From owner-svn-src-stable-7@FreeBSD.ORG Thu Nov 17 01:10:16 2011 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CBDB110657BD; Thu, 17 Nov 2011 01:10:16 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B9EEF8FC08; Thu, 17 Nov 2011 01:10:16 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pAH1AGp7075063; Thu, 17 Nov 2011 01:10:16 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pAH1AGCP075058; Thu, 17 Nov 2011 01:10:16 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201111170110.pAH1AGCP075058@svn.freebsd.org> From: Doug Barton Date: Thu, 17 Nov 2011 01:10:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r227603 - in stable/7/contrib/bind9: . bin/named lib/dns X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2011 01:10:16 -0000 Author: dougb Date: Thu Nov 17 01:10:16 2011 New Revision: 227603 URL: http://svn.freebsd.org/changeset/base/227603 Log: Upgrade to BIND 9.4-ESV-R5-P1 to address the following DDOS bug: Recursive name servers are failing with an assertion: INSIST(! dns_rdataset_isassociated(sigrdataset)) At this time it is not thought that authoritative-only servers are affected, but information about this bug is evolving rapidly. Because it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately. For more information see: https://www.isc.org/software/bind/advisories/cve-2011-tbd which will be updated as more information becomes available. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313 Modified: stable/7/contrib/bind9/CHANGES stable/7/contrib/bind9/bin/named/query.c stable/7/contrib/bind9/lib/dns/rbtdb.c stable/7/contrib/bind9/version Directory Properties: stable/7/contrib/bind9/ (props changed) Modified: stable/7/contrib/bind9/CHANGES ============================================================================== --- stable/7/contrib/bind9/CHANGES Thu Nov 17 01:05:57 2011 (r227602) +++ stable/7/contrib/bind9/CHANGES Thu Nov 17 01:10:16 2011 (r227603) @@ -1,3 +1,9 @@ + --- 9.4-ESV-R5-P1 released --- + +3218. [security] Cache lookup could return RRSIG data associated with + nonexistent records, leading to an assertion + failure. [RT #26590] + --- 9.4-ESV-R5 released --- 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing. Modified: stable/7/contrib/bind9/bin/named/query.c ============================================================================== --- stable/7/contrib/bind9/bin/named/query.c Thu Nov 17 01:05:57 2011 (r227602) +++ stable/7/contrib/bind9/bin/named/query.c Thu Nov 17 01:10:16 2011 (r227603) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.257.18.56 2010-11-17 10:21:01 marka Exp $ */ +/* $Id: query.c,v 1.257.18.56.12.1 2011-11-16 09:33:40 each Exp $ */ /*! \file */ @@ -1251,11 +1251,9 @@ query_addadditional(void *arg, dns_name_ goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1296,8 +1294,9 @@ query_addadditional(void *arg, dns_name_ goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1746,10 +1745,8 @@ query_addadditional2(void *arg, dns_name goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ Modified: stable/7/contrib/bind9/lib/dns/rbtdb.c ============================================================================== --- stable/7/contrib/bind9/lib/dns/rbtdb.c Thu Nov 17 01:05:57 2011 (r227602) +++ stable/7/contrib/bind9/lib/dns/rbtdb.c Thu Nov 17 01:10:16 2011 (r227603) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.196.18.67 2011-06-09 00:42:47 each Exp $ */ +/* $Id: rbtdb.c,v 1.196.18.67.2.1 2011-11-16 09:33:41 each Exp $ */ /*! \file */ @@ -3672,7 +3672,7 @@ cache_find(dns_db_t *db, dns_name_t *nam result == DNS_R_NCACHENXRRSET) { bind_rdataset(search.rbtdb, node, found, search.now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); } @@ -4258,7 +4258,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn } if (found != NULL) { bind_rdataset(rbtdb, rbtnode, found, now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(rbtdb, rbtnode, foundsig, now, sigrdataset); } Modified: stable/7/contrib/bind9/version ============================================================================== --- stable/7/contrib/bind9/version Thu Nov 17 01:05:57 2011 (r227602) +++ stable/7/contrib/bind9/version Thu Nov 17 01:10:16 2011 (r227603) @@ -1,4 +1,4 @@ -# $Id: version,v 1.29.134.35 2011-07-21 02:11:00 marka Exp $ +# $Id: version,v 1.29.134.35.2.1 2011-11-16 09:33:40 each Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=4 PATCHVER= RELEASETYPE=-ESV -RELEASEVER=-R5 +RELEASEVER=-R5-P1