a fix by ISC for CVE-2014-0591:
3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures when serving NSEC3 signed zones. [RT #35120]
This commit is contained in:
parent
2ff97689e1
commit
5c974b3074
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: query.c,v 1.12 2013/12/31 20:24:39 christos Exp $ */
|
/* $NetBSD: query.c,v 1.13 2014/01/14 08:03:07 spz Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||||
|
@ -5263,8 +5263,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||||
dns_fixedname_t fixed;
|
dns_fixedname_t fixed;
|
||||||
dns_hash_t hash;
|
dns_hash_t hash;
|
||||||
dns_name_t name;
|
dns_name_t name;
|
||||||
int order;
|
unsigned int skip = 0, labels;
|
||||||
unsigned int count;
|
|
||||||
dns_rdata_nsec3_t nsec3;
|
dns_rdata_nsec3_t nsec3;
|
||||||
dns_rdata_t rdata = DNS_RDATA_INIT;
|
dns_rdata_t rdata = DNS_RDATA_INIT;
|
||||||
isc_boolean_t optout;
|
isc_boolean_t optout;
|
||||||
|
@ -5279,6 +5278,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||||
|
|
||||||
dns_name_init(&name, NULL);
|
dns_name_init(&name, NULL);
|
||||||
dns_name_clone(qname, &name);
|
dns_name_clone(qname, &name);
|
||||||
|
labels = dns_name_countlabels(&name);
|
||||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||||
dns_clientinfo_init(&ci, client);
|
dns_clientinfo_init(&ci, client);
|
||||||
|
|
||||||
|
@ -5312,13 +5312,14 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||||
dns_rdata_reset(&rdata);
|
dns_rdata_reset(&rdata);
|
||||||
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
|
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
|
||||||
if (found != NULL && optout &&
|
if (found != NULL && optout &&
|
||||||
dns_name_fullcompare(&name, dns_db_origin(db), &order,
|
dns_name_issubdomain(&name, dns_db_origin(db)))
|
||||||
&count) == dns_namereln_subdomain) {
|
{
|
||||||
dns_rdataset_disassociate(rdataset);
|
dns_rdataset_disassociate(rdataset);
|
||||||
if (dns_rdataset_isassociated(sigrdataset))
|
if (dns_rdataset_isassociated(sigrdataset))
|
||||||
dns_rdataset_disassociate(sigrdataset);
|
dns_rdataset_disassociate(sigrdataset);
|
||||||
count = dns_name_countlabels(&name) - 1;
|
skip++;
|
||||||
dns_name_getlabelsequence(&name, 1, count, &name);
|
dns_name_getlabelsequence(qname, skip, labels - skip,
|
||||||
|
&name);
|
||||||
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
|
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
|
||||||
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
|
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
|
||||||
"looking for closest provable encloser");
|
"looking for closest provable encloser");
|
||||||
|
@ -5336,7 +5337,11 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
|
||||||
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
|
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
|
||||||
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
|
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
|
||||||
"expected covering NSEC3, got an exact match");
|
"expected covering NSEC3, got an exact match");
|
||||||
if (found != NULL)
|
if (found == qname) {
|
||||||
|
if (skip != 0U)
|
||||||
|
dns_name_getlabelsequence(qname, skip, labels - skip,
|
||||||
|
found);
|
||||||
|
} else if (found != NULL)
|
||||||
dns_name_copy(&name, found, NULL);
|
dns_name_copy(&name, found, NULL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,10 +4,10 @@
|
||||||
# configure.
|
# configure.
|
||||||
#
|
#
|
||||||
PRODUCT=BIND
|
PRODUCT=BIND
|
||||||
DESCRIPTION="(Extended Support Version)"
|
DESCRIPTION="(Development release)"
|
||||||
MAJORVER=9
|
MAJORVER=9
|
||||||
MINORVER=9
|
MINORVER=9
|
||||||
PATCHVER=5
|
PATCHVER=5
|
||||||
RELEASETYPE=b
|
RELEASETYPE=b
|
||||||
RELEASEVER=1
|
RELEASEVER=1
|
||||||
EXTENSIONS=
|
EXTENSIONS=nb1
|
||||||
|
|
Loading…
Reference in New Issue