From owner-svn-src-all@FreeBSD.ORG Sat May 28 08:44:40 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55BAC106564A; Sat, 28 May 2011 08:44:40 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 42B7B8FC18; Sat, 28 May 2011 08:44:40 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p4S8ieQq076208; Sat, 28 May 2011 08:44:40 GMT (envelope-from simon@svn.freebsd.org) Received: (from simon@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p4S8ieZL076195; Sat, 28 May 2011 08:44:40 GMT (envelope-from simon@svn.freebsd.org) Message-Id: <201105280844.p4S8ieZL076195@svn.freebsd.org> From: "Simon L. Nielsen" Date: Sat, 28 May 2011 08:44:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r222416 - in releng: 7.3 7.3/contrib/bind9/lib/dns 7.3/sys/conf 7.4 7.4/contrib/bind9/lib/dns 7.4/sys/conf 8.1 8.1/contrib/bind9/lib/dns 8.1/sys/conf 8.2 8.2/contrib/bind9/lib/dns 8.2/s... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 May 2011 08:44:40 -0000 Author: simon Date: Sat May 28 08:44:39 2011 New Revision: 222416 URL: http://svn.freebsd.org/changeset/base/222416 Log: Fix an off by one which can result in a assertion failure in BIND related to large RRSIG RRsets and Negative Caching. This can cause named to crash. Security: FreeBSD-SA-11:02.bind Security: CVE-2011-1910 Security: https://www.isc.org/software/bind/advisories/cve-2011-1910 Obtained from: ISC Approved by: so (simon) Modified: releng/7.3/UPDATING releng/7.3/contrib/bind9/lib/dns/ncache.c releng/7.3/sys/conf/newvers.sh releng/7.4/UPDATING releng/7.4/contrib/bind9/lib/dns/ncache.c releng/7.4/sys/conf/newvers.sh releng/8.1/UPDATING releng/8.1/contrib/bind9/lib/dns/ncache.c releng/8.1/sys/conf/newvers.sh releng/8.2/UPDATING releng/8.2/contrib/bind9/lib/dns/ncache.c releng/8.2/sys/conf/newvers.sh Modified: releng/7.3/UPDATING ============================================================================== --- releng/7.3/UPDATING Sat May 28 08:43:24 2011 (r222415) +++ releng/7.3/UPDATING Sat May 28 08:44:39 2011 (r222416) @@ -8,6 +8,10 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20110528: p6 FreeBSD-SA-11:02.bind + Fix BIND remote DoS with large RRSIG RRsets and negative + caching. + 20110420: p5 FreeBSD-SA-11:01.mountd Fix CIDR parsing bug in mountd ACLs. Modified: releng/7.3/contrib/bind9/lib/dns/ncache.c ============================================================================== --- releng/7.3/contrib/bind9/lib/dns/ncache.c Sat May 28 08:43:24 2011 (r222415) +++ releng/7.3/contrib/bind9/lib/dns/ncache.c Sat May 28 08:44:39 2011 (r222416) @@ -160,7 +160,7 @@ dns_ncache_add(dns_message_t *message, d */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); Modified: releng/7.3/sys/conf/newvers.sh ============================================================================== --- releng/7.3/sys/conf/newvers.sh Sat May 28 08:43:24 2011 (r222415) +++ releng/7.3/sys/conf/newvers.sh Sat May 28 08:44:39 2011 (r222416) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="7.3" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/7.4/UPDATING ============================================================================== --- releng/7.4/UPDATING Sat May 28 08:43:24 2011 (r222415) +++ releng/7.4/UPDATING Sat May 28 08:44:39 2011 (r222416) @@ -8,6 +8,10 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20110528: p2 FreeBSD-SA-11:02.bind + Fix BIND remote DoS with large RRSIG RRsets and negative + caching. + 20110420: p1 FreeBSD-SA-11:01.mountd Fix CIDR parsing bug in mountd ACLs. Modified: releng/7.4/contrib/bind9/lib/dns/ncache.c ============================================================================== --- releng/7.4/contrib/bind9/lib/dns/ncache.c Sat May 28 08:43:24 2011 (r222415) +++ releng/7.4/contrib/bind9/lib/dns/ncache.c Sat May 28 08:44:39 2011 (r222416) @@ -175,7 +175,7 @@ dns_ncache_add(dns_message_t *message, d */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); Modified: releng/7.4/sys/conf/newvers.sh ============================================================================== --- releng/7.4/sys/conf/newvers.sh Sat May 28 08:43:24 2011 (r222415) +++ releng/7.4/sys/conf/newvers.sh Sat May 28 08:44:39 2011 (r222416) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="7.4" -BRANCH="RELEASE-p1" +BRANCH="RELEASE-p2" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.1/UPDATING ============================================================================== --- releng/8.1/UPDATING Sat May 28 08:43:24 2011 (r222415) +++ releng/8.1/UPDATING Sat May 28 08:44:39 2011 (r222416) @@ -15,6 +15,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20110528: p4 FreeBSD-SA-11:02.bind + Fix BIND remote DoS with large RRSIG RRsets and negative + caching. + 20110420: p3 FreeBSD-SA-11:01.mountd Fix CIDR parsing bug in mountd ACLs. Modified: releng/8.1/contrib/bind9/lib/dns/ncache.c ============================================================================== --- releng/8.1/contrib/bind9/lib/dns/ncache.c Sat May 28 08:43:24 2011 (r222415) +++ releng/8.1/contrib/bind9/lib/dns/ncache.c Sat May 28 08:44:39 2011 (r222416) @@ -185,7 +185,7 @@ dns_ncache_addoptout(dns_message_t *mess */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); Modified: releng/8.1/sys/conf/newvers.sh ============================================================================== --- releng/8.1/sys/conf/newvers.sh Sat May 28 08:43:24 2011 (r222415) +++ releng/8.1/sys/conf/newvers.sh Sat May 28 08:44:39 2011 (r222416) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.1" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.2/UPDATING ============================================================================== --- releng/8.2/UPDATING Sat May 28 08:43:24 2011 (r222415) +++ releng/8.2/UPDATING Sat May 28 08:44:39 2011 (r222416) @@ -15,6 +15,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20110528: p2 FreeBSD-SA-11:02.bind + Fix BIND remote DoS with large RRSIG RRsets and negative + caching. + 20110420: p1 FreeBSD-SA-11:01.mountd Fix CIDR parsing bug in mountd ACLs. Modified: releng/8.2/contrib/bind9/lib/dns/ncache.c ============================================================================== --- releng/8.2/contrib/bind9/lib/dns/ncache.c Sat May 28 08:43:24 2011 (r222415) +++ releng/8.2/contrib/bind9/lib/dns/ncache.c Sat May 28 08:44:39 2011 (r222416) @@ -186,7 +186,7 @@ dns_ncache_addoptout(dns_message_t *mess */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); Modified: releng/8.2/sys/conf/newvers.sh ============================================================================== --- releng/8.2/sys/conf/newvers.sh Sat May 28 08:43:24 2011 (r222415) +++ releng/8.2/sys/conf/newvers.sh Sat May 28 08:44:39 2011 (r222416) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.2" -BRANCH="RELEASE-p1" +BRANCH="RELEASE-p2" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi