From owner-svn-src-all@FreeBSD.ORG  Thu Dec  1 21:18:00 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2301F1065673;
	Thu,  1 Dec 2011 21:18:00 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 113D68FC1B;
	Thu,  1 Dec 2011 21:18:00 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pB1LHxln062393;
	Thu, 1 Dec 2011 21:17:59 GMT (envelope-from dougb@svn.freebsd.org)
Received: (from dougb@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id pB1LHxg1062388;
	Thu, 1 Dec 2011 21:17:59 GMT (envelope-from dougb@svn.freebsd.org)
Message-Id: <201112012117.pB1LHxg1062388@svn.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Thu, 1 Dec 2011 21:17:59 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-releng@freebsd.org
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r228190 - in releng/9.0/contrib/bind9: . bin/named
	lib/dns
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2011 21:18:00 -0000

Author: dougb
Date: Thu Dec  1 21:17:59 2011
New Revision: 228190
URL: http://svn.freebsd.org/changeset/base/228190

Log:
  Upgrade to BIND 9.8.1-P1 to address the following DDOS bug:
  
  Recursive name servers are failing with an assertion:
  INSIST(! dns_rdataset_isassociated(sigrdataset))
  
  At this time it is not thought that authoritative-only servers
  are affected, but information about this bug is evolving rapidly.
  
  Because it may be possible to trigger this bug even on networks
  that do not allow untrusted users to access the recursive name
  servers (perhaps via specially crafted e-mail messages, and/or
  malicious web sites) it is recommended that ALL operators of
  recursive name servers upgrade immediately.
  
  For more information see:
  https://www.isc.org/software/bind/advisories/cve-2011-4313
  which will be updated as more information becomes available.
  
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
  
  Approved by:	re (kib)

Modified:
  releng/9.0/contrib/bind9/CHANGES
  releng/9.0/contrib/bind9/bin/named/query.c
  releng/9.0/contrib/bind9/lib/dns/rbtdb.c
  releng/9.0/contrib/bind9/version
Directory Properties:
  releng/9.0/contrib/bind9/   (props changed)

Modified: releng/9.0/contrib/bind9/CHANGES
==============================================================================
--- releng/9.0/contrib/bind9/CHANGES	Thu Dec  1 21:13:41 2011	(r228189)
+++ releng/9.0/contrib/bind9/CHANGES	Thu Dec  1 21:17:59 2011	(r228190)
@@ -1,3 +1,9 @@
+	--- 9.8.1-P1 released ---
+
+3218.	[security]	Cache lookup could return RRSIG data associated with
+			nonexistent records, leading to an assertion
+			failure. [RT #26590]
+
 	--- 9.8.1 released ---
 
 	--- 9.8.1rc1 released ---

Modified: releng/9.0/contrib/bind9/bin/named/query.c
==============================================================================
--- releng/9.0/contrib/bind9/bin/named/query.c	Thu Dec  1 21:13:41 2011	(r228189)
+++ releng/9.0/contrib/bind9/bin/named/query.c	Thu Dec  1 21:17:59 2011	(r228190)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
+/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */
 
 /*! \file */
 
@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			/*
-			 * Negative cache entries don't have sigrdatasets.
-			 */
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
 		goto setcache;
 	if (result == DNS_R_NCACHENXRRSET) {
 		dns_rdataset_disassociate(rdataset);
-		/*
-		 * Negative cache entries don't have sigrdatasets.
-		 */
-		INSIST(! dns_rdataset_isassociated(sigrdataset));
+		if (dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
 	}
 	if (result == ISC_R_SUCCESS) {
 		/* Remember the result as a cache */

Modified: releng/9.0/contrib/bind9/lib/dns/rbtdb.c
==============================================================================
--- releng/9.0/contrib/bind9/lib/dns/rbtdb.c	Thu Dec  1 21:13:41 2011	(r228189)
+++ releng/9.0/contrib/bind9/lib/dns/rbtdb.c	Thu Dec  1 21:17:59 2011	(r228190)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */
+/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */
 
 /*! \file */
 
@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
 			      rdataset);
 		if (need_headerupdate(found, search.now))
 			update = found;
-		if (foundsig != NULL) {
+		if (!NEGATIVE(found) && foundsig != NULL) {
 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
 				      sigrdataset);
 			if (need_headerupdate(foundsig, search.now))
@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
 	}
 	if (found != NULL) {
 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-		if (foundsig != NULL)
+		if (!NEGATIVE(found) && foundsig != NULL)
 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
 				      sigrdataset);
 	}

Modified: releng/9.0/contrib/bind9/version
==============================================================================
--- releng/9.0/contrib/bind9/version	Thu Dec  1 21:13:41 2011	(r228189)
+++ releng/9.0/contrib/bind9/version	Thu Dec  1 21:17:59 2011	(r228190)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $
+# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=8
 PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1