Created
November 17, 2011 04:03
-
-
Save hamano/1372340 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -Nru bind-9.8.1/CHANGES bind-9.8.1-P1/CHANGES | |
--- bind-9.8.1/CHANGES 2011-08-24 12:17:30.000000000 +0900 | |
+++ bind-9.8.1-P1/CHANGES 2011-11-16 18:34:40.000000000 +0900 | |
@@ -1,3 +1,9 @@ | |
+ --- 9.8.1-P1 released --- | |
+ | |
+3218. [security] Cache lookup could return RRSIG data associated with | |
+ nonexistent records, leading to an assertion | |
+ failure. [RT #26590] | |
+ | |
--- 9.8.1 released --- | |
--- 9.8.1rc1 released --- | |
diff -Nru bind-9.8.1/bin/named/query.c bind-9.8.1-P1/bin/named/query.c | |
--- bind-9.8.1/bin/named/query.c 2011-06-09 12:14:03.000000000 +0900 | |
+++ bind-9.8.1-P1/bin/named/query.c 2011-11-16 18:32:08.000000000 +0900 | |
@@ -15,7 +15,7 @@ | |
* PERFORMANCE OF THIS SOFTWARE. | |
*/ | |
-/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */ | |
+/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */ | |
/*! \file */ | |
@@ -1393,11 +1393,9 @@ | |
goto addname; | |
if (result == DNS_R_NCACHENXRRSET) { | |
dns_rdataset_disassociate(rdataset); | |
- /* | |
- * Negative cache entries don't have sigrdatasets. | |
- */ | |
- INSIST(sigrdataset == NULL || | |
- ! dns_rdataset_isassociated(sigrdataset)); | |
+ if (sigrdataset != NULL && | |
+ dns_rdataset_isassociated(sigrdataset)) | |
+ dns_rdataset_disassociate(sigrdataset); | |
} | |
if (result == ISC_R_SUCCESS) { | |
mname = NULL; | |
@@ -1438,8 +1436,9 @@ | |
goto addname; | |
if (result == DNS_R_NCACHENXRRSET) { | |
dns_rdataset_disassociate(rdataset); | |
- INSIST(sigrdataset == NULL || | |
- ! dns_rdataset_isassociated(sigrdataset)); | |
+ if (sigrdataset != NULL && | |
+ dns_rdataset_isassociated(sigrdataset)) | |
+ dns_rdataset_disassociate(sigrdataset); | |
} | |
if (result == ISC_R_SUCCESS) { | |
mname = NULL; | |
@@ -1889,10 +1888,8 @@ | |
goto setcache; | |
if (result == DNS_R_NCACHENXRRSET) { | |
dns_rdataset_disassociate(rdataset); | |
- /* | |
- * Negative cache entries don't have sigrdatasets. | |
- */ | |
- INSIST(! dns_rdataset_isassociated(sigrdataset)); | |
+ if (dns_rdataset_isassociated(sigrdataset)) | |
+ dns_rdataset_disassociate(sigrdataset); | |
} | |
if (result == ISC_R_SUCCESS) { | |
/* Remember the result as a cache */ | |
diff -Nru bind-9.8.1/lib/dns/rbtdb.c bind-9.8.1-P1/lib/dns/rbtdb.c | |
--- bind-9.8.1/lib/dns/rbtdb.c 2011-06-09 08:02:42.000000000 +0900 | |
+++ bind-9.8.1-P1/lib/dns/rbtdb.c 2011-11-16 18:32:08.000000000 +0900 | |
@@ -15,7 +15,7 @@ | |
* PERFORMANCE OF THIS SOFTWARE. | |
*/ | |
-/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */ | |
+/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */ | |
/*! \file */ | |
@@ -5053,7 +5053,7 @@ | |
rdataset); | |
if (need_headerupdate(found, search.now)) | |
update = found; | |
- if (foundsig != NULL) { | |
+ if (!NEGATIVE(found) && foundsig != NULL) { | |
bind_rdataset(search.rbtdb, node, foundsig, search.now, | |
sigrdataset); | |
if (need_headerupdate(foundsig, search.now)) | |
@@ -5685,7 +5685,7 @@ | |
} | |
if (found != NULL) { | |
bind_rdataset(rbtdb, rbtnode, found, now, rdataset); | |
- if (foundsig != NULL) | |
+ if (!NEGATIVE(found) && foundsig != NULL) | |
bind_rdataset(rbtdb, rbtnode, foundsig, now, | |
sigrdataset); | |
} | |
diff -Nru bind-9.8.1/version bind-9.8.1-P1/version | |
--- bind-9.8.1/version 2011-08-24 11:08:26.000000000 +0900 | |
+++ bind-9.8.1-P1/version 2011-11-16 18:32:07.000000000 +0900 | |
@@ -1,4 +1,4 @@ | |
-# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $ | |
+# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $ | |
# | |
# This file must follow /bin/sh rules. It is imported directly via | |
# configure. | |
@@ -6,5 +6,5 @@ | |
MAJORVER=9 | |
MINORVER=8 | |
PATCHVER=1 | |
-RELEASETYPE= | |
-RELEASEVER= | |
+RELEASETYPE=-P | |
+RELEASEVER=1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment