Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Jun 2012 22:14:33 +0000 (UTC)
From:      Doug Barton <dougb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r236587 - in stable/9/contrib/bind9: . lib/dns
Message-ID:  <201206042214.q54MEXHe070234@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: dougb
Date: Mon Jun  4 22:14:33 2012
New Revision: 236587
URL: http://svn.freebsd.org/changeset/base/236587

Log:
  Upgrade to 9.8.3-P1, the latest from ISC. This version contains
  a critical bugfix:
  
      Processing of DNS resource records where the rdata field is zero length
      may cause various issues for the servers handling them.
  
      Processing of these records may lead to unexpected outcomes. Recursive
      servers may crash or disclose some portion of memory to the client.
      Secondary servers may crash on restart after transferring a zone
      containing these records. Master servers may corrupt zone data if the
      zone option "auto-dnssec" is set to "maintain". Other unexpected
      problems that are not listed here may also be encountered.
  
  All BIND users are strongly encouraged to upgrade.

Modified:
  stable/9/contrib/bind9/CHANGES
  stable/9/contrib/bind9/lib/dns/rdata.c
  stable/9/contrib/bind9/lib/dns/rdataslab.c
  stable/9/contrib/bind9/version
Directory Properties:
  stable/9/contrib/bind9/   (props changed)

Modified: stable/9/contrib/bind9/CHANGES
==============================================================================
--- stable/9/contrib/bind9/CHANGES	Mon Jun  4 22:11:20 2012	(r236586)
+++ stable/9/contrib/bind9/CHANGES	Mon Jun  4 22:14:33 2012	(r236587)
@@ -1,3 +1,8 @@
+	--- 9.8.3-P1 released ---
+
+3331.	[security]	dns_rdataslab_fromrdataset could produce bad
+			rdataslabs. [RT #29644]
+			
 	--- 9.8.3 released ---
 
 3318.	[tuning]	Reduce the amount of work performed while holding a

Modified: stable/9/contrib/bind9/lib/dns/rdata.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/rdata.c	Mon Jun  4 22:11:20 2012	(r236586)
+++ stable/9/contrib/bind9/lib/dns/rdata.c	Mon Jun  4 22:14:33 2012	(r236587)
@@ -329,8 +329,8 @@ dns_rdata_compare(const dns_rdata_t *rda
 
 	REQUIRE(rdata1 != NULL);
 	REQUIRE(rdata2 != NULL);
-	REQUIRE(rdata1->data != NULL);
-	REQUIRE(rdata2->data != NULL);
+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 
@@ -360,8 +360,8 @@ dns_rdata_casecompare(const dns_rdata_t 
 
 	REQUIRE(rdata1 != NULL);
 	REQUIRE(rdata2 != NULL);
-	REQUIRE(rdata1->data != NULL);
-	REQUIRE(rdata2->data != NULL);
+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 

Modified: stable/9/contrib/bind9/lib/dns/rdataslab.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/rdataslab.c	Mon Jun  4 22:11:20 2012	(r236586)
+++ stable/9/contrib/bind9/lib/dns/rdataslab.c	Mon Jun  4 22:14:33 2012	(r236587)
@@ -126,6 +126,11 @@ isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, unsigned int reservelen)
 {
+	/*
+	 * Use &removed as a sentinal pointer for duplicate
+	 * rdata as rdata.data == NULL is valid.
+	 */
+	static unsigned char removed;
 	struct xrdata  *x;
 	unsigned char  *rawbuf;
 #if DNS_RDATASET_FIXED
@@ -169,6 +174,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 		INSIST(result == ISC_R_SUCCESS);
 		dns_rdata_init(&x[i].rdata);
 		dns_rdataset_current(rdataset, &x[i].rdata);
+		INSIST(x[i].rdata.data != &removed);
 #if DNS_RDATASET_FIXED
 		x[i].order = i;
 #endif
@@ -201,8 +207,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 	 */
 	for (i = 1; i < nalloc; i++) {
 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
-			x[i-1].rdata.data = NULL;
-			x[i-1].rdata.length = 0;
+			x[i-1].rdata.data = &removed;
 #if DNS_RDATASET_FIXED
 			/*
 			 * Preserve the least order so A, B, A -> A, B
@@ -292,7 +297,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 #endif
 
 	for (i = 0; i < nalloc; i++) {
-		if (x[i].rdata.data == NULL)
+		if (x[i].rdata.data == &removed)
 			continue;
 #if DNS_RDATASET_FIXED
 		offsettable[x[i].order] = rawbuf - offsetbase;

Modified: stable/9/contrib/bind9/version
==============================================================================
--- stable/9/contrib/bind9/version	Mon Jun  4 22:11:20 2012	(r236586)
+++ stable/9/contrib/bind9/version	Mon Jun  4 22:14:33 2012	(r236587)
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=8
 PATCHVER=3
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206042214.q54MEXHe070234>