Commit Graph

56 Commits

Author SHA1 Message Date
adrianp ee74a1421a Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1
* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)

- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.

- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.

* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)

It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.

ok'ed christos@
2006-09-05 19:31:47 +00:00
jnemeth 79d79919df Coverity CID: 682 -- remove dead code 2006-07-26 06:23:59 +00:00
mrg 3394a47b32 move is_zone initialisation earlier to avoid a GCC warning. 2006-05-11 09:28:45 +00:00
elad 91ce49cce6 xref named.conf(5) after a complaint from tiocsti. okay veego@.
xml docbook change will be fed upstream as requested by hubertf@
and veego@.
2006-01-16 19:20:15 +00:00
christos 719d30b842 resolve conflicts. 2005-12-22 00:26:23 +00:00
christos 7ccb4c5f89 import the real 9.3.2 not 9.2.3. 2005-12-21 23:06:48 +00:00
christos 292526bfd4 Resolve conflicts. 2005-12-21 22:34:31 +00:00
christos 348525eba6 from ftp.isc.org 2005-12-21 19:50:15 +00:00
christos efbc48848e Resolve conflicts 2004-11-07 00:16:59 +00:00
christos dfd98c8a16 Import bind-9.3.0 2004-11-06 23:53:21 +00:00
christos 178bd22d01 unsigned int initialized to ULONG_MAX? jeez. 2004-05-18 03:08:24 +00:00
christos b6ea89f1ee width arg in printf string must be int. 2004-05-18 03:08:00 +00:00
christos 53a0028e47 Resolve conflicts 2004-05-18 00:03:56 +00:00
christos 1885fbb90d Import bind 9.3.0beta3 2004-05-17 23:43:04 +00:00
itojun dd1d0fe0c8 sync w/ bind837 2003-11-26 01:35:31 +00:00
agc 865595bdf3 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22253, verified by myself.
2003-08-07 09:20:39 +00:00
itojun edc2bcfc9f resolve conflicts 2003-06-09 13:19:33 +00:00
itojun 8912e04d45 sync w/ 8.3.5 2003-06-03 07:33:24 +00:00
wiz 7bd6fd354d unknown, not unkown. Noted by mjl. 2003-01-28 22:19:22 +00:00
itojun 729df1257b sync with bind 8.3.4. 2002-11-17 14:09:52 +00:00
itojun 90a2edbc75 apply http://www.isc.org/products/BIND/patches/bind833.diff to fix recent
vulnerabilities:

* BIND: Remote Execution of Code (BIND 4 & 8)
* BIND: Multiple Denial of Service (BIND 8 only)
2002-11-14 02:04:27 +00:00
itojun 73c2dd3286 fix dig -x ip6addr. PR 18193. 2002-09-06 04:50:02 +00:00
itojun 44f496c00a sync with audit result from kame.
- sprintf() can return negative value on error, so p += sprintf(p, blah)
  is unsafe
- signed/unsigned mixup
- wrong assumption: sizeof(time_t) <= sizeof(int)
- need to init errno to 0 before strtoul()
2002-07-04 23:30:39 +00:00
itojun 2200386ee7 sync with 8.3.3. 2002-06-28 06:11:47 +00:00
itojun 65ef1d4426 correct conflicts.
sync document with reality (dig/host/nslookup now does IPv6 transport!)
2002-06-20 12:01:49 +00:00
itojun ce924b0f55 sync with 8.3.2. 99% of conflicts were due to $NetBSD$ tag. 2002-06-20 11:42:53 +00:00
itojun 123de7c9ca ISC BIND 8.3.2. various IPv6 fixes and correctins. 2002-06-20 10:29:14 +00:00
simonb 1706b9a6ec There's no use assigning the output of strtoul() to a 32-bit variable
then checking that against ULONG_MAX.  Instead use a "unsigned long"
as the temporary variable.  Then check against UINT32_MAX before
assigning back to the original variable.
2002-05-09 03:14:14 +00:00
wiz 4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
mrg 0a8258e16a back out previous; it is handled by etc/rc.d/named. 2001-08-24 13:25:57 +00:00
mrg d7003aa4a3 reapply (relevant parts of) lost patch:
revision 1.3
date: 1999/02/22 02:37:27;  author: mrg;  state: Exp;  lines: +19 -1
if we are chrooting, write a symlink for the pid file so that ndc, etc,
continue to work as normal.  this allows named to run in a chroot jail
with zero loss of functionality.
2001-08-24 08:37:33 +00:00
itojun 4cd3525823 upgrade to 8.2.4. 2001-05-17 22:59:37 +00:00
wiz 14dbdf5518 Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
itojun 37ea810d37 BIND823 bug ID 1150: forwarders: it was possible to use freed memory. 2001-02-06 10:02:04 +00:00
itojun 1a7fc7b687 upgrade to BIND 8.2.3. the upgrade is critical (security fixes).
please test.
2001-01-27 07:21:56 +00:00
itojun 10a27e85b1 BIND 8.2.3 2001-01-27 06:15:38 +00:00
itojun 7da1bb7a9c synchronize with BIND 8.2.2-P7.
- resolve conflicts (there are many conflicts with $NetBSD$ tags -
  dunno why they happen).
- type pedant (couple of typecasts).

correct yacc-generated file handling.  remove bin/named/ns_parser.h,
use the header yacc generates at compilation time.
2000-11-10 09:56:56 +00:00
itojun 7992052d11 bind 8.2.2-P7 2000-11-10 09:33:54 +00:00
is 8a1fd03ca4 More format string cleanup by sommerfeld. 2000-10-08 19:56:12 +00:00
is 5b6de67306 Format string cleanups by Bill Sommerfeld. 2000-10-08 19:41:16 +00:00
is 0040b133c2 Format string cleanup by sommerfeld, with a correction by myself. 2000-10-08 10:03:11 +00:00
is 170b9a3198 Format string cleanup from sommerfeld. 2000-10-08 09:53:43 +00:00
itojun 548cc318ca do not try to use BIND4 code in libc.
dig/host/whatever assumes that it is using BIND8 code.  mixing BIND4 in
libc with BIND8 code will result in very strange behavior, or program panics.

it is not necessary for dig/host/whatever to obey /etc/nsswitch.conf, actually
dig(1) is explicit about it.

now dist/bind is almost clean BIND822p5, with the following exception:
- /etc/irs.conf will never be visited when running BIND8 toolchain,
  to make it less complex.  the search order for BIND8 toolchain is
  defined in dist/bind/lib/irs/gen.c:default_map_rules().
and usr.sbin/bind compiles them in BSD make framework, with no tricks at all.
2000-03-01 10:49:58 +00:00
garbled 3bc0a706ac Add CPPFLAGS so this can be cross-compiled. 1999-12-24 19:11:25 +00:00
veego 7411de7164 Add the prototype of findzonesoa to fix the compile warning in ns_ixfr.c. 1999-11-21 10:40:10 +00:00
veego b1db7e28e8 Sigh, how many (void *) do I need to remove from this source code? 1999-11-21 10:31:22 +00:00
veego adecc3d422 Remove the (void *) in front of the sp->s_rfd. 1999-11-20 20:48:27 +00:00
veego 72b5f9504d Include <string.h> to get the prototype of memcpy. 1999-11-20 20:06:45 +00:00
veego f1ef51cf63 s/u_int32_t/size_t/ in line 324 to fix an LP64 problem. 1999-11-20 20:03:47 +00:00
veego 1b0bbfa434 Include <string.h> to get the prototype for memcpy. 1999-11-20 20:02:49 +00:00