Date: Wed, 29 Jul 2009 00:14:14 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r195935 - in releng: 6.3 6.3/contrib/bind9/bin/named 6.3/sys/conf 6.4 6.4/contrib/bind9/bin/named 6.4/sys/conf 7.1 7.1/contrib/bind9/bin/named 7.1/sys/conf 7.2 7.2/contrib/bind9/bin/nam... Message-ID: <200907290014.n6T0EEk3047874@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Wed Jul 29 00:14:14 2009 New Revision: 195935 URL: http://svn.freebsd.org/changeset/base/195935 Log: Fix BIND named(8) dynamic update message remote DoS. Obtained from: ISC Security: FreeBSD-SA-09:12.bind Security: CVE-2009-0696 Approved by: so (simon) Modified: releng/6.3/UPDATING releng/6.3/contrib/bind9/bin/named/update.c releng/6.3/sys/conf/newvers.sh releng/6.4/UPDATING releng/6.4/contrib/bind9/bin/named/update.c releng/6.4/sys/conf/newvers.sh releng/7.1/UPDATING releng/7.1/contrib/bind9/bin/named/update.c releng/7.1/sys/conf/newvers.sh releng/7.2/UPDATING releng/7.2/contrib/bind9/bin/named/update.c releng/7.2/sys/conf/newvers.sh Modified: releng/6.3/UPDATING ============================================================================== --- releng/6.3/UPDATING Wed Jul 29 00:13:47 2009 (r195934) +++ releng/6.3/UPDATING Wed Jul 29 00:14:14 2009 (r195935) @@ -8,6 +8,9 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20090729: p12 FreeBSD-SA-09:12.bind + Fix BIND named(8) dynamic update message remote DoS. + 20090610: p11 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6, FreeBSD-SA-09:11.ntpd Prevent integer overflow in direct pipe write code from circumventing Modified: releng/6.3/contrib/bind9/bin/named/update.c ============================================================================== --- releng/6.3/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934) +++ releng/6.3/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935) @@ -859,7 +859,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t * if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* Modified: releng/6.3/sys/conf/newvers.sh ============================================================================== --- releng/6.3/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934) +++ releng/6.3/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="6.3" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/6.4/UPDATING ============================================================================== --- releng/6.4/UPDATING Wed Jul 29 00:13:47 2009 (r195934) +++ releng/6.4/UPDATING Wed Jul 29 00:14:14 2009 (r195935) @@ -8,6 +8,9 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20090729: p6 FreeBSD-SA-09:12.bind + Fix BIND named(8) dynamic update message remote DoS. + 20090610: p5 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6, FreeBSD-SA-09:11.ntpd Prevent integer overflow in direct pipe write code from circumventing Modified: releng/6.4/contrib/bind9/bin/named/update.c ============================================================================== --- releng/6.4/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934) +++ releng/6.4/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935) @@ -863,7 +863,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t * if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* Modified: releng/6.4/sys/conf/newvers.sh ============================================================================== --- releng/6.4/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934) +++ releng/6.4/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="6.4" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/7.1/UPDATING ============================================================================== --- releng/7.1/UPDATING Wed Jul 29 00:13:47 2009 (r195934) +++ releng/7.1/UPDATING Wed Jul 29 00:14:14 2009 (r195935) @@ -8,6 +8,9 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20090729: p7 FreeBSD-SA-09:12.bind + Fix BIND named(8) dynamic update message remote DoS. + 20090610: p6 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6, FreeBSD-SA-09:11.ntpd Prevent integer overflow in direct pipe write code from circumventing Modified: releng/7.1/contrib/bind9/bin/named/update.c ============================================================================== --- releng/7.1/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934) +++ releng/7.1/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935) @@ -861,7 +861,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t * if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* Modified: releng/7.1/sys/conf/newvers.sh ============================================================================== --- releng/7.1/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934) +++ releng/7.1/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="7.1" -BRANCH="RELEASE-p6" +BRANCH="RELEASE-p7" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/7.2/UPDATING ============================================================================== --- releng/7.2/UPDATING Wed Jul 29 00:13:47 2009 (r195934) +++ releng/7.2/UPDATING Wed Jul 29 00:14:14 2009 (r195935) @@ -8,6 +8,9 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20090729: p3 FreeBSD-SA-09:12.bind + Fix BIND named(8) dynamic update message remote DoS. + 20090624: p2 FreeBSD-EN-09:02.bce, FreeBSD-EN-09:03.fxp, FreeBSD-EN-09:04.fork Fix packet length calculation in bce(4). [EN-09:02] Modified: releng/7.2/contrib/bind9/bin/named/update.c ============================================================================== --- releng/7.2/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934) +++ releng/7.2/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935) @@ -865,7 +865,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t * if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* Modified: releng/7.2/sys/conf/newvers.sh ============================================================================== --- releng/7.2/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934) +++ releng/7.2/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="7.2" -BRANCH="RELEASE-p2" +BRANCH="RELEASE-p3" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907290014.n6T0EEk3047874>