sysret
FreeBSD-EN-12:02.ipv6refcount
Modified: releng/8.2/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/8.2/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/8.2/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:33:11 2012
(r239108)
@@ -7936,6 +7936,7 @@ dns_resolver_addbadcache(dns_resolver_t
}
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -7947,8 +7948,8 @@ dns_resolver_addbadcache(dns_resolver_t
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
Modified: releng/8.2/sys/conf/newvers.sh
==============================================================================
--- releng/8.2/sys/conf/newvers.sh Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/8.2/sys/conf/newvers.sh Mon Aug 6 21:33:11 2012
(r239108)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="8.2"
-BRANCH="RELEASE-p9"
+BRANCH="RELEASE-p10"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/8.3/UPDATING
==============================================================================
--- releng/8.3/UPDATING Mon Aug 6 21:24:43 2012 (r239107)
+++ releng/8.3/UPDATING Mon Aug 6 21:33:11 2012 (r239108)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
debugging tools present in HEAD were left in place because
sun4v support still needs work to become production ready.
+20120806: p4 FreeBSD-SA-12:05.bind
+ Fix named(8) DNSSEC validation Denial of Service.
+
20120612: p3 FreeBSD-SA-12:03.bind
FreeBSD-SA-12:04.sysret
FreeBSD-EN-12:02.ipv6refcount
Modified: releng/8.3/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/8.3/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/8.3/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:33:11 2012
(r239108)
@@ -7991,6 +7991,7 @@ dns_resolver_addbadcache(dns_resolver_t
goto cleanup;
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -8002,8 +8003,8 @@ dns_resolver_addbadcache(dns_resolver_t
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
Modified: releng/8.3/sys/conf/newvers.sh
==============================================================================
--- releng/8.3/sys/conf/newvers.sh Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/8.3/sys/conf/newvers.sh Mon Aug 6 21:33:11 2012
(r239108)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="8.3"
-BRANCH="RELEASE-p3"
+BRANCH="RELEASE-p4"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/9.0/UPDATING
==============================================================================
--- releng/9.0/UPDATING Mon Aug 6 21:24:43 2012 (r239107)
+++ releng/9.0/UPDATING Mon Aug 6 21:33:11 2012 (r239108)
@@ -9,6 +9,9 @@ handbook.
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20120806: p4 FreeBSD-SA-12:05.bind
+ Fix named(8) DNSSEC validation Denial of Service.
+
20120612: p3 FreeBSD-SA-12:03.bind
FreeBSD-SA-12:04.sysret
FreeBSD-EN-12:02.ipv6refcount
Modified: releng/9.0/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/9.0/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/9.0/contrib/bind9/lib/dns/resolver.c Mon Aug 6 21:33:11 2012
(r239108)
@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t
goto cleanup;
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
Modified: releng/9.0/sys/conf/newvers.sh
==============================================================================
--- releng/9.0/sys/conf/newvers.sh Mon Aug 6 21:24:43 2012
(r239107)
+++ releng/9.0/sys/conf/newvers.sh Mon Aug 6 21:33:11 2012
(r239108)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.0"
-BRANCH="RELEASE-p3"
+BRANCH="RELEASE-p4"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
