Site Navigation

Date:      Mon, 6 Aug 2012 21:33:12 +0000 (UTC)
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r239108 - releng/7.4 releng/7.4/contrib/bind9/lib/dns releng/7.4/sys/conf releng/8.1 releng/8.1/contrib/bind9/lib/dns releng/8.1/sys/conf releng/8.2 releng/8.2/contrib/bind9/lib/dns rel...
Message-ID:  <201208062133.q76LXCBo085117@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: simon
Date: Mon Aug  6 21:33:11 2012
New Revision: 239108
URL: http://svn.freebsd.org/changeset/base/239108

Log:
  Fix named(8) DNSSEC validation Denial of Service.
  
  Security:	FreeBSD-SA-12:05.bind
  Security:	CVE-2012-3817
  Obtained from:	ISC
  Approved by:	so (simon)

Modified:
  stable/7/contrib/bind9/lib/dns/resolver.c

Changes in other areas also in this revision:
Modified:
  releng/7.4/UPDATING
  releng/7.4/contrib/bind9/lib/dns/resolver.c
  releng/7.4/sys/conf/newvers.sh
  releng/8.1/UPDATING
  releng/8.1/contrib/bind9/lib/dns/resolver.c
  releng/8.1/sys/conf/newvers.sh
  releng/8.2/UPDATING
  releng/8.2/contrib/bind9/lib/dns/resolver.c
  releng/8.2/sys/conf/newvers.sh
  releng/8.3/UPDATING
  releng/8.3/contrib/bind9/lib/dns/resolver.c
  releng/8.3/sys/conf/newvers.sh
  releng/9.0/UPDATING
  releng/9.0/contrib/bind9/lib/dns/resolver.c
  releng/9.0/sys/conf/newvers.sh

Modified: stable/7/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- stable/7/contrib/bind9/lib/dns/resolver.c	Mon Aug  6 21:24:43 2012	(r239107)
+++ stable/7/contrib/bind9/lib/dns/resolver.c	Mon Aug  6 21:33:11 2012	(r239108)
@@ -7620,6 +7620,7 @@ dns_resolver_addbadcache(dns_resolver_t 
 		}
 		bad->type = type;
 		bad->hashval = hashval;
+		bad->expire = *expire;
 		isc_buffer_init(&buffer, bad + 1, name->length);
 		dns_name_init(&bad->name, NULL);
 		dns_name_copy(name, &bad->name, &buffer);
@@ -7631,8 +7632,8 @@ dns_resolver_addbadcache(dns_resolver_t 
 		if (resolver->badcount < resolver->badhash * 2 &&
 		    resolver->badhash > DNS_BADCACHE_SIZE)
 			resizehash(resolver, &now, ISC_FALSE);
-	}
-	bad->expire = *expire;
+	} else
+		bad->expire = *expire;
  cleanup:
 	UNLOCK(&resolver->lock);
 }

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208062133.q76LXCBo085117>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact