Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

a fix by ISC for CVE-2014-0591: 

3693.  [security]      memcpy was incorrectly called with overlapping
                       ranges resulting in malformed names being generated
                       on some platforms.  This could cause INSIST failures
                       when serving NSEC3 signed zones.  [RT #35120]
This commit is contained in:
spz 2014-01-14 08:03:07 +00:00
parent 2ff97689e1
commit 5c974b3074
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
external/bsd/bind/dist/bin/named/query.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: query.c,v 1.12 2013/12/31 20:24:39 christos Exp $ */ /* $NetBSD: query.c,v 1.13 2014/01/14 08:03:07 spz Exp $ */
/* /*
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
@ -5263,8 +5263,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_fixedname_t fixed; dns_fixedname_t fixed;
dns_hash_t hash; dns_hash_t hash;
dns_name_t name; dns_name_t name;
int order; unsigned int skip = 0, labels;
unsigned int count;
dns_rdata_nsec3_t nsec3; dns_rdata_nsec3_t nsec3;
dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_t rdata = DNS_RDATA_INIT;
isc_boolean_t optout; isc_boolean_t optout;
@ -5279,6 +5278,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_name_init(&name, NULL); dns_name_init(&name, NULL);
dns_name_clone(qname, &name); dns_name_clone(qname, &name);
labels = dns_name_countlabels(&name);
dns_clientinfomethods_init(&cm, ns_client_sourceip); dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client); dns_clientinfo_init(&ci, client);
@ -5312,13 +5312,14 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_rdata_reset(&rdata); dns_rdata_reset(&rdata);
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
if (found != NULL && optout && if (found != NULL && optout &&
dns_name_fullcompare(&name, dns_db_origin(db), &order, dns_name_issubdomain(&name, dns_db_origin(db)))
&count) == dns_namereln_subdomain) { {
dns_rdataset_disassociate(rdataset); dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset)) if (dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset); dns_rdataset_disassociate(sigrdataset);
count = dns_name_countlabels(&name) - 1; skip++;
dns_name_getlabelsequence(&name, 1, count, &name); dns_name_getlabelsequence(qname, skip, labels - skip,
&name);
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
"looking for closest provable encloser"); "looking for closest provable encloser");
@ -5336,7 +5337,11 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_WARNING, NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
"expected covering NSEC3, got an exact match"); "expected covering NSEC3, got an exact match");
if (found != NULL) if (found == qname) {
if (skip != 0U)
dns_name_getlabelsequence(qname, skip, labels - skip,
found);
} else if (found != NULL)
dns_name_copy(&name, found, NULL); dns_name_copy(&name, found, NULL);
return; return;
} }

4
external/bsd/bind/dist/version vendored
View File

@ -4,10 +4,10 @@
# configure. # configure.
# #
PRODUCT=BIND PRODUCT=BIND
DESCRIPTION="(Extended Support Version)" DESCRIPTION="(Development release)"
MAJORVER=9 MAJORVER=9
MINORVER=9 MINORVER=9
PATCHVER=5 PATCHVER=5
RELEASETYPE=b RELEASETYPE=b
RELEASEVER=1 RELEASEVER=1
EXTENSIONS= EXTENSIONS=nb1