Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Jul 2011 00:50:55 +0000 (UTC)
From:      Doug Barton <dougb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r223815 - in stable/8/contrib/bind9: . bin/named lib/dns lib/dns/include/dns
Message-ID:  <201107060050.p660otTN092598@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: dougb
Date: Wed Jul  6 00:50:54 2011
New Revision: 223815
URL: http://svn.freebsd.org/changeset/base/223815

Log:
  Update to version 9.6-ESV-R4-P3
  
  ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
  
  This update addresses the following vulnerability:
  
  CVE-2011-2464
  =============
  Severity:	High
  Exploitable:	Remotely
  
  Description:
  
  A defect in the affected BIND 9 versions allows an attacker to remotely
  cause the "named" process to exit using a specially crafted packet. This
  defect affects both recursive and authoritative servers. The code location
  of the defect makes it impossible to protect BIND using ACLs configured
  within named.conf or by disabling any features at compile-time or run-time.
  
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  https://www.isc.org/software/bind/advisories/cve-2011-2464

Modified:
  stable/8/contrib/bind9/CHANGES
  stable/8/contrib/bind9/bin/named/bind9.xsl.h
  stable/8/contrib/bind9/lib/dns/api
  stable/8/contrib/bind9/lib/dns/include/dns/masterdump.h
  stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h
  stable/8/contrib/bind9/lib/dns/masterdump.c
  stable/8/contrib/bind9/lib/dns/message.c
  stable/8/contrib/bind9/lib/dns/ncache.c
  stable/8/contrib/bind9/lib/dns/rbtdb.c
  stable/8/contrib/bind9/lib/dns/rdataset.c
  stable/8/contrib/bind9/lib/dns/resolver.c
  stable/8/contrib/bind9/lib/dns/validator.c
  stable/8/contrib/bind9/version
Directory Properties:
  stable/8/contrib/bind9/   (props changed)

Modified: stable/8/contrib/bind9/CHANGES
==============================================================================
--- stable/8/contrib/bind9/CHANGES	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/CHANGES	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,3 +1,16 @@
+	--- 9.6-ESV-R4-P3 released ---
+
+3124.	[bug]		Use an rdataset attribute flag to indicate
+			negative-cache records rather than using rrtype 0;
+			this will prevent problems when that rrtype is
+			used in actual DNS packets.  [RT #24777]
+
+	--- 9.6-ESV-R4-P2 released (withdrawn) ---
+
+3123.	[security]	Change #2912 exposed a latent flaw in
+			dns_rdataset_totext() that could cause named to
+			crash with an assertion failure. [RT #24777]
+
 	--- 9.6-ESV-R4-P1 released ---
 
 3121.   [security]      An authoritative name server sending a negative

Modified: stable/8/contrib/bind9/bin/named/bind9.xsl.h
==============================================================================
--- stable/8/contrib/bind9/bin/named/bind9.xsl.h	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/bin/named/bind9.xsl.h	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,6 +1,6 @@
 /*
- * Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp  
- * From bind9.xsl 1.19.82.2 2009/01/29 23:47:43 tbox Exp 
+ * Generated by convertxsl.pl 1.14 2008-07-17 23:43:26 jinmei Exp  
+ * From bind9.xsl 1.19.82.2 2009-01-29 23:47:43 tbox Exp 
  */
 static char xslmsg[] =
 	"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
@@ -20,7 +20,7 @@ static char xslmsg[] =
 	" - PERFORMANCE OF THIS SOFTWARE.\n"
 	"-->\n"
 	"\n"
-	"<!-- \045Id: bind9.xsl,v 1.19.82.2 2009/01/29 23:47:43 tbox Exp \045 -->\n"
+	"<!-- \045Id: bind9.xsl,v 1.19.82.2 2009-01-29 23:47:43 tbox Exp \045 -->\n"
 	"\n"
 	"<xsl:stylesheet version=\"1.0\"\n"
 	" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n"

Modified: stable/8/contrib/bind9/lib/dns/api
==============================================================================
--- stable/8/contrib/bind9/lib/dns/api	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/api	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,3 +1,3 @@
 LIBINTERFACE = 59
-LIBREVISION = 4
+LIBREVISION = 5
 LIBAGE = 1

Modified: stable/8/contrib/bind9/lib/dns/include/dns/masterdump.h
==============================================================================
--- stable/8/contrib/bind9/lib/dns/include/dns/masterdump.h	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/include/dns/masterdump.h	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: masterdump.h,v 1.42.602.1 2011-05-27 00:19:19 each Exp $ */
+/* $Id: masterdump.h,v 1.42.602.2 2011-06-02 23:46:22 tbox Exp $ */
 
 #ifndef DNS_MASTERDUMP_H
 #define DNS_MASTERDUMP_H 1

Modified: stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h
==============================================================================
--- stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rdataset.h,v 1.65.50.4.6.1 2011-05-27 00:19:19 each Exp $ */
+/* $Id: rdataset.h,v 1.65.50.4.6.3 2011-06-21 20:13:23 each Exp $ */
 
 #ifndef DNS_RDATASET_H
 #define DNS_RDATASET_H 1
@@ -203,6 +203,7 @@ struct dns_rdataset {
 #define DNS_RDATASETATTR_RESIGN		0x00040000
 #define DNS_RDATASETATTR_CLOSEST	0x00080000
 #define DNS_RDATASETATTR_OPTOUT		0x00100000	/*%< OPTOUT proof */
+#define DNS_RDATASETATTR_NEGATIVE	0x00200000
 
 /*%
  * _OMITDNSSEC:

Modified: stable/8/contrib/bind9/lib/dns/masterdump.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/masterdump.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/masterdump.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: masterdump.c,v 1.94.50.3.18.1 2011-05-27 00:19:19 each Exp $ */
+/* $Id: masterdump.c,v 1.94.50.3.18.3 2011-06-21 20:13:22 each Exp $ */
 
 /*! \file */
 
@@ -356,6 +356,7 @@ rdataset_totext(dns_rdataset_t *rdataset
 	isc_uint32_t current_ttl;
 	isc_boolean_t current_ttl_valid;
 	dns_rdatatype_t type;
+	unsigned int type_start;
 
 	REQUIRE(DNS_RDATASET_VALID(rdataset));
 
@@ -437,29 +438,26 @@ rdataset_totext(dns_rdataset_t *rdataset
 		 * Type.
 		 */
 
-		if (rdataset->type == 0) {
+		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
 			type = rdataset->covers;
 		} else {
 			type = rdataset->type;
 		}
 
-		{
-			unsigned int type_start;
-			INDENT_TO(type_column);
-			type_start = target->used;
-			if (rdataset->type == 0)
-				RETERR(str_totext("\\-", target));
-			result = dns_rdatatype_totext(type, target);
-			if (result != ISC_R_SUCCESS)
-				return (result);
-			column += (target->used - type_start);
-		}
+		INDENT_TO(type_column);
+		type_start = target->used;
+		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
+			RETERR(str_totext("\\-", target));
+		result = dns_rdatatype_totext(type, target);
+		if (result != ISC_R_SUCCESS)
+			return (result);
+		column += (target->used - type_start);
 
 		/*
 		 * Rdata.
 		 */
 		INDENT_TO(rdata_column);
-		if (rdataset->type == 0) {
+		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
 			if (NXDOMAIN(rdataset))
 				RETERR(str_totext(";-$NXDOMAIN\n", target));
 			else
@@ -814,7 +812,7 @@ dump_rdatasets_text(isc_mem_t *mctx, dns
 		if (ctx->style.flags & DNS_STYLEFLAG_TRUST) {
 			fprintf(f, "; %s\n", dns_trust_totext(rds->trust));
 		}
-		if (rds->type == 0 &&
+		if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) &&
 		    (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
 			/* Omit negative cache entries */
 		} else {
@@ -979,7 +977,7 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_
 		dns_rdataset_init(&rdataset);
 		dns_rdatasetiter_current(rdsiter, &rdataset);
 
-		if (rdataset.type == 0 &&
+		if (((rdataset.attributes & DNS_RDATASETATTR_NEGATIVE) != 0) &&
 		    (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
 			/* Omit negative cache entries */
 		} else {

Modified: stable/8/contrib/bind9/lib/dns/message.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/message.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/message.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.245.50.7 2010-06-03 05:29:03 marka Exp $ */
+/* $Id: message.c,v 1.245.50.7.6.3 2011-06-21 20:13:22 each Exp $ */
 
 /*! \file */
 
@@ -2469,7 +2469,7 @@ dns_message_peekheader(isc_buffer_t *sou
 
 isc_result_t
 dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) {
-	unsigned int first_section;
+	unsigned int clear_after;
 	isc_result_t result;
 
 	REQUIRE(DNS_MESSAGE_VALID(msg));
@@ -2481,15 +2481,15 @@ dns_message_reply(dns_message_t *msg, is
 	    msg->opcode != dns_opcode_notify)
 		want_question_section = ISC_FALSE;
 	if (msg->opcode == dns_opcode_update)
-		first_section = DNS_SECTION_ADDITIONAL;
+		clear_after = DNS_SECTION_PREREQUISITE;
 	else if (want_question_section) {
 		if (!msg->question_ok)
 			return (DNS_R_FORMERR);
-		first_section = DNS_SECTION_ANSWER;
+		clear_after = DNS_SECTION_ANSWER;
 	} else
-		first_section = DNS_SECTION_QUESTION;
+		clear_after = DNS_SECTION_QUESTION;
 	msg->from_to_wire = DNS_MESSAGE_INTENTRENDER;
-	msgresetnames(msg, first_section);
+	msgresetnames(msg, clear_after);
 	msgresetopt(msg);
 	msgresetsigs(msg, ISC_TRUE);
 	msginitprivate(msg);

Modified: stable/8/contrib/bind9/lib/dns/ncache.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/ncache.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/ncache.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2008, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ncache.c,v 1.43.48.7.6.1 2011-05-27 00:19:19 each Exp $ */
+/* $Id: ncache.c,v 1.43.48.7.6.3 2011-06-21 20:13:22 each Exp $ */
 
 /*! \file */
 
@@ -294,6 +294,7 @@ dns_ncache_addoptout(dns_message_t *mess
 	RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset)
 		      == ISC_R_SUCCESS);
 	ncrdataset.trust = trust;
+	ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE;
 	if (message->rcode == dns_rcode_nxdomain)
 		ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN;
 	if (optout)
@@ -324,6 +325,7 @@ dns_ncache_towire(dns_rdataset_t *rdatas
 
 	REQUIRE(rdataset != NULL);
 	REQUIRE(rdataset->type == 0);
+	REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
 
 	savedbuffer = *target;
 	count = 0;
@@ -552,6 +554,7 @@ dns_ncache_getrdataset(dns_rdataset_t *n
 
 	REQUIRE(ncacherdataset != NULL);
 	REQUIRE(ncacherdataset->type == 0);
+	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
 	REQUIRE(name != NULL);
 	REQUIRE(!dns_rdataset_isassociated(rdataset));
 	REQUIRE(type != dns_rdatatype_rrsig);
@@ -628,6 +631,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t
 
 	REQUIRE(ncacherdataset != NULL);
 	REQUIRE(ncacherdataset->type == 0);
+	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
 	REQUIRE(name != NULL);
 	REQUIRE(!dns_rdataset_isassociated(rdataset));
 
@@ -727,6 +731,7 @@ dns_ncache_current(dns_rdataset_t *ncach
 
 	REQUIRE(ncacherdataset != NULL);
 	REQUIRE(ncacherdataset->type == 0);
+	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
 	REQUIRE(found != NULL);
 	REQUIRE(!dns_rdataset_isassociated(rdataset));
 

Modified: stable/8/contrib/bind9/lib/dns/rbtdb.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/rbtdb.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/rbtdb.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.270.12.26 2010-12-02 05:09:58 marka Exp $ */
+/* $Id: rbtdb.c,v 1.270.12.26.4.1 2011-06-21 20:13:23 each Exp $ */
 
 /*! \file */
 
@@ -278,6 +278,7 @@ typedef ISC_LIST(dns_rbtnode_t)         
 #define RDATASET_ATTR_RESIGN            0x0020
 #define RDATASET_ATTR_STATCOUNT         0x0040
 #define RDATASET_ATTR_OPTOUT		0x0080
+#define RDATASET_ATTR_NEGATIVE          0x0100
 
 typedef struct acache_cbarg {
 	dns_rdatasetadditional_t        type;
@@ -316,6 +317,8 @@ struct acachectl {
 	(((header)->attributes & RDATASET_ATTR_RESIGN) != 0)
 #define OPTOUT(header) \
 	(((header)->attributes & RDATASET_ATTR_OPTOUT) != 0)
+#define NEGATIVE(header) \
+	(((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0)
 
 #define DEFAULT_NODE_LOCK_COUNT         7       /*%< Should be prime. */
 
@@ -391,12 +394,15 @@ typedef ISC_LIST(rbtdb_version_t)       
 typedef struct {
 	/* Unlocked. */
 	dns_db_t                        common;
+	/* Locks the data in this struct */
 #if DNS_RBTDB_USERWLOCK
 	isc_rwlock_t                    lock;
 #else
 	isc_mutex_t                     lock;
 #endif
+	/* Locks the tree structure (prevents nodes appearing/disappearing) */
 	isc_rwlock_t                    tree_lock;
+	/* Locks for individual tree nodes */
 	unsigned int                    node_lock_count;
 	rbtdb_nodelock_t *              node_locks;
 	dns_rbtnode_t *                 origin_node;
@@ -689,11 +695,13 @@ update_rrsetstats(dns_rbtdb_t *rbtdb, rd
 	/* At the moment we count statistics only for cache DB */
 	INSIST(IS_CACHE(rbtdb));
 
-	if (NXDOMAIN(header))
-		statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;
-	else if (RBTDB_RDATATYPE_BASE(header->type) == 0) {
-		statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;
-		base = RBTDB_RDATATYPE_EXT(header->type);
+	if (NEGATIVE(header)) {
+		if (NXDOMAIN(header))
+			statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;
+		else {
+			statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;
+			base = RBTDB_RDATATYPE_EXT(header->type);
+		}
 	} else
 		base = RBTDB_RDATATYPE_BASE(header->type);
 
@@ -2727,6 +2735,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rb
 	rdataset->covers = RBTDB_RDATATYPE_EXT(header->type);
 	rdataset->ttl = header->rdh_ttl - now;
 	rdataset->trust = header->trust;
+	if (NEGATIVE(header))
+		rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE;
 	if (NXDOMAIN(header))
 		rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN;
 	if (OPTOUT(header))
@@ -4636,7 +4646,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
 		*nodep = node;
 	}
 
-	if (RBTDB_RDATATYPE_BASE(found->type) == 0) {
+	if (NEGATIVE(found)) {
 		/*
 		 * We found a negative cache entry.
 		 */
@@ -5305,7 +5315,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
 	if (found == NULL)
 		return (ISC_R_NOTFOUND);
 
-	if (RBTDB_RDATATYPE_BASE(found->type) == 0) {
+	if (NEGATIVE(found)) {
 		/*
 		 * We found a negative cache entry.
 		 */
@@ -5516,7 +5526,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *r
 	negtype = 0;
 	if (rbtversion == NULL && !newheader_nx) {
 		rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
-		if (rdtype == 0) {
+		if (NEGATIVE(newheader)) {
 			/*
 			 * We're adding a negative cache entry.
 			 */
@@ -6056,6 +6066,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *
 	} else {
 		newheader->serial = 1;
 		newheader->resign = 0;
+		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
+			newheader->attributes |= RDATASET_ATTR_NEGATIVE;
 		if ((rdataset->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
 			newheader->attributes |= RDATASET_ATTR_NXDOMAIN;
 		if ((rdataset->attributes & DNS_RDATASETATTR_OPTOUT) != 0)
@@ -6780,7 +6792,7 @@ getsigningtime(dns_db_t *db, dns_rdatase
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
+	RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
 
 	for (i = 0; i < rbtdb->node_lock_count; i++) {
 		NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_read);
@@ -6816,7 +6828,7 @@ getsigningtime(dns_db_t *db, dns_rdatase
 	result = ISC_R_SUCCESS;
 
  unlock:
-	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read);
+	RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
 
 	return (result);
 }
@@ -6838,7 +6850,7 @@ resigned(dns_db_t *db, dns_rdataset_t *r
 	header = rdataset->private3;
 	header--;
 
-	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
+	RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
 	NODE_LOCK(&rbtdb->node_locks[node->locknum].lock,
 		  isc_rwlocktype_write);
 	/*
@@ -6852,7 +6864,7 @@ resigned(dns_db_t *db, dns_rdataset_t *r
 
 	NODE_UNLOCK(&rbtdb->node_locks[node->locknum].lock,
 		    isc_rwlocktype_write);
-	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
+	RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
 }
 
 static dns_stats_t *
@@ -7638,7 +7650,7 @@ rdatasetiter_next(dns_rdatasetiter_t *it
 
 	type = header->type;
 	rdtype = RBTDB_RDATATYPE_BASE(header->type);
-	if (rdtype == 0) {
+	if (NEGATIVE(header)) {
 		covers = RBTDB_RDATATYPE_EXT(header->type);
 		negtype = RBTDB_RDATATYPE_VALUE(covers, 0);
 	} else

Modified: stable/8/contrib/bind9/lib/dns/rdataset.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/rdataset.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/rdataset.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rdataset.c,v 1.82.50.4.6.1 2011-05-27 00:19:19 each Exp $ */
+/* $Id: rdataset.c,v 1.82.50.4.6.3 2011-06-21 20:13:23 each Exp $ */
 
 /*! \file */
 
@@ -345,7 +345,7 @@ towiresorted(dns_rdataset_t *rdataset, c
 		count = 1;
 		result = dns_rdataset_first(rdataset);
 		INSIST(result == ISC_R_NOMORE);
-	} else if (rdataset->type == 0) {
+	} else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
 		/*
 		 * This is a negative caching rdataset.
 		 */

Modified: stable/8/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/resolver.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/resolver.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.384.14.30 2011-01-27 23:45:47 tbox Exp $ */
+/* $Id: resolver.c,v 1.384.14.30.4.1 2011-06-21 20:13:23 each Exp $ */
 
 /*! \file */
 
@@ -424,6 +424,7 @@ struct dns_resolver {
 					 FCTX_ADDRINFO_TRIED) != 0)
 
 #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
+#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
 
 static void destroy(dns_resolver_t *res);
 static void empty_bucket(dns_resolver_t *res);
@@ -1047,7 +1048,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_re
 		 * Negative results must be indicated in event->result.
 		 */
 		if (dns_rdataset_isassociated(event->rdataset) &&
-		    event->rdataset->type == dns_rdatatype_none) {
+		    NEGATIVE(event->rdataset)) {
 			INSIST(event->result == DNS_R_NCACHENXDOMAIN ||
 			       event->result == DNS_R_NCACHENXRRSET);
 		}
@@ -4177,7 +4178,7 @@ validated(isc_task_t *task, isc_event_t 
 	if (result != ISC_R_SUCCESS &&
 	    result != DNS_R_UNCHANGED)
 		goto noanswer_response;
-	if (ardataset != NULL && ardataset->type == 0) {
+	if (ardataset != NULL && NEGATIVE(ardataset)) {
 		if (NXDOMAIN(ardataset))
 			eresult = DNS_R_NCACHENXDOMAIN;
 		else
@@ -4498,7 +4499,7 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 					result = ISC_R_SUCCESS;
 					if (!need_validation &&
 					    ardataset != NULL &&
-					    ardataset->type == 0) {
+					    NEGATIVE(ardataset)) {
 						/*
 						 * The answer in the cache is
 						 * better than the answer we
@@ -4628,7 +4629,7 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 			if (result == DNS_R_UNCHANGED) {
 				if (ANSWER(rdataset) &&
 				    ardataset != NULL &&
-				    ardataset->type == 0) {
+				    NEGATIVE(ardataset)) {
 					/*
 					 * The answer in the cache is better
 					 * than the answer we found, and is
@@ -4658,7 +4659,7 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 			 * Negative results must be indicated in event->result.
 			 */
 			if (dns_rdataset_isassociated(event->rdataset) &&
-			    event->rdataset->type == dns_rdatatype_none) {
+			    NEGATIVE(event->rdataset)) {
 				INSIST(eresult == DNS_R_NCACHENXDOMAIN ||
 				       eresult == DNS_R_NCACHENXRRSET);
 			}
@@ -4738,7 +4739,7 @@ ncache_adderesult(dns_message_t *message
 		 * care about whether it is DNS_R_NCACHENXDOMAIN or
 		 * DNS_R_NCACHENXRRSET then extract it.
 		 */
-		if (ardataset->type == 0) {
+		if (NEGATIVE(ardataset)) {
 			/*
 			 * The cache data is a negative cache entry.
 			 */

Modified: stable/8/contrib/bind9/lib/dns/validator.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/validator.c	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/lib/dns/validator.c	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.164.12.23.4.1 2011-05-27 00:19:19 each Exp $ */
+/* $Id: validator.c,v 1.164.12.23.4.3 2011-06-21 20:13:23 each Exp $ */
 
 #include <config.h>
 
@@ -129,6 +129,8 @@
 #define SHUTDOWN(v)		(((v)->attributes & VALATTR_SHUTDOWN) != 0)
 #define CANCELED(v)		(((v)->attributes & VALATTR_CANCELED) != 0)
 
+#define NEGATIVE(r)	(((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
+
 static void
 destroy(dns_validator_t *val);
 
@@ -733,7 +735,7 @@ dsvalidated(isc_task_t *task, isc_event_
 		name = dns_fixedname_name(&val->fname);
 		if ((val->attributes & VALATTR_INSECURITY) != 0 &&
 		    val->frdataset.covers == dns_rdatatype_ds &&
-		    val->frdataset.type == 0 &&
+		    NEGATIVE(&val->frdataset) &&
 		    isdelegation(name, &val->frdataset, DNS_R_NCACHENXRRSET)) {
 			if (val->mustbesecure) {
 				validator_log(val, ISC_LOG_WARNING,
@@ -3909,7 +3911,7 @@ validator_start(isc_task_t *task, isc_ev
 			val->attributes |= VALATTR_NEEDNODATA;
 		result = nsecvalidate(val, ISC_FALSE);
 	} else if (val->event->rdataset != NULL &&
-		    val->event->rdataset->type == 0)
+		    NEGATIVE(val->event->rdataset))
 	{
 		/*
 		 * This is a nonexistence validation.

Modified: stable/8/contrib/bind9/version
==============================================================================
--- stable/8/contrib/bind9/version	Wed Jul  6 00:50:27 2011	(r223814)
+++ stable/8/contrib/bind9/version	Wed Jul  6 00:50:54 2011	(r223815)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.11.2.2.2.1 2011-05-27 00:19:16 each Exp $
+# $Id: version,v 1.43.12.11.2.2.2.3 2011-06-21 20:35:59 each Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=6
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R4-P1
+RELEASEVER=-R4-P3



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107060050.p660otTN092598>