From owner-svn-src-all@FreeBSD.ORG  Wed Jul 29 00:14:15 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0093D106566B;
	Wed, 29 Jul 2009 00:14:15 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id DF4DF8FC1B;
	Wed, 29 Jul 2009 00:14:14 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6T0EE5L047887;
	Wed, 29 Jul 2009 00:14:14 GMT (envelope-from simon@svn.freebsd.org)
Received: (from simon@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6T0EEk3047874;
	Wed, 29 Jul 2009 00:14:14 GMT (envelope-from simon@svn.freebsd.org)
Message-Id: <200907290014.n6T0EEk3047874@svn.freebsd.org>
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Wed, 29 Jul 2009 00:14:14 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-releng@freebsd.org
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r195935 - in releng: 6.3 6.3/contrib/bind9/bin/named
	6.3/sys/conf 6.4 6.4/contrib/bind9/bin/named 6.4/sys/conf 7.1
	7.1/contrib/bind9/bin/named 7.1/sys/conf 7.2
	7.2/contrib/bind9/bin/nam...
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2009 00:14:15 -0000

Author: simon
Date: Wed Jul 29 00:14:14 2009
New Revision: 195935
URL: http://svn.freebsd.org/changeset/base/195935

Log:
  Fix BIND named(8) dynamic update message remote DoS.
  
  Obtained from:	ISC
  Security:	FreeBSD-SA-09:12.bind
  Security:	CVE-2009-0696
  Approved by:	so (simon)

Modified:
  releng/6.3/UPDATING
  releng/6.3/contrib/bind9/bin/named/update.c
  releng/6.3/sys/conf/newvers.sh
  releng/6.4/UPDATING
  releng/6.4/contrib/bind9/bin/named/update.c
  releng/6.4/sys/conf/newvers.sh
  releng/7.1/UPDATING
  releng/7.1/contrib/bind9/bin/named/update.c
  releng/7.1/sys/conf/newvers.sh
  releng/7.2/UPDATING
  releng/7.2/contrib/bind9/bin/named/update.c
  releng/7.2/sys/conf/newvers.sh

Modified: releng/6.3/UPDATING
==============================================================================
--- releng/6.3/UPDATING	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/6.3/UPDATING	Wed Jul 29 00:14:14 2009	(r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20090729:	p12	FreeBSD-SA-09:12.bind
+	Fix BIND named(8) dynamic update message remote DoS.
+
 20090610:	p11	FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
 			FreeBSD-SA-09:11.ntpd
 	Prevent integer overflow in direct pipe write code from circumventing

Modified: releng/6.3/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/6.3/contrib/bind9/bin/named/update.c	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/6.3/contrib/bind9/bin/named/update.c	Wed Jul 29 00:14:14 2009	(r195935)
@@ -859,7 +859,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*

Modified: releng/6.3/sys/conf/newvers.sh
==============================================================================
--- releng/6.3/sys/conf/newvers.sh	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/6.3/sys/conf/newvers.sh	Wed Jul 29 00:14:14 2009	(r195935)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="6.3"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/6.4/UPDATING
==============================================================================
--- releng/6.4/UPDATING	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/6.4/UPDATING	Wed Jul 29 00:14:14 2009	(r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20090729:	p6	FreeBSD-SA-09:12.bind
+	Fix BIND named(8) dynamic update message remote DoS.
+
 20090610:	p5	FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
 			FreeBSD-SA-09:11.ntpd
 	Prevent integer overflow in direct pipe write code from circumventing

Modified: releng/6.4/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/6.4/contrib/bind9/bin/named/update.c	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/6.4/contrib/bind9/bin/named/update.c	Wed Jul 29 00:14:14 2009	(r195935)
@@ -863,7 +863,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*

Modified: releng/6.4/sys/conf/newvers.sh
==============================================================================
--- releng/6.4/sys/conf/newvers.sh	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/6.4/sys/conf/newvers.sh	Wed Jul 29 00:14:14 2009	(r195935)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="6.4"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/7.1/UPDATING
==============================================================================
--- releng/7.1/UPDATING	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/7.1/UPDATING	Wed Jul 29 00:14:14 2009	(r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20090729:	p7	FreeBSD-SA-09:12.bind
+	Fix BIND named(8) dynamic update message remote DoS.
+
 20090610:	p6	FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
 			FreeBSD-SA-09:11.ntpd
 	Prevent integer overflow in direct pipe write code from circumventing

Modified: releng/7.1/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/7.1/contrib/bind9/bin/named/update.c	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/7.1/contrib/bind9/bin/named/update.c	Wed Jul 29 00:14:14 2009	(r195935)
@@ -861,7 +861,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*

Modified: releng/7.1/sys/conf/newvers.sh
==============================================================================
--- releng/7.1/sys/conf/newvers.sh	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/7.1/sys/conf/newvers.sh	Wed Jul 29 00:14:14 2009	(r195935)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="7.1"
-BRANCH="RELEASE-p6"
+BRANCH="RELEASE-p7"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/7.2/UPDATING
==============================================================================
--- releng/7.2/UPDATING	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/7.2/UPDATING	Wed Jul 29 00:14:14 2009	(r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20090729:	p3	FreeBSD-SA-09:12.bind
+	Fix BIND named(8) dynamic update message remote DoS.
+
 20090624:	p2	FreeBSD-EN-09:02.bce, FreeBSD-EN-09:03.fxp,
 			FreeBSD-EN-09:04.fork
 	Fix packet length calculation in bce(4). [EN-09:02]

Modified: releng/7.2/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/7.2/contrib/bind9/bin/named/update.c	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/7.2/contrib/bind9/bin/named/update.c	Wed Jul 29 00:14:14 2009	(r195935)
@@ -865,7 +865,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*

Modified: releng/7.2/sys/conf/newvers.sh
==============================================================================
--- releng/7.2/sys/conf/newvers.sh	Wed Jul 29 00:13:47 2009	(r195934)
+++ releng/7.2/sys/conf/newvers.sh	Wed Jul 29 00:14:14 2009	(r195935)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="7.2"
-BRANCH="RELEASE-p2"
+BRANCH="RELEASE-p3"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi