Commit Graph

56 Commits

Author SHA1 Message Date
adrianp
ee74a1421a Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1
* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)

- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.

- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.

* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)

It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.

ok'ed christos@
2006-09-05 19:31:47 +00:00
jnemeth
79d79919df Coverity CID: 682 -- remove dead code 2006-07-26 06:23:59 +00:00
mrg
3394a47b32 move is_zone initialisation earlier to avoid a GCC warning. 2006-05-11 09:28:45 +00:00
elad
91ce49cce6 xref named.conf(5) after a complaint from tiocsti. okay veego@.
xml docbook change will be fed upstream as requested by hubertf@
and veego@.
2006-01-16 19:20:15 +00:00
christos
719d30b842 resolve conflicts. 2005-12-22 00:26:23 +00:00
christos
7ccb4c5f89 import the real 9.3.2 not 9.2.3. 2005-12-21 23:06:48 +00:00
christos
292526bfd4 Resolve conflicts. 2005-12-21 22:34:31 +00:00
christos
348525eba6 from ftp.isc.org 2005-12-21 19:50:15 +00:00
christos
efbc48848e Resolve conflicts 2004-11-07 00:16:59 +00:00
christos
dfd98c8a16 Import bind-9.3.0 2004-11-06 23:53:21 +00:00
christos
178bd22d01 unsigned int initialized to ULONG_MAX? jeez. 2004-05-18 03:08:24 +00:00
christos
b6ea89f1ee width arg in printf string must be int. 2004-05-18 03:08:00 +00:00
christos
53a0028e47 Resolve conflicts 2004-05-18 00:03:56 +00:00
christos
1885fbb90d Import bind 9.3.0beta3 2004-05-17 23:43:04 +00:00
itojun
dd1d0fe0c8 sync w/ bind837 2003-11-26 01:35:31 +00:00
agc
865595bdf3 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22253, verified by myself.
2003-08-07 09:20:39 +00:00
itojun
edc2bcfc9f resolve conflicts 2003-06-09 13:19:33 +00:00
itojun
8912e04d45 sync w/ 8.3.5 2003-06-03 07:33:24 +00:00
wiz
7bd6fd354d unknown, not unkown. Noted by mjl. 2003-01-28 22:19:22 +00:00
itojun
729df1257b sync with bind 8.3.4. 2002-11-17 14:09:52 +00:00
itojun
90a2edbc75 apply http://www.isc.org/products/BIND/patches/bind833.diff to fix recent
vulnerabilities:

* BIND: Remote Execution of Code (BIND 4 & 8)
* BIND: Multiple Denial of Service (BIND 8 only)
2002-11-14 02:04:27 +00:00
itojun
73c2dd3286 fix dig -x ip6addr. PR 18193. 2002-09-06 04:50:02 +00:00
itojun
44f496c00a sync with audit result from kame.
- sprintf() can return negative value on error, so p += sprintf(p, blah)
  is unsafe
- signed/unsigned mixup
- wrong assumption: sizeof(time_t) <= sizeof(int)
- need to init errno to 0 before strtoul()
2002-07-04 23:30:39 +00:00
itojun
2200386ee7 sync with 8.3.3. 2002-06-28 06:11:47 +00:00
itojun
65ef1d4426 correct conflicts.
sync document with reality (dig/host/nslookup now does IPv6 transport!)
2002-06-20 12:01:49 +00:00
itojun
ce924b0f55 sync with 8.3.2. 99% of conflicts were due to $NetBSD$ tag. 2002-06-20 11:42:53 +00:00
itojun
123de7c9ca ISC BIND 8.3.2. various IPv6 fixes and correctins. 2002-06-20 10:29:14 +00:00
simonb
1706b9a6ec There's no use assigning the output of strtoul() to a 32-bit variable
then checking that against ULONG_MAX.  Instead use a "unsigned long"
as the temporary variable.  Then check against UINT32_MAX before
assigning back to the original variable.
2002-05-09 03:14:14 +00:00
wiz
4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
mrg
0a8258e16a back out previous; it is handled by etc/rc.d/named. 2001-08-24 13:25:57 +00:00
mrg
d7003aa4a3 reapply (relevant parts of) lost patch:
revision 1.3
date: 1999/02/22 02:37:27;  author: mrg;  state: Exp;  lines: +19 -1
if we are chrooting, write a symlink for the pid file so that ndc, etc,
continue to work as normal.  this allows named to run in a chroot jail
with zero loss of functionality.
2001-08-24 08:37:33 +00:00
itojun
4cd3525823 upgrade to 8.2.4. 2001-05-17 22:59:37 +00:00
wiz
14dbdf5518 Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
itojun
37ea810d37 BIND823 bug ID 1150: forwarders: it was possible to use freed memory. 2001-02-06 10:02:04 +00:00
itojun
1a7fc7b687 upgrade to BIND 8.2.3. the upgrade is critical (security fixes).
please test.
2001-01-27 07:21:56 +00:00
itojun
10a27e85b1 BIND 8.2.3 2001-01-27 06:15:38 +00:00
itojun
7da1bb7a9c synchronize with BIND 8.2.2-P7.
- resolve conflicts (there are many conflicts with $NetBSD$ tags -
  dunno why they happen).
- type pedant (couple of typecasts).

correct yacc-generated file handling.  remove bin/named/ns_parser.h,
use the header yacc generates at compilation time.
2000-11-10 09:56:56 +00:00
itojun
7992052d11 bind 8.2.2-P7 2000-11-10 09:33:54 +00:00
is
8a1fd03ca4 More format string cleanup by sommerfeld. 2000-10-08 19:56:12 +00:00
is
5b6de67306 Format string cleanups by Bill Sommerfeld. 2000-10-08 19:41:16 +00:00
is
0040b133c2 Format string cleanup by sommerfeld, with a correction by myself. 2000-10-08 10:03:11 +00:00
is
170b9a3198 Format string cleanup from sommerfeld. 2000-10-08 09:53:43 +00:00
itojun
548cc318ca do not try to use BIND4 code in libc.
dig/host/whatever assumes that it is using BIND8 code.  mixing BIND4 in
libc with BIND8 code will result in very strange behavior, or program panics.

it is not necessary for dig/host/whatever to obey /etc/nsswitch.conf, actually
dig(1) is explicit about it.

now dist/bind is almost clean BIND822p5, with the following exception:
- /etc/irs.conf will never be visited when running BIND8 toolchain,
  to make it less complex.  the search order for BIND8 toolchain is
  defined in dist/bind/lib/irs/gen.c:default_map_rules().
and usr.sbin/bind compiles them in BSD make framework, with no tricks at all.
2000-03-01 10:49:58 +00:00
garbled
3bc0a706ac Add CPPFLAGS so this can be cross-compiled. 1999-12-24 19:11:25 +00:00
veego
7411de7164 Add the prototype of findzonesoa to fix the compile warning in ns_ixfr.c. 1999-11-21 10:40:10 +00:00
veego
b1db7e28e8 Sigh, how many (void *) do I need to remove from this source code? 1999-11-21 10:31:22 +00:00
veego
adecc3d422 Remove the (void *) in front of the sp->s_rfd. 1999-11-20 20:48:27 +00:00
veego
72b5f9504d Include <string.h> to get the prototype of memcpy. 1999-11-20 20:06:45 +00:00
veego
f1ef51cf63 s/u_int32_t/size_t/ in line 324 to fix an LP64 problem. 1999-11-20 20:03:47 +00:00
veego
1b0bbfa434 Include <string.h> to get the prototype for memcpy. 1999-11-20 20:02:49 +00:00