Date: Tue, 5 Jul 2011 19:37:48 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r223803 - in vendor/bind9/dist: . bin/named lib/dns lib/dns/include/dns Message-ID: <201107051937.p65JbmBe082833@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dougb Date: Tue Jul 5 19:37:48 2011 New Revision: 223803 URL: http://svn.freebsd.org/changeset/base/223803 Log: Vendor import of BIND 9.6-ESV-R4-P3 Modified: vendor/bind9/dist/CHANGES vendor/bind9/dist/bin/named/bind9.xsl.h vendor/bind9/dist/lib/dns/api vendor/bind9/dist/lib/dns/include/dns/masterdump.h vendor/bind9/dist/lib/dns/include/dns/rdataset.h vendor/bind9/dist/lib/dns/masterdump.c vendor/bind9/dist/lib/dns/message.c vendor/bind9/dist/lib/dns/ncache.c vendor/bind9/dist/lib/dns/rbtdb.c vendor/bind9/dist/lib/dns/rdataset.c vendor/bind9/dist/lib/dns/resolver.c vendor/bind9/dist/lib/dns/validator.c vendor/bind9/dist/version Modified: vendor/bind9/dist/CHANGES ============================================================================== --- vendor/bind9/dist/CHANGES Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/CHANGES Tue Jul 5 19:37:48 2011 (r223803) @@ -1,3 +1,16 @@ + --- 9.6-ESV-R4-P3 released --- + +3124. [bug] Use an rdataset attribute flag to indicate + negative-cache records rather than using rrtype 0; + this will prevent problems when that rrtype is + used in actual DNS packets. [RT #24777] + + --- 9.6-ESV-R4-P2 released (withdrawn) --- + +3123. [security] Change #2912 exposed a latent flaw in + dns_rdataset_totext() that could cause named to + crash with an assertion failure. [RT #24777] + --- 9.6-ESV-R4-P1 released --- 3121. [security] An authoritative name server sending a negative Modified: vendor/bind9/dist/bin/named/bind9.xsl.h ============================================================================== --- vendor/bind9/dist/bin/named/bind9.xsl.h Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/bin/named/bind9.xsl.h Tue Jul 5 19:37:48 2011 (r223803) @@ -1,6 +1,6 @@ /* - * Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp - * From bind9.xsl 1.19.82.2 2009/01/29 23:47:43 tbox Exp + * Generated by convertxsl.pl 1.14 2008-07-17 23:43:26 jinmei Exp + * From bind9.xsl 1.19.82.2 2009-01-29 23:47:43 tbox Exp */ static char xslmsg[] = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" @@ -20,7 +20,7 @@ static char xslmsg[] = " - PERFORMANCE OF THIS SOFTWARE.\n" "-->\n" "\n" - "<!-- \045Id: bind9.xsl,v 1.19.82.2 2009/01/29 23:47:43 tbox Exp \045 -->\n" + "<!-- \045Id: bind9.xsl,v 1.19.82.2 2009-01-29 23:47:43 tbox Exp \045 -->\n" "\n" "<xsl:stylesheet version=\"1.0\"\n" " xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n" Modified: vendor/bind9/dist/lib/dns/api ============================================================================== --- vendor/bind9/dist/lib/dns/api Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/api Tue Jul 5 19:37:48 2011 (r223803) @@ -1,3 +1,3 @@ LIBINTERFACE = 59 -LIBREVISION = 4 +LIBREVISION = 5 LIBAGE = 1 Modified: vendor/bind9/dist/lib/dns/include/dns/masterdump.h ============================================================================== --- vendor/bind9/dist/lib/dns/include/dns/masterdump.h Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/include/dns/masterdump.h Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.42.602.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: masterdump.h,v 1.42.602.2 2011-06-02 23:46:22 tbox Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 Modified: vendor/bind9/dist/lib/dns/include/dns/rdataset.h ============================================================================== --- vendor/bind9/dist/lib/dns/include/dns/rdataset.h Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/include/dns/rdataset.h Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.65.50.4.6.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: rdataset.h,v 1.65.50.4.6.3 2011-06-21 20:13:23 each Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -203,6 +203,7 @@ struct dns_rdataset { #define DNS_RDATASETATTR_RESIGN 0x00040000 #define DNS_RDATASETATTR_CLOSEST 0x00080000 #define DNS_RDATASETATTR_OPTOUT 0x00100000 /*%< OPTOUT proof */ +#define DNS_RDATASETATTR_NEGATIVE 0x00200000 /*% * _OMITDNSSEC: Modified: vendor/bind9/dist/lib/dns/masterdump.c ============================================================================== --- vendor/bind9/dist/lib/dns/masterdump.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/masterdump.c Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.94.50.3.18.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: masterdump.c,v 1.94.50.3.18.3 2011-06-21 20:13:22 each Exp $ */ /*! \file */ @@ -356,6 +356,7 @@ rdataset_totext(dns_rdataset_t *rdataset isc_uint32_t current_ttl; isc_boolean_t current_ttl_valid; dns_rdatatype_t type; + unsigned int type_start; REQUIRE(DNS_RDATASET_VALID(rdataset)); @@ -437,29 +438,26 @@ rdataset_totext(dns_rdataset_t *rdataset * Type. */ - if (rdataset->type == 0) { + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { type = rdataset->covers; } else { type = rdataset->type; } - { - unsigned int type_start; - INDENT_TO(type_column); - type_start = target->used; - if (rdataset->type == 0) - RETERR(str_totext("\\-", target)); - result = dns_rdatatype_totext(type, target); - if (result != ISC_R_SUCCESS) - return (result); - column += (target->used - type_start); - } + INDENT_TO(type_column); + type_start = target->used; + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + RETERR(str_totext("\\-", target)); + result = dns_rdatatype_totext(type, target); + if (result != ISC_R_SUCCESS) + return (result); + column += (target->used - type_start); /* * Rdata. */ INDENT_TO(rdata_column); - if (rdataset->type == 0) { + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { if (NXDOMAIN(rdataset)) RETERR(str_totext(";-$NXDOMAIN\n", target)); else @@ -814,7 +812,7 @@ dump_rdatasets_text(isc_mem_t *mctx, dns if (ctx->style.flags & DNS_STYLEFLAG_TRUST) { fprintf(f, "; %s\n", dns_trust_totext(rds->trust)); } - if (rds->type == 0 && + if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ } else { @@ -979,7 +977,7 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_ dns_rdataset_init(&rdataset); dns_rdatasetiter_current(rdsiter, &rdataset); - if (rdataset.type == 0 && + if (((rdataset.attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ } else { Modified: vendor/bind9/dist/lib/dns/message.c ============================================================================== --- vendor/bind9/dist/lib/dns/message.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/message.c Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.245.50.7 2010-06-03 05:29:03 marka Exp $ */ +/* $Id: message.c,v 1.245.50.7.6.3 2011-06-21 20:13:22 each Exp $ */ /*! \file */ @@ -2469,7 +2469,7 @@ dns_message_peekheader(isc_buffer_t *sou isc_result_t dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) { - unsigned int first_section; + unsigned int clear_after; isc_result_t result; REQUIRE(DNS_MESSAGE_VALID(msg)); @@ -2481,15 +2481,15 @@ dns_message_reply(dns_message_t *msg, is msg->opcode != dns_opcode_notify) want_question_section = ISC_FALSE; if (msg->opcode == dns_opcode_update) - first_section = DNS_SECTION_ADDITIONAL; + clear_after = DNS_SECTION_PREREQUISITE; else if (want_question_section) { if (!msg->question_ok) return (DNS_R_FORMERR); - first_section = DNS_SECTION_ANSWER; + clear_after = DNS_SECTION_ANSWER; } else - first_section = DNS_SECTION_QUESTION; + clear_after = DNS_SECTION_QUESTION; msg->from_to_wire = DNS_MESSAGE_INTENTRENDER; - msgresetnames(msg, first_section); + msgresetnames(msg, clear_after); msgresetopt(msg); msgresetsigs(msg, ISC_TRUE); msginitprivate(msg); Modified: vendor/bind9/dist/lib/dns/ncache.c ============================================================================== --- vendor/bind9/dist/lib/dns/ncache.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/ncache.c Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.43.48.7.6.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: ncache.c,v 1.43.48.7.6.3 2011-06-21 20:13:22 each Exp $ */ /*! \file */ @@ -294,6 +294,7 @@ dns_ncache_addoptout(dns_message_t *mess RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset) == ISC_R_SUCCESS); ncrdataset.trust = trust; + ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE; if (message->rcode == dns_rcode_nxdomain) ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN; if (optout) @@ -324,6 +325,7 @@ dns_ncache_towire(dns_rdataset_t *rdatas REQUIRE(rdataset != NULL); REQUIRE(rdataset->type == 0); + REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); savedbuffer = *target; count = 0; @@ -552,6 +554,7 @@ dns_ncache_getrdataset(dns_rdataset_t *n REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); REQUIRE(type != dns_rdatatype_rrsig); @@ -628,6 +631,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); @@ -727,6 +731,7 @@ dns_ncache_current(dns_rdataset_t *ncach REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(found != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); Modified: vendor/bind9/dist/lib/dns/rbtdb.c ============================================================================== --- vendor/bind9/dist/lib/dns/rbtdb.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/rbtdb.c Tue Jul 5 19:37:48 2011 (r223803) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.270.12.26 2010-12-02 05:09:58 marka Exp $ */ +/* $Id: rbtdb.c,v 1.270.12.26.4.1 2011-06-21 20:13:23 each Exp $ */ /*! \file */ @@ -278,6 +278,7 @@ typedef ISC_LIST(dns_rbtnode_t) #define RDATASET_ATTR_RESIGN 0x0020 #define RDATASET_ATTR_STATCOUNT 0x0040 #define RDATASET_ATTR_OPTOUT 0x0080 +#define RDATASET_ATTR_NEGATIVE 0x0100 typedef struct acache_cbarg { dns_rdatasetadditional_t type; @@ -316,6 +317,8 @@ struct acachectl { (((header)->attributes & RDATASET_ATTR_RESIGN) != 0) #define OPTOUT(header) \ (((header)->attributes & RDATASET_ATTR_OPTOUT) != 0) +#define NEGATIVE(header) \ + (((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0) #define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */ @@ -391,12 +394,15 @@ typedef ISC_LIST(rbtdb_version_t) typedef struct { /* Unlocked. */ dns_db_t common; + /* Locks the data in this struct */ #if DNS_RBTDB_USERWLOCK isc_rwlock_t lock; #else isc_mutex_t lock; #endif + /* Locks the tree structure (prevents nodes appearing/disappearing) */ isc_rwlock_t tree_lock; + /* Locks for individual tree nodes */ unsigned int node_lock_count; rbtdb_nodelock_t * node_locks; dns_rbtnode_t * origin_node; @@ -689,11 +695,13 @@ update_rrsetstats(dns_rbtdb_t *rbtdb, rd /* At the moment we count statistics only for cache DB */ INSIST(IS_CACHE(rbtdb)); - if (NXDOMAIN(header)) - statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN; - else if (RBTDB_RDATATYPE_BASE(header->type) == 0) { - statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET; - base = RBTDB_RDATATYPE_EXT(header->type); + if (NEGATIVE(header)) { + if (NXDOMAIN(header)) + statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN; + else { + statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET; + base = RBTDB_RDATATYPE_EXT(header->type); + } } else base = RBTDB_RDATATYPE_BASE(header->type); @@ -2727,6 +2735,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rb rdataset->covers = RBTDB_RDATATYPE_EXT(header->type); rdataset->ttl = header->rdh_ttl - now; rdataset->trust = header->trust; + if (NEGATIVE(header)) + rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE; if (NXDOMAIN(header)) rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN; if (OPTOUT(header)) @@ -4636,7 +4646,7 @@ cache_find(dns_db_t *db, dns_name_t *nam *nodep = node; } - if (RBTDB_RDATATYPE_BASE(found->type) == 0) { + if (NEGATIVE(found)) { /* * We found a negative cache entry. */ @@ -5305,7 +5315,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn if (found == NULL) return (ISC_R_NOTFOUND); - if (RBTDB_RDATATYPE_BASE(found->type) == 0) { + if (NEGATIVE(found)) { /* * We found a negative cache entry. */ @@ -5516,7 +5526,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *r negtype = 0; if (rbtversion == NULL && !newheader_nx) { rdtype = RBTDB_RDATATYPE_BASE(newheader->type); - if (rdtype == 0) { + if (NEGATIVE(newheader)) { /* * We're adding a negative cache entry. */ @@ -6056,6 +6066,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t * } else { newheader->serial = 1; newheader->resign = 0; + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + newheader->attributes |= RDATASET_ATTR_NEGATIVE; if ((rdataset->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) newheader->attributes |= RDATASET_ATTR_NXDOMAIN; if ((rdataset->attributes & DNS_RDATASETATTR_OPTOUT) != 0) @@ -6780,7 +6792,7 @@ getsigningtime(dns_db_t *db, dns_rdatase REQUIRE(VALID_RBTDB(rbtdb)); - RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read); + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); for (i = 0; i < rbtdb->node_lock_count; i++) { NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_read); @@ -6816,7 +6828,7 @@ getsigningtime(dns_db_t *db, dns_rdatase result = ISC_R_SUCCESS; unlock: - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); return (result); } @@ -6838,7 +6850,7 @@ resigned(dns_db_t *db, dns_rdataset_t *r header = rdataset->private3; header--; - RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); NODE_LOCK(&rbtdb->node_locks[node->locknum].lock, isc_rwlocktype_write); /* @@ -6852,7 +6864,7 @@ resigned(dns_db_t *db, dns_rdataset_t *r NODE_UNLOCK(&rbtdb->node_locks[node->locknum].lock, isc_rwlocktype_write); - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); } static dns_stats_t * @@ -7638,7 +7650,7 @@ rdatasetiter_next(dns_rdatasetiter_t *it type = header->type; rdtype = RBTDB_RDATATYPE_BASE(header->type); - if (rdtype == 0) { + if (NEGATIVE(header)) { covers = RBTDB_RDATATYPE_EXT(header->type); negtype = RBTDB_RDATATYPE_VALUE(covers, 0); } else Modified: vendor/bind9/dist/lib/dns/rdataset.c ============================================================================== --- vendor/bind9/dist/lib/dns/rdataset.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/rdataset.c Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.82.50.4.6.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: rdataset.c,v 1.82.50.4.6.3 2011-06-21 20:13:23 each Exp $ */ /*! \file */ @@ -345,7 +345,7 @@ towiresorted(dns_rdataset_t *rdataset, c count = 1; result = dns_rdataset_first(rdataset); INSIST(result == ISC_R_NOMORE); - } else if (rdataset->type == 0) { + } else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { /* * This is a negative caching rdataset. */ Modified: vendor/bind9/dist/lib/dns/resolver.c ============================================================================== --- vendor/bind9/dist/lib/dns/resolver.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/resolver.c Tue Jul 5 19:37:48 2011 (r223803) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.384.14.30 2011-01-27 23:45:47 tbox Exp $ */ +/* $Id: resolver.c,v 1.384.14.30.4.1 2011-06-21 20:13:23 each Exp $ */ /*! \file */ @@ -424,6 +424,7 @@ struct dns_resolver { FCTX_ADDRINFO_TRIED) != 0) #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) +#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) static void destroy(dns_resolver_t *res); static void empty_bucket(dns_resolver_t *res); @@ -1047,7 +1048,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_re * Negative results must be indicated in event->result. */ if (dns_rdataset_isassociated(event->rdataset) && - event->rdataset->type == dns_rdatatype_none) { + NEGATIVE(event->rdataset)) { INSIST(event->result == DNS_R_NCACHENXDOMAIN || event->result == DNS_R_NCACHENXRRSET); } @@ -4177,7 +4178,7 @@ validated(isc_task_t *task, isc_event_t if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) goto noanswer_response; - if (ardataset != NULL && ardataset->type == 0) { + if (ardataset != NULL && NEGATIVE(ardataset)) { if (NXDOMAIN(ardataset)) eresult = DNS_R_NCACHENXDOMAIN; else @@ -4498,7 +4499,7 @@ cache_name(fetchctx_t *fctx, dns_name_t result = ISC_R_SUCCESS; if (!need_validation && ardataset != NULL && - ardataset->type == 0) { + NEGATIVE(ardataset)) { /* * The answer in the cache is * better than the answer we @@ -4628,7 +4629,7 @@ cache_name(fetchctx_t *fctx, dns_name_t if (result == DNS_R_UNCHANGED) { if (ANSWER(rdataset) && ardataset != NULL && - ardataset->type == 0) { + NEGATIVE(ardataset)) { /* * The answer in the cache is better * than the answer we found, and is @@ -4658,7 +4659,7 @@ cache_name(fetchctx_t *fctx, dns_name_t * Negative results must be indicated in event->result. */ if (dns_rdataset_isassociated(event->rdataset) && - event->rdataset->type == dns_rdatatype_none) { + NEGATIVE(event->rdataset)) { INSIST(eresult == DNS_R_NCACHENXDOMAIN || eresult == DNS_R_NCACHENXRRSET); } @@ -4738,7 +4739,7 @@ ncache_adderesult(dns_message_t *message * care about whether it is DNS_R_NCACHENXDOMAIN or * DNS_R_NCACHENXRRSET then extract it. */ - if (ardataset->type == 0) { + if (NEGATIVE(ardataset)) { /* * The cache data is a negative cache entry. */ Modified: vendor/bind9/dist/lib/dns/validator.c ============================================================================== --- vendor/bind9/dist/lib/dns/validator.c Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/lib/dns/validator.c Tue Jul 5 19:37:48 2011 (r223803) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.23.4.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: validator.c,v 1.164.12.23.4.3 2011-06-21 20:13:23 each Exp $ */ #include <config.h> @@ -129,6 +129,8 @@ #define SHUTDOWN(v) (((v)->attributes & VALATTR_SHUTDOWN) != 0) #define CANCELED(v) (((v)->attributes & VALATTR_CANCELED) != 0) +#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + static void destroy(dns_validator_t *val); @@ -733,7 +735,7 @@ dsvalidated(isc_task_t *task, isc_event_ name = dns_fixedname_name(&val->fname); if ((val->attributes & VALATTR_INSECURITY) != 0 && val->frdataset.covers == dns_rdatatype_ds && - val->frdataset.type == 0 && + NEGATIVE(&val->frdataset) && isdelegation(name, &val->frdataset, DNS_R_NCACHENXRRSET)) { if (val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, @@ -3909,7 +3911,7 @@ validator_start(isc_task_t *task, isc_ev val->attributes |= VALATTR_NEEDNODATA; result = nsecvalidate(val, ISC_FALSE); } else if (val->event->rdataset != NULL && - val->event->rdataset->type == 0) + NEGATIVE(val->event->rdataset)) { /* * This is a nonexistence validation. Modified: vendor/bind9/dist/version ============================================================================== --- vendor/bind9/dist/version Tue Jul 5 19:26:58 2011 (r223802) +++ vendor/bind9/dist/version Tue Jul 5 19:37:48 2011 (r223803) @@ -1,4 +1,4 @@ -# $Id: version,v 1.43.12.11.2.2.2.1 2011-05-27 00:19:16 each Exp $ +# $Id: version,v 1.43.12.11.2.2.2.3 2011-06-21 20:35:59 each Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=6 PATCHVER= RELEASETYPE=-ESV -RELEASEVER=-R4-P1 +RELEASEVER=-R4-P3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107051937.p65JbmBe082833>