From owner-svn-src-user@FreeBSD.ORG Tue Dec 16 11:25:13 2014 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 170B9DB1; Tue, 16 Dec 2014 11:25:13 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 033F211CA; Tue, 16 Dec 2014 11:25:13 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBGBPCQw025082; Tue, 16 Dec 2014 11:25:12 GMT (envelope-from pho@FreeBSD.org) Received: (from pho@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBGBPCQl025081; Tue, 16 Dec 2014 11:25:12 GMT (envelope-from pho@FreeBSD.org) Message-Id: <201412161125.sBGBPCQl025081@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: pho set sender to pho@FreeBSD.org using -f From: Peter Holm Date: Tue, 16 Dec 2014 11:25:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r275823 - user/pho/stress2/misc X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 11:25:13 -0000 Author: pho Date: Tue Dec 16 11:25:12 2014 New Revision: 275823 URL: https://svnweb.freebsd.org/changeset/base/275823 Log: Added a regression test. Sponsored by: EMC / Isilon storage division Added: user/pho/stress2/misc/pcatch.sh (contents, props changed) Added: user/pho/stress2/misc/pcatch.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/pho/stress2/misc/pcatch.sh Tue Dec 16 11:25:12 2014 (r275823) @@ -0,0 +1,149 @@ +#!/bin/sh + +# +# Copyright (c) 2014 EMC Corp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +# The issue makes it possible for applications to get wrong EINTR +# or ERESTART (the later is not directly visible) when doing write +# to the file on suspended UFS volume. I.e. the thread is sleeping +# when fs is suspended, and process is signaled. + +# Test scenario mostly by kib. + +# Fixed in r275744. + +[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1 + +. ../default.cfg + +here=`pwd` +cd /tmp +sed '1,/^EOF/d' < $here/$0 > pcatch.c +cc -o pcatch -Wall -Wextra -O0 -g pcatch.c || exit 1 +rm -f pcatch.c +cd $here + +mount | grep -q "$mntpoint" && umount $mntpoint +mdconfig -l | grep -q $mdstart && mdconfig -d -u $mdstart +mdconfig -a -t swap -s 1g -u $mdstart +bsdlabel -w md${mdstart} auto +newfs $newfs_flags md${mdstart}$part > /dev/null + +mount /dev/md${mdstart}$part $mntpoint + +/tmp/pcatch $mntpoint + +while mount | grep -q "on $mntpoint "; do + umount $mntpoint || sleep 1 +done +mdconfig -d -u $mdstart +rm -f /tmp/pcatch +exit 0 +EOF +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +void +hand_sigaction(int signo __unused, siginfo_t *si __unused, void *c __unused) +{ +} + +void +suspend(char *path) +{ + struct statfs s; + int fd, error; + + if (fork() == 0) { + if ((error = statfs(path, &s)) != 0) + err(1, "statfs %s", path); + fd = open("/dev/ufssuspend", O_RDWR); + if ((error = ioctl(fd, UFSSUSPEND, &s.f_fsid)) != 0) + err(1, "UFSSUSPEND"); + sleep(1); + if ((error = ioctl(fd, UFSRESUME, &s.f_fsid)) != 0) + err(1, "UFSRESUME"); + _exit(0); + } +} + +void +test(char *mp) +{ + pid_t pid; + struct sigaction sa; + int fd; + char buf[80], file[80]; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = hand_sigaction; + if (sigaction(SIGUSR1, &sa, NULL) == -1) + err(1, "sigaction"); + + snprintf(file, sizeof(file), "%s/file", mp); + if ((fd = open(file, O_RDWR | O_CREAT | O_TRUNC, 0640)) == -1) + err(1, "open(%s). %s:%d", file, __FILE__, __LINE__); + + suspend(mp); + + if ((pid = fork()) == 0) { + if (write(fd, buf, sizeof(buf)) == -1) + warn("FAIL: write"); + _exit(0); + } + usleep(10000); + if (kill(pid, SIGUSR1) == -1) + err(1, "kill"); + wait(NULL); + wait(NULL); + close(fd); +} + +int +main(int argc, char *argv[]) +{ + + if (argc != 2) + errx(1, "Usage: %s ", argv[0]); + + test(argv[1]); + + return (0); +} From owner-svn-src-user@FreeBSD.ORG Thu Dec 18 19:33:31 2014 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28F7715E; Thu, 18 Dec 2014 19:33:31 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 12CB814A4; Thu, 18 Dec 2014 19:33:31 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBIJXVVj039027; Thu, 18 Dec 2014 19:33:31 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBIJXTuV039015; Thu, 18 Dec 2014 19:33:29 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201412181933.sBIJXTuV039015@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Thu, 18 Dec 2014 19:33:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r275917 - in user/cperciva/freebsd-update-build/patches: 10.0-RELEASE 10.1-RELEASE 8.4-RELEASE 9.1-RELEASE 9.2-RELEASE 9.3-RELEASE X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 19:33:31 -0000 Author: delphij Date: Thu Dec 18 19:33:28 2014 New Revision: 275917 URL: https://svnweb.freebsd.org/changeset/base/275917 Log: Add patches for recent patch batches. Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/13-SA-14:28.file user/cperciva/freebsd-update-build/patches/10.0-RELEASE/14-SA-14:30.unbound user/cperciva/freebsd-update-build/patches/10.1-RELEASE/1-SA-14:27.stdio user/cperciva/freebsd-update-build/patches/10.1-RELEASE/1-SA-14:28.file user/cperciva/freebsd-update-build/patches/10.1-RELEASE/2-SA-14:30.unbound user/cperciva/freebsd-update-build/patches/8.4-RELEASE/20-SA-14:28.file user/cperciva/freebsd-update-build/patches/8.4-RELEASE/20-SA-14:29.bind user/cperciva/freebsd-update-build/patches/9.1-RELEASE/23-SA-14:28.file user/cperciva/freebsd-update-build/patches/9.1-RELEASE/23-SA-14:29.bind user/cperciva/freebsd-update-build/patches/9.2-RELEASE/16-SA-14:28.file user/cperciva/freebsd-update-build/patches/9.2-RELEASE/16-SA-14:29.bind user/cperciva/freebsd-update-build/patches/9.3-RELEASE/6-SA-14:28.file user/cperciva/freebsd-update-build/patches/9.3-RELEASE/6-SA-14:29.bind Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/13-SA-14:28.file ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/13-SA-14:28.file Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,147 @@ +Index: contrib/file/elfclass.h +=================================================================== +--- contrib/file/elfclass.h.orig ++++ contrib/file/elfclass.h +@@ -35,10 +35,12 @@ + switch (type) { + #ifdef ELFCORE + case ET_CORE: ++ phnum = elf_getu16(swap, elfhdr.e_phnum); ++ if (phnum > MAX_PHNUM) ++ return toomany(ms, "program", phnum); + flags |= FLAGS_IS_CORE; + if (dophn_core(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_phoff), +- elf_getu16(swap, elfhdr.e_phnum), ++ (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, + (size_t)elf_getu16(swap, elfhdr.e_phentsize), + fsize, &flags) == -1) + return -1; +@@ -46,18 +48,24 @@ + #endif + case ET_EXEC: + case ET_DYN: ++ phnum = elf_getu16(swap, elfhdr.e_phnum); ++ if (phnum > MAX_PHNUM) ++ return toomany(ms, "program", phnum); ++ shnum = elf_getu16(swap, elfhdr.e_shnum); ++ if (shnum > MAX_SHNUM) ++ return toomany(ms, "section", shnum); + if (dophn_exec(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_phoff), +- elf_getu16(swap, elfhdr.e_phnum), ++ (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, + (size_t)elf_getu16(swap, elfhdr.e_phentsize), +- fsize, &flags, elf_getu16(swap, elfhdr.e_shnum)) +- == -1) ++ fsize, &flags, shnum) == -1) + return -1; + /*FALLTHROUGH*/ + case ET_REL: ++ shnum = elf_getu16(swap, elfhdr.e_shnum); ++ if (shnum > MAX_SHNUM) ++ return toomany(ms, "section", shnum); + if (doshn(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_shoff), +- elf_getu16(swap, elfhdr.e_shnum), ++ (off_t)elf_getu(swap, elfhdr.e_shoff), shnum, + (size_t)elf_getu16(swap, elfhdr.e_shentsize), + fsize, &flags, elf_getu16(swap, elfhdr.e_machine)) == -1) + return -1; +Index: contrib/file/readelf.c +=================================================================== +--- contrib/file/readelf.c.orig ++++ contrib/file/readelf.c +@@ -60,6 +60,18 @@ + private uint32_t getu32(int, uint32_t); + private uint64_t getu64(int, uint64_t); + ++#define MAX_PHNUM 256 ++#define MAX_SHNUM 1024 ++ ++private int ++toomany(struct magic_set *ms, const char *name, uint16_t num) ++{ ++ if (file_printf(ms, ", too many %s header sections (%u)", name, num ++ ) == -1) ++ return -1; ++ return 0; ++} ++ + private uint16_t + getu16(int swap, uint16_t value) + { +@@ -384,13 +396,13 @@ + if (namesz & 0x80000000) { + (void)file_printf(ms, ", bad note name size 0x%lx", + (unsigned long)namesz); +- return offset; ++ return 0; + } + + if (descsz & 0x80000000) { + (void)file_printf(ms, ", bad note description size 0x%lx", + (unsigned long)descsz); +- return offset; ++ return 0; + } + + +@@ -847,6 +859,7 @@ + Elf32_Shdr sh32; + Elf64_Shdr sh64; + int stripped = 1; ++ size_t nbadcap = 0; + void *nbuf; + off_t noff, coff; + uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ +@@ -919,6 +932,8 @@ + free(nbuf); + break; + case SHT_SUNW_cap: ++ if (nbadcap > 5) ++ break; + if (lseek(fd, (off_t)xsh_offset, SEEK_SET) == + (off_t)-1) { + file_badseek(ms); +@@ -955,6 +970,8 @@ + (unsigned long long)xcap_tag, + (unsigned long long)xcap_val) == -1) + return -1; ++ if (nbadcap++ > 2) ++ coff = xsh_size; + break; + } + } +@@ -1142,7 +1159,7 @@ + int flags = 0; + Elf32_Ehdr elf32hdr; + Elf64_Ehdr elf64hdr; +- uint16_t type; ++ uint16_t type, phnum, shnum; + + if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) + return 0; +Index: contrib/file/softmagic.c +=================================================================== +--- contrib/file/softmagic.c.orig ++++ contrib/file/softmagic.c +@@ -61,6 +61,9 @@ + private void cvt_64(union VALUETYPE *, const struct magic *); + + #define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) ++ ++#define MAX_RECURSION_LEVEL 10 ++ + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +@@ -1027,7 +1030,7 @@ + uint32_t count = m->str_range; + union VALUETYPE *p = &ms->ms_value; + +- if (recursion_level >= 20) { ++ if (recursion_level >= MAX_RECURSION_LEVEL) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/14-SA-14:30.unbound ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/14-SA-14:30.unbound Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,149 @@ +Index: contrib/unbound/iterator/iterator.c +=================================================================== +--- contrib/unbound/iterator/iterator.c (revision 275717) ++++ contrib/unbound/iterator/iterator.c (working copy) +@@ -117,6 +117,7 @@ iter_new(struct module_qstate* qstate, int id) + iq->query_restart_count = 0; + iq->referral_count = 0; + iq->sent_count = 0; ++ iq->target_count = NULL; + iq->wait_priming_stub = 0; + iq->refetch_glue = 0; + iq->dnssec_expected = 0; +@@ -442,6 +443,26 @@ handle_cname_response(struct module_qstate* qstate + return 1; + } + ++/** create target count structure for this query */ ++static void ++target_count_create(struct iter_qstate* iq) ++{ ++ if(!iq->target_count) { ++ iq->target_count = (int*)calloc(2, sizeof(int)); ++ /* if calloc fails we simply do not track this number */ ++ if(iq->target_count) ++ iq->target_count[0] = 1; ++ } ++} ++ ++static void ++target_count_increase(struct iter_qstate* iq, int num) ++{ ++ target_count_create(iq); ++ if(iq->target_count) ++ iq->target_count[1] += num; ++} ++ + /** + * Generate a subrequest. + * Generate a local request event. Local events are tied to this module, and +@@ -513,6 +534,10 @@ generate_sub_request(uint8_t* qname, size_t qnamel + subiq = (struct iter_qstate*)subq->minfo[id]; + memset(subiq, 0, sizeof(*subiq)); + subiq->num_target_queries = 0; ++ target_count_create(iq); ++ subiq->target_count = iq->target_count; ++ if(iq->target_count) ++ iq->target_count[0] ++; /* extra reference */ + subiq->num_current_queries = 0; + subiq->depth = iq->depth+1; + outbound_list_init(&subiq->outlist); +@@ -1339,6 +1364,12 @@ query_for_targets(struct module_qstate* qstate, st + + if(iq->depth == ie->max_dependency_depth) + return 0; ++ if(iq->depth > 0 && iq->target_count && ++ iq->target_count[1] > MAX_TARGET_COUNT) { ++ verbose(VERB_QUERY, "request has exceeded the maximum " ++ "number of glue fetches %d", iq->target_count[1]); ++ return 0; ++ } + + iter_mark_cycle_targets(qstate, iq->dp); + missing = (int)delegpt_count_missing_targets(iq->dp); +@@ -1487,6 +1518,7 @@ processLastResort(struct module_qstate* qstate, st + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + iq->num_target_queries += qs; ++ target_count_increase(iq, qs); + if(qs != 0) { + qstate->ext_state[id] = module_wait_subquery; + return 0; /* and wait for them */ +@@ -1496,6 +1528,12 @@ processLastResort(struct module_qstate* qstate, st + verbose(VERB_QUERY, "maxdepth and need more nameservers, fail"); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } ++ if(iq->depth > 0 && iq->target_count && ++ iq->target_count[1] > MAX_TARGET_COUNT) { ++ verbose(VERB_QUERY, "request has exceeded the maximum " ++ "number of glue fetches %d", iq->target_count[1]); ++ return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); ++ } + /* mark cycle targets for parent-side lookups */ + iter_mark_pside_cycle_targets(qstate, iq->dp); + /* see if we can issue queries to get nameserver addresses */ +@@ -1525,6 +1563,7 @@ processLastResort(struct module_qstate* qstate, st + if(query_count != 0) { /* suspend to await results */ + verbose(VERB_ALGO, "try parent-side glue lookup"); + iq->num_target_queries += query_count; ++ target_count_increase(iq, query_count); + qstate->ext_state[id] = module_wait_subquery; + return 0; + } +@@ -1680,6 +1719,7 @@ processQueryTargets(struct module_qstate* qstate, + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + iq->num_target_queries += extra; ++ target_count_increase(iq, extra); + if(iq->num_target_queries > 0) { + /* wait to get all targets, we want to try em */ + verbose(VERB_ALGO, "wait for all targets for fallback"); +@@ -1720,6 +1760,7 @@ processQueryTargets(struct module_qstate* qstate, + /* errors ignored, these targets are not strictly necessary for + * this result, we do not have to reply with SERVFAIL */ + iq->num_target_queries += extra; ++ target_count_increase(iq, extra); + } + + /* Add the current set of unused targets to our queue. */ +@@ -1765,6 +1806,7 @@ processQueryTargets(struct module_qstate* qstate, + return 1; + } + iq->num_target_queries += qs; ++ target_count_increase(iq, qs); + } + /* Since a target query might have been made, we + * need to check again. */ +@@ -2847,6 +2889,8 @@ iter_clear(struct module_qstate* qstate, int id) + iq = (struct iter_qstate*)qstate->minfo[id]; + if(iq) { + outbound_list_clear(&iq->outlist); ++ if(iq->target_count && --iq->target_count[0] == 0) ++ free(iq->target_count); + iq->num_current_queries = 0; + } + qstate->minfo[id] = NULL; +Index: contrib/unbound/iterator/iterator.h +=================================================================== +--- contrib/unbound/iterator/iterator.h (revision 275717) ++++ contrib/unbound/iterator/iterator.h (working copy) +@@ -52,6 +52,8 @@ struct iter_donotq; + struct iter_prep_list; + struct iter_priv; + ++/** max number of targets spawned for a query and its subqueries */ ++#define MAX_TARGET_COUNT 32 + /** max number of query restarts. Determines max number of CNAME chain. */ + #define MAX_RESTART_COUNT 8 + /** max number of referrals. Makes sure resolver does not run away */ +@@ -254,6 +256,10 @@ struct iter_qstate { + + /** number of queries fired off */ + int sent_count; ++ ++ /** number of target queries spawned in [1], for this query and its ++ * subqueries, the malloced-array is shared, [0] refcount. */ ++ int* target_count; + + /** + * The query must store NS records from referrals as parentside RRs Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/1-SA-14:27.stdio ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/1-SA-14:27.stdio Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,22 @@ +Index: lib/libc/stdio/fflush.c +=================================================================== +--- lib/libc/stdio/fflush.c (revision 274946) ++++ lib/libc/stdio/fflush.c (working copy) +@@ -124,11 +124,13 @@ __sflush(FILE *fp) + t = _swrite(fp, (char *)p, n); + if (t <= 0) { + /* Reset _p and _w. */ +- if (p > fp->_p) /* Some was written. */ ++ if (p > fp->_p) { ++ /* Some was written. */ + memmove(fp->_p, p, n); +- fp->_p += n; +- if ((fp->_flags & (__SLBF | __SNBF)) == 0) +- fp->_w -= n; ++ fp->_p += n; ++ if ((fp->_flags & (__SLBF | __SNBF)) == 0) ++ fp->_w -= n; ++ } + fp->_flags |= __SERR; + return (EOF); + } Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/1-SA-14:28.file ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/1-SA-14:28.file Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,288 @@ +Index: contrib/file/src/elfclass.h +=================================================================== +--- contrib/file/src/elfclass.h (revision 275629) ++++ contrib/file/src/elfclass.h (working copy) +@@ -35,10 +35,12 @@ + switch (type) { + #ifdef ELFCORE + case ET_CORE: ++ phnum = elf_getu16(swap, elfhdr.e_phnum); ++ if (phnum > MAX_PHNUM) ++ return toomany(ms, "program", phnum); + flags |= FLAGS_IS_CORE; + if (dophn_core(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_phoff), +- elf_getu16(swap, elfhdr.e_phnum), ++ (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, + (size_t)elf_getu16(swap, elfhdr.e_phentsize), + fsize, &flags) == -1) + return -1; +@@ -46,18 +48,24 @@ + #endif + case ET_EXEC: + case ET_DYN: ++ phnum = elf_getu16(swap, elfhdr.e_phnum); ++ if (phnum > MAX_PHNUM) ++ return toomany(ms, "program", phnum); ++ shnum = elf_getu16(swap, elfhdr.e_shnum); ++ if (shnum > MAX_SHNUM) ++ return toomany(ms, "section", shnum); + if (dophn_exec(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_phoff), +- elf_getu16(swap, elfhdr.e_phnum), ++ (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, + (size_t)elf_getu16(swap, elfhdr.e_phentsize), +- fsize, &flags, elf_getu16(swap, elfhdr.e_shnum)) +- == -1) ++ fsize, &flags, shnum) == -1) + return -1; + /*FALLTHROUGH*/ + case ET_REL: ++ shnum = elf_getu16(swap, elfhdr.e_shnum); ++ if (shnum > MAX_SHNUM) ++ return toomany(ms, "section", shnum); + if (doshn(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_shoff), +- elf_getu16(swap, elfhdr.e_shnum), ++ (off_t)elf_getu(swap, elfhdr.e_shoff), shnum, + (size_t)elf_getu16(swap, elfhdr.e_shentsize), + fsize, &flags, elf_getu16(swap, elfhdr.e_machine), + (int)elf_getu16(swap, elfhdr.e_shstrndx)) == -1) +Index: contrib/file/src/file.h +=================================================================== +--- contrib/file/src/file.h (revision 275629) ++++ contrib/file/src/file.h (working copy) +@@ -482,6 +482,14 @@ protected int file_regexec(file_regex_t *, const c + protected void file_regfree(file_regex_t *); + protected void file_regerror(file_regex_t *, int, struct magic_set *); + ++typedef struct { ++ char *buf; ++ uint32_t offset; ++} file_pushbuf_t; ++ ++protected file_pushbuf_t *file_push_buffer(struct magic_set *); ++protected char *file_pop_buffer(struct magic_set *, file_pushbuf_t *); ++ + #ifndef COMPILE_ONLY + extern const char *file_names[]; + extern const size_t file_nnames; +Index: contrib/file/src/funcs.c +=================================================================== +--- contrib/file/src/funcs.c (revision 275629) ++++ contrib/file/src/funcs.c (working copy) +@@ -491,3 +491,43 @@ file_regerror(file_regex_t *rx, int rc, struct mag + file_magerror(ms, "regex error %d for `%s', (%s)", rc, rx->pat, + errmsg); + } ++ ++protected file_pushbuf_t * ++file_push_buffer(struct magic_set *ms) ++{ ++ file_pushbuf_t *pb; ++ ++ if (ms->event_flags & EVENT_HAD_ERR) ++ return NULL; ++ ++ if ((pb = (CAST(file_pushbuf_t *, malloc(sizeof(*pb))))) == NULL) ++ return NULL; ++ ++ pb->buf = ms->o.buf; ++ pb->offset = ms->offset; ++ ++ ms->o.buf = NULL; ++ ms->offset = 0; ++ ++ return pb; ++} ++ ++protected char * ++file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb) ++{ ++ char *rbuf; ++ ++ if (ms->event_flags & EVENT_HAD_ERR) { ++ free(pb->buf); ++ free(pb); ++ return NULL; ++ } ++ ++ rbuf = ms->o.buf; ++ ++ ms->o.buf = pb->buf; ++ ms->offset = pb->offset; ++ ++ free(pb); ++ return rbuf; ++} +Index: contrib/file/src/readelf.c +=================================================================== +--- contrib/file/src/readelf.c (revision 275629) ++++ contrib/file/src/readelf.c (working copy) +@@ -60,6 +60,18 @@ private uint16_t getu16(int, uint16_t); + private uint32_t getu32(int, uint32_t); + private uint64_t getu64(int, uint64_t); + ++#define MAX_PHNUM 256 ++#define MAX_SHNUM 1024 ++ ++private int ++toomany(struct magic_set *ms, const char *name, uint16_t num) ++{ ++ if (file_printf(ms, ", too many %s header sections (%u)", name, num ++ ) == -1) ++ return -1; ++ return 0; ++} ++ + private uint16_t + getu16(int swap, uint16_t value) + { +@@ -477,6 +489,13 @@ donote(struct magic_set *ms, void *vbuf, size_t of + uint32_t namesz, descsz; + unsigned char *nbuf = CAST(unsigned char *, vbuf); + ++ if (xnh_sizeof + offset > size) { ++ /* ++ * We're out of note headers. ++ */ ++ return xnh_sizeof + offset; ++ } ++ + (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); + offset += xnh_sizeof; + +@@ -492,13 +511,13 @@ donote(struct magic_set *ms, void *vbuf, size_t of + if (namesz & 0x80000000) { + (void)file_printf(ms, ", bad note name size 0x%lx", + (unsigned long)namesz); +- return offset; ++ return 0; + } + + if (descsz & 0x80000000) { + (void)file_printf(ms, ", bad note description size 0x%lx", + (unsigned long)descsz); +- return offset; ++ return 0; + } + + +@@ -900,6 +919,7 @@ doshn(struct magic_set *ms, int clazz, int swap, i + Elf32_Shdr sh32; + Elf64_Shdr sh64; + int stripped = 1; ++ size_t nbadcap = 0; + void *nbuf; + off_t noff, coff, name_off; + uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ +@@ -988,6 +1008,8 @@ doshn(struct magic_set *ms, int clazz, int swap, i + goto skip; + } + ++ if (nbadcap > 5) ++ break; + if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) { + file_badseek(ms); + return -1; +@@ -1053,6 +1075,8 @@ doshn(struct magic_set *ms, int clazz, int swap, i + (unsigned long long)xcap_tag, + (unsigned long long)xcap_val) == -1) + return -1; ++ if (nbadcap++ > 2) ++ coff = xsh_size; + break; + } + } +@@ -1233,7 +1257,7 @@ file_tryelf(struct magic_set *ms, int fd, const un + int flags = 0; + Elf32_Ehdr elf32hdr; + Elf64_Ehdr elf64hdr; +- uint16_t type; ++ uint16_t type, phnum, shnum; + + if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) + return 0; +Index: contrib/file/src/softmagic.c +=================================================================== +--- contrib/file/src/softmagic.c (revision 275629) ++++ contrib/file/src/softmagic.c (working copy) +@@ -67,6 +67,9 @@ private void cvt_32(union VALUETYPE *, const struc + private void cvt_64(union VALUETYPE *, const struct magic *); + + #define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) ++ ++#define MAX_RECURSION_LEVEL 10 ++ + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +@@ -1193,14 +1196,15 @@ mget(struct magic_set *ms, const unsigned char *s, + int flip, int recursion_level, int *printed_something, + int *need_separator, int *returnval) + { +- uint32_t soffset, offset = ms->offset; ++ uint32_t offset = ms->offset; + uint32_t lhs; ++ file_pushbuf_t *pb; + int rv, oneed_separator, in_type; +- char *sbuf, *rbuf; ++ char *rbuf; + union VALUETYPE *p = &ms->ms_value; + struct mlist ml; + +- if (recursion_level >= 20) { ++ if (recursion_level >= MAX_RECURSION_LEVEL) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } +@@ -1644,19 +1648,23 @@ mget(struct magic_set *ms, const unsigned char *s, + case FILE_INDIRECT: + if (offset == 0) + return 0; ++ + if (nbytes < offset) + return 0; +- sbuf = ms->o.buf; +- soffset = ms->offset; +- ms->o.buf = NULL; +- ms->offset = 0; ++ ++ if ((pb = file_push_buffer(ms)) == NULL) ++ return -1; ++ + rv = file_softmagic(ms, s + offset, nbytes - offset, + recursion_level, BINTEST, text); ++ + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv); +- rbuf = ms->o.buf; +- ms->o.buf = sbuf; +- ms->offset = soffset; ++ ++ rbuf = file_pop_buffer(ms, pb); ++ if (rbuf == NULL && ms->event_flags & EVENT_HAD_ERR) ++ return -1; ++ + if (rv == 1) { + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, F(ms, m, "%u"), offset) == -1) { +@@ -1674,13 +1682,13 @@ mget(struct magic_set *ms, const unsigned char *s, + case FILE_USE: + if (nbytes < offset) + return 0; +- sbuf = m->value.s; +- if (*sbuf == '^') { +- sbuf++; ++ rbuf = m->value.s; ++ if (*rbuf == '^') { ++ rbuf++; + flip = !flip; + } +- if (file_magicfind(ms, sbuf, &ml) == -1) { +- file_error(ms, 0, "cannot find entry `%s'", sbuf); ++ if (file_magicfind(ms, rbuf, &ml) == -1) { ++ file_error(ms, 0, "cannot find entry `%s'", rbuf); + return -1; + } + Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/2-SA-14:30.unbound ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/2-SA-14:30.unbound Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,149 @@ +Index: contrib/unbound/iterator/iterator.c +=================================================================== +--- contrib/unbound/iterator/iterator.c (revision 275717) ++++ contrib/unbound/iterator/iterator.c (working copy) +@@ -117,6 +117,7 @@ iter_new(struct module_qstate* qstate, int id) + iq->query_restart_count = 0; + iq->referral_count = 0; + iq->sent_count = 0; ++ iq->target_count = NULL; + iq->wait_priming_stub = 0; + iq->refetch_glue = 0; + iq->dnssec_expected = 0; +@@ -442,6 +443,26 @@ handle_cname_response(struct module_qstate* qstate + return 1; + } + ++/** create target count structure for this query */ ++static void ++target_count_create(struct iter_qstate* iq) ++{ ++ if(!iq->target_count) { ++ iq->target_count = (int*)calloc(2, sizeof(int)); ++ /* if calloc fails we simply do not track this number */ ++ if(iq->target_count) ++ iq->target_count[0] = 1; ++ } ++} ++ ++static void ++target_count_increase(struct iter_qstate* iq, int num) ++{ ++ target_count_create(iq); ++ if(iq->target_count) ++ iq->target_count[1] += num; ++} ++ + /** + * Generate a subrequest. + * Generate a local request event. Local events are tied to this module, and +@@ -513,6 +534,10 @@ generate_sub_request(uint8_t* qname, size_t qnamel + subiq = (struct iter_qstate*)subq->minfo[id]; + memset(subiq, 0, sizeof(*subiq)); + subiq->num_target_queries = 0; ++ target_count_create(iq); ++ subiq->target_count = iq->target_count; ++ if(iq->target_count) ++ iq->target_count[0] ++; /* extra reference */ + subiq->num_current_queries = 0; + subiq->depth = iq->depth+1; + outbound_list_init(&subiq->outlist); +@@ -1339,6 +1364,12 @@ query_for_targets(struct module_qstate* qstate, st + + if(iq->depth == ie->max_dependency_depth) + return 0; ++ if(iq->depth > 0 && iq->target_count && ++ iq->target_count[1] > MAX_TARGET_COUNT) { ++ verbose(VERB_QUERY, "request has exceeded the maximum " ++ "number of glue fetches %d", iq->target_count[1]); ++ return 0; ++ } + + iter_mark_cycle_targets(qstate, iq->dp); + missing = (int)delegpt_count_missing_targets(iq->dp); +@@ -1487,6 +1518,7 @@ processLastResort(struct module_qstate* qstate, st + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + iq->num_target_queries += qs; ++ target_count_increase(iq, qs); + if(qs != 0) { + qstate->ext_state[id] = module_wait_subquery; + return 0; /* and wait for them */ +@@ -1496,6 +1528,12 @@ processLastResort(struct module_qstate* qstate, st + verbose(VERB_QUERY, "maxdepth and need more nameservers, fail"); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } ++ if(iq->depth > 0 && iq->target_count && ++ iq->target_count[1] > MAX_TARGET_COUNT) { ++ verbose(VERB_QUERY, "request has exceeded the maximum " ++ "number of glue fetches %d", iq->target_count[1]); ++ return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); ++ } + /* mark cycle targets for parent-side lookups */ + iter_mark_pside_cycle_targets(qstate, iq->dp); + /* see if we can issue queries to get nameserver addresses */ +@@ -1525,6 +1563,7 @@ processLastResort(struct module_qstate* qstate, st + if(query_count != 0) { /* suspend to await results */ + verbose(VERB_ALGO, "try parent-side glue lookup"); + iq->num_target_queries += query_count; ++ target_count_increase(iq, query_count); + qstate->ext_state[id] = module_wait_subquery; + return 0; + } +@@ -1680,6 +1719,7 @@ processQueryTargets(struct module_qstate* qstate, + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + iq->num_target_queries += extra; ++ target_count_increase(iq, extra); + if(iq->num_target_queries > 0) { + /* wait to get all targets, we want to try em */ + verbose(VERB_ALGO, "wait for all targets for fallback"); +@@ -1720,6 +1760,7 @@ processQueryTargets(struct module_qstate* qstate, + /* errors ignored, these targets are not strictly necessary for + * this result, we do not have to reply with SERVFAIL */ + iq->num_target_queries += extra; ++ target_count_increase(iq, extra); + } + + /* Add the current set of unused targets to our queue. */ +@@ -1765,6 +1806,7 @@ processQueryTargets(struct module_qstate* qstate, + return 1; + } + iq->num_target_queries += qs; ++ target_count_increase(iq, qs); + } + /* Since a target query might have been made, we + * need to check again. */ +@@ -2847,6 +2889,8 @@ iter_clear(struct module_qstate* qstate, int id) + iq = (struct iter_qstate*)qstate->minfo[id]; + if(iq) { + outbound_list_clear(&iq->outlist); ++ if(iq->target_count && --iq->target_count[0] == 0) ++ free(iq->target_count); + iq->num_current_queries = 0; + } + qstate->minfo[id] = NULL; +Index: contrib/unbound/iterator/iterator.h +=================================================================== +--- contrib/unbound/iterator/iterator.h (revision 275717) ++++ contrib/unbound/iterator/iterator.h (working copy) +@@ -52,6 +52,8 @@ struct iter_donotq; + struct iter_prep_list; + struct iter_priv; + ++/** max number of targets spawned for a query and its subqueries */ ++#define MAX_TARGET_COUNT 32 + /** max number of query restarts. Determines max number of CNAME chain. */ + #define MAX_RESTART_COUNT 8 + /** max number of referrals. Makes sure resolver does not run away */ +@@ -254,6 +256,10 @@ struct iter_qstate { + + /** number of queries fired off */ + int sent_count; ++ ++ /** number of target queries spawned in [1], for this query and its ++ * subqueries, the malloced-array is shared, [0] refcount. */ ++ int* target_count; + + /** + * The query must store NS records from referrals as parentside RRs Added: user/cperciva/freebsd-update-build/patches/8.4-RELEASE/20-SA-14:28.file ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/8.4-RELEASE/20-SA-14:28.file Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,146 @@ +Index: contrib/file/elfclass.h +=================================================================== +--- contrib/file/elfclass.h.orig ++++ contrib/file/elfclass.h +@@ -35,9 +35,11 @@ + switch (type) { + #ifdef ELFCORE + case ET_CORE: ++ phnum = elf_getu16(swap, elfhdr.e_phnum); ++ if (phnum > MAX_PHNUM) ++ return toomany(ms, "program", phnum); + if (dophn_core(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_phoff), +- elf_getu16(swap, elfhdr.e_phnum), ++ (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, + (size_t)elf_getu16(swap, elfhdr.e_phentsize), + fsize, &flags) == -1) + return -1; +@@ -45,18 +47,24 @@ + #endif + case ET_EXEC: + case ET_DYN: ++ phnum = elf_getu16(swap, elfhdr.e_phnum); ++ if (phnum > MAX_PHNUM) ++ return toomany(ms, "program", phnum); ++ shnum = elf_getu16(swap, elfhdr.e_shnum); ++ if (shnum > MAX_SHNUM) ++ return toomany(ms, "section", shnum); + if (dophn_exec(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_phoff), +- elf_getu16(swap, elfhdr.e_phnum), ++ (off_t)elf_getu(swap, elfhdr.e_phoff), phnum, + (size_t)elf_getu16(swap, elfhdr.e_phentsize), +- fsize, &flags, elf_getu16(swap, elfhdr.e_shnum)) +- == -1) ++ fsize, &flags, shnum) == -1) + return -1; + /*FALLTHROUGH*/ + case ET_REL: ++ shnum = elf_getu16(swap, elfhdr.e_shnum); ++ if (shnum > MAX_SHNUM) ++ return toomany(ms, "section", shnum); + if (doshn(ms, clazz, swap, fd, +- (off_t)elf_getu(swap, elfhdr.e_shoff), +- elf_getu16(swap, elfhdr.e_shnum), ++ (off_t)elf_getu(swap, elfhdr.e_shoff), shnum, + (size_t)elf_getu16(swap, elfhdr.e_shentsize), + &flags, + elf_getu16(swap, elfhdr.e_machine)) == -1) +Index: contrib/file/readelf.c +=================================================================== +--- contrib/file/readelf.c.orig ++++ contrib/file/readelf.c +@@ -60,6 +60,18 @@ + private uint32_t getu32(int, uint32_t); + private uint64_t getu64(int, uint64_t); + ++#define MAX_PHNUM 256 ++#define MAX_SHNUM 1024 ++ ++private int ++toomany(struct magic_set *ms, const char *name, uint16_t num) ++{ ++ if (file_printf(ms, ", too many %s header sections (%u)", name, num ++ ) == -1) ++ return -1; ++ return 0; ++} ++ + private uint16_t + getu16(int swap, uint16_t value) + { +@@ -391,13 +403,13 @@ + if (namesz & 0x80000000) { + (void)file_printf(ms, ", bad note name size 0x%lx", + (unsigned long)namesz); +- return offset; ++ return 0; + } + + if (descsz & 0x80000000) { + (void)file_printf(ms, ", bad note description size 0x%lx", + (unsigned long)descsz); +- return offset; ++ return 0; + } + + +@@ -821,6 +833,7 @@ + Elf32_Shdr sh32; + Elf64_Shdr sh64; + int stripped = 1; ++ size_t nbadcap = 0; + void *nbuf; + off_t noff; + uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ +@@ -893,6 +906,8 @@ + case SHT_SUNW_cap: + { + off_t coff; ++ if (nbadcap > 5) ++ break; + if ((off = lseek(fd, (off_t)0, SEEK_CUR)) == + (off_t)-1) { + file_badread(ms); +@@ -933,6 +948,8 @@ + (unsigned long long)xcap_tag, + (unsigned long long)xcap_val) == -1) + return -1; ++ if (nbadcap++ > 2) ++ coff = xsh_size; + break; + } + } +@@ -1139,7 +1156,7 @@ + int flags = 0; + Elf32_Ehdr elf32hdr; + Elf64_Ehdr elf64hdr; +- uint16_t type; ++ uint16_t type, phnum, shnum; + + if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) + return 0; +Index: contrib/file/softmagic.c +=================================================================== +--- contrib/file/softmagic.c.orig ++++ contrib/file/softmagic.c +@@ -61,6 +61,9 @@ + private void cvt_64(union VALUETYPE *, const struct magic *); + + #define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) ++ ++#define MAX_RECURSION_LEVEL 10 ++ + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +@@ -1030,7 +1033,7 @@ + uint32_t count = m->str_range; + union VALUETYPE *p = &ms->ms_value; + +- if (recursion_level >= 20) { ++ if (recursion_level >= MAX_RECURSION_LEVEL) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } Added: user/cperciva/freebsd-update-build/patches/8.4-RELEASE/20-SA-14:29.bind ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/8.4-RELEASE/20-SA-14:29.bind Thu Dec 18 19:33:28 2014 (r275917) @@ -0,0 +1,956 @@ +Index: contrib/bind9/CHANGES +=================================================================== +--- contrib/bind9/CHANGES.orig ++++ contrib/bind9/CHANGES +@@ -1,3 +1,15 @@ ++4006. [security] A flaw in delegation handling could be exploited ++ to put named into an infinite loop. This has ++ been addressed by placing limits on the number ++ of levels of recursion named will allow (default 7), ++ and the number of iterative queries that it will ++ send (default 50) before terminating a recursive ++ query (CVE-2014-8500). ++ ++ The recursion depth limit is configured via the ++ "max-recursion-depth" option, and the query limit ++ via the "max-recursion-queries" option. [RT #37580] ++ + --- 9.8.4-P2 released --- + + 3516. [security] Removed the check for regex.h in configure in order +Index: contrib/bind9/bin/named/config.c +=================================================================== +--- contrib/bind9/bin/named/config.c.orig ++++ contrib/bind9/bin/named/config.c +@@ -15,8 +15,6 @@ + * PERFORMANCE OF THIS SOFTWARE. + */ + +-/* $Id: config.c,v 1.113.16.2 2011/02/28 01:19:58 tbox Exp $ */ +- + /*! \file */ + + #include +@@ -158,6 +156,8 @@ + dnssec-accept-expired no;\n\ + clients-per-query 10;\n\ + max-clients-per-query 100;\n\ ++ max-recursion-depth 7;\n\ ++ max-recursion-queries 50;\n\ + zero-no-soa-ttl-cache no;\n\ + nsec3-test-zone no;\n\ + allow-new-zones no;\n\ +Index: contrib/bind9/bin/named/query.c +=================================================================== +--- contrib/bind9/bin/named/query.c.orig ++++ contrib/bind9/bin/named/query.c +@@ -3755,12 +3755,11 @@ + peeraddr = &client->peeraddr; + else + peeraddr = NULL; +- result = dns_resolver_createfetch2(client->view->resolver, ++ result = dns_resolver_createfetch3(client->view->resolver, + qname, qtype, qdomain, nameservers, + NULL, peeraddr, client->message->id, +- client->query.fetchoptions, +- client->task, +- query_resume, client, ++ client->query.fetchoptions, 0, NULL, ++ client->task, query_resume, client, + rdataset, sigrdataset, + &client->query.fetch); + +Index: contrib/bind9/bin/named/server.c +=================================================================== +--- contrib/bind9/bin/named/server.c.orig ++++ contrib/bind9/bin/named/server.c +@@ -2580,6 +2580,16 @@ + cfg_obj_asuint32(obj), + max_clients_per_query); + ++ obj = NULL; ++ result = ns_config_get(maps, "max-recursion-depth", &obj); ++ INSIST(result == ISC_R_SUCCESS); ++ dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj)); ++ ++ obj = NULL; ++ result = ns_config_get(maps, "max-recursion-queries", &obj); ++ INSIST(result == ISC_R_SUCCESS); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***