Skip to content

Instantly share code, notes, and snippets.

@hamano

hamano/bind-9.8.1-P1.patch

Created November 17, 2011 04:03
Show Gist options
  • Save hamano/1372340 to your computer and use it in GitHub Desktop.
Save hamano/1372340 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bind-9.8.1-P1.patch
diff -Nru bind-9.8.1/CHANGES bind-9.8.1-P1/CHANGES
--- bind-9.8.1/CHANGES 2011-08-24 12:17:30.000000000 +0900
+++ bind-9.8.1-P1/CHANGES 2011-11-16 18:34:40.000000000 +0900
@@ -1,3 +1,9 @@
+ --- 9.8.1-P1 released ---
+
+3218. [security] Cache lookup could return RRSIG data associated with
+ nonexistent records, leading to an assertion
+ failure. [RT #26590]
+
--- 9.8.1 released ---
--- 9.8.1rc1 released ---
diff -Nru bind-9.8.1/bin/named/query.c bind-9.8.1-P1/bin/named/query.c
--- bind-9.8.1/bin/named/query.c 2011-06-09 12:14:03.000000000 +0900
+++ bind-9.8.1-P1/bin/named/query.c 2011-11-16 18:32:08.000000000 +0900
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
+/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */
/*! \file */
@@ -1393,11 +1393,9 @@
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1438,8 +1436,9 @@
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1889,10 +1888,8 @@
goto setcache;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(! dns_rdataset_isassociated(sigrdataset));
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
/* Remember the result as a cache */
diff -Nru bind-9.8.1/lib/dns/rbtdb.c bind-9.8.1-P1/lib/dns/rbtdb.c
--- bind-9.8.1/lib/dns/rbtdb.c 2011-06-09 08:02:42.000000000 +0900
+++ bind-9.8.1-P1/lib/dns/rbtdb.c 2011-11-16 18:32:08.000000000 +0900
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */
+/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */
/*! \file */
@@ -5053,7 +5053,7 @@
rdataset);
if (need_headerupdate(found, search.now))
update = found;
- if (foundsig != NULL) {
+ if (!NEGATIVE(found) && foundsig != NULL) {
bind_rdataset(search.rbtdb, node, foundsig, search.now,
sigrdataset);
if (need_headerupdate(foundsig, search.now))
@@ -5685,7 +5685,7 @@
}
if (found != NULL) {
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
- if (foundsig != NULL)
+ if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(rbtdb, rbtnode, foundsig, now,
sigrdataset);
}
diff -Nru bind-9.8.1/version bind-9.8.1-P1/version
--- bind-9.8.1/version 2011-08-24 11:08:26.000000000 +0900
+++ bind-9.8.1-P1/version 2011-11-16 18:32:07.000000000 +0900
@@ -1,4 +1,4 @@
-# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $
+# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -6,5 +6,5 @@
MAJORVER=9
MINORVER=8
PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment