Author: erwin
Date: Mon Dec 17 10:58:24 2012
New Revision: 244353
URL: http://svnweb.freebsd.org/changeset/base/244353
Log:
Vendor import of Bind 9.6-ESV-R8
Approved by: delphij (mentor)
Sponsored by: DK Hostmaster A/S
Modified:
vendor/bind9/dist-9.6/CHANGES
vendor/bind9/dist-9.6/README
vendor/bind9/dist-9.6/bin/check/check-tool.c
vendor/bind9/dist-9.6/bin/dig/nslookup.c
vendor/bind9/dist-9.6/bin/dnssec/dnssec-signzone.c
vendor/bind9/dist-9.6/bin/named/controlconf.c
vendor/bind9/dist-9.6/bin/named/convertxsl.pl
vendor/bind9/dist-9.6/bin/named/statschannel.c
vendor/bind9/dist-9.6/bin/nsupdate/nsupdate.c
vendor/bind9/dist-9.6/configure.in
vendor/bind9/dist-9.6/doc/Makefile.in
vendor/bind9/dist-9.6/doc/arm/Bv9ARM-book.xml
vendor/bind9/dist-9.6/doc/arm/Bv9ARM.ch06.html
vendor/bind9/dist-9.6/doc/arm/Bv9ARM.pdf
vendor/bind9/dist-9.6/doc/misc/format-options.pl
vendor/bind9/dist-9.6/doc/misc/sort-options.pl
vendor/bind9/dist-9.6/isc-config.sh.in
vendor/bind9/dist-9.6/lib/Makefile.in
vendor/bind9/dist-9.6/lib/bind9/api
vendor/bind9/dist-9.6/lib/bind9/check.c
vendor/bind9/dist-9.6/lib/bind9/include/Makefile.in
vendor/bind9/dist-9.6/lib/bind9/include/bind9/Makefile.in
vendor/bind9/dist-9.6/lib/dns/adb.c
vendor/bind9/dist-9.6/lib/dns/api
vendor/bind9/dist-9.6/lib/dns/dnssec.c
vendor/bind9/dist-9.6/lib/dns/dst_openssl.h
vendor/bind9/dist-9.6/lib/dns/dst_parse.c
vendor/bind9/dist-9.6/lib/dns/dst_result.c
vendor/bind9/dist-9.6/lib/dns/include/Makefile.in
vendor/bind9/dist-9.6/lib/dns/include/dns/dnssec.h
vendor/bind9/dist-9.6/lib/dns/include/dns/iptable.h
vendor/bind9/dist-9.6/lib/dns/include/dns/log.h
vendor/bind9/dist-9.6/lib/dns/include/dns/stats.h
vendor/bind9/dist-9.6/lib/dns/include/dns/zone.h
vendor/bind9/dist-9.6/lib/dns/include/dst/Makefile.in
vendor/bind9/dist-9.6/lib/dns/include/dst/result.h
vendor/bind9/dist-9.6/lib/dns/log.c
vendor/bind9/dist-9.6/lib/dns/master.c
vendor/bind9/dist-9.6/lib/dns/masterdump.c
vendor/bind9/dist-9.6/lib/dns/openssl_link.c
vendor/bind9/dist-9.6/lib/dns/openssldh_link.c
vendor/bind9/dist-9.6/lib/dns/openssldsa_link.c
vendor/bind9/dist-9.6/lib/dns/opensslrsa_link.c
vendor/bind9/dist-9.6/lib/dns/rbtdb.c
vendor/bind9/dist-9.6/lib/dns/rdata.c
vendor/bind9/dist-9.6/lib/dns/spnego_asn1.pl
vendor/bind9/dist-9.6/lib/dns/zone.c
vendor/bind9/dist-9.6/lib/isc/alpha/Makefile.in
vendor/bind9/dist-9.6/lib/isc/alpha/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/alpha/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/api
vendor/bind9/dist-9.6/lib/isc/ia64/Makefile.in
vendor/bind9/dist-9.6/lib/isc/ia64/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/ia64/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/ia64/include/isc/atomic.h
vendor/bind9/dist-9.6/lib/isc/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/include/isc/file.h
vendor/bind9/dist-9.6/lib/isc/mem.c
vendor/bind9/dist-9.6/lib/isc/mips/Makefile.in
vendor/bind9/dist-9.6/lib/isc/mips/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/mips/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/noatomic/Makefile.in
vendor/bind9/dist-9.6/lib/isc/noatomic/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/noatomic/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/nothreads/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/nothreads/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/powerpc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/powerpc/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/powerpc/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/pthreads/condition.c
vendor/bind9/dist-9.6/lib/isc/pthreads/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/pthreads/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/sparc64/Makefile.in
vendor/bind9/dist-9.6/lib/isc/sparc64/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/sparc64/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/unix/file.c
vendor/bind9/dist-9.6/lib/isc/unix/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/unix/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/x86_32/Makefile.in
vendor/bind9/dist-9.6/lib/isc/x86_32/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/x86_32/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isc/x86_64/Makefile.in
vendor/bind9/dist-9.6/lib/isc/x86_64/include/Makefile.in
vendor/bind9/dist-9.6/lib/isc/x86_64/include/isc/Makefile.in
vendor/bind9/dist-9.6/lib/isccc/api
vendor/bind9/dist-9.6/lib/isccc/cc.c
vendor/bind9/dist-9.6/lib/isccc/include/Makefile.in
vendor/bind9/dist-9.6/lib/isccc/include/isccc/Makefile.in
vendor/bind9/dist-9.6/lib/isccfg/include/Makefile.in
vendor/bind9/dist-9.6/lib/isccfg/include/isccfg/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/api
vendor/bind9/dist-9.6/lib/lwres/getaddrinfo.c
vendor/bind9/dist-9.6/lib/lwres/include/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/include/lwres/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/man/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/unix/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/unix/include/Makefile.in
vendor/bind9/dist-9.6/lib/lwres/unix/include/lwres/Makefile.in
vendor/bind9/dist-9.6/make/rules.in
vendor/bind9/dist-9.6/version
Modified: vendor/bind9/dist-9.6/CHANGES
==============================================================================
--- vendor/bind9/dist-9.6/CHANGES Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/CHANGES Mon Dec 17 10:58:24 2012
(r244353)
@@ -1,33 +1,87 @@
- --- 9.6-ESV-R7-P4 released ---
+ --- 9.6-ESV-R8 released ---
3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
- --- 9.6-ESV-R7-P3 released ---
+3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
-3358 [bug] Fix declaration of fatal in bin/named/server.c
+ --- 9.6-ESV-R8rc1 released ---
+
+3369. [bug] nsupdate terminated unexpectedly in interactive mode
+ if built with readline support. [RT #29550]
+
+3368. [bug] <dns/iptable.h> and <dns/zone.h> were not C++ safe.
+
+3366. [bug] Fixed Read-After-Write dependency violation for IA64
+ atomic operations. [RT #25181]
+
+3365. [bug] Removed spurious newlines from log messages in
+ zone.c [RT #30675]
+
+3362. [bug] Setting some option values to 0 in named.conf
+ could trigger an assertion failure on startup.
+ [RT #27730]
+
+3360. [bug] 'host -w' could die. [RT #18723]
+
+3359. [bug] An improperly-formed TSIG secret could cause a
+ memory leak. [RT #30607]
+
+3358. [bug] Fix declaration of fatal in bin/named/server.c
and bin/nsupdate/main.c. [RT #30522]
- --- 9.6-ESV-R7-P2 released ---
+3357. [port] Add support for libxml2-2.8.x [RT #30440]
+
+ --- 9.6-ESV-R8b1 released ---
+
+3354. [func] Improve OpenSSL error logging. [RT #29932]
+
+3352. [bug] Ensure that learned server attributes timeout of the
+ adb cache. [RT #29856]
+
+3350. [bug] Memory read overrun in isc___mem_reallocate if
+ ISC_MEM_DEBUGCTX memory debugging flag is set.
+ [RT #30240]
+
+3348. [bug] Prevent RRSIG data from being cached if a negative
+ record matching the covering type exists at a higher
+ trust level. Such data already can't be retrieved from
+ the cache since change 3218 -- this prevents it
+ being inserted into the cache as well. [RT #26809]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
-3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821]
+3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
- --- 9.6-ESV-R7-P1 released ---
+3337. [bug] Change #3294 broke support for the multiple keys
+ in controls. [RT #29694]
+
+3335. [func] nslookup: return a nonzero exit code when unable
+ to get an answer. [RT #29492]
+
+3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
+3329. [bug] Handle RRSIG signer-name case consistently: We
+ generate RRSIG records with the signer-name in
+ lower case. We accept them with any case, but if
+ they fail to validate, we try again in lower case.
+ [RT #27451]
+
+3328. [bug] Fixed inconsistent data checking in dst_parse.c.
+ [RT #29401]
+
--- 9.6-ESV-R7 released ---
3318. [tuning] Reduce the amount of work performed while holding a
Modified: vendor/bind9/dist-9.6/README
==============================================================================
--- vendor/bind9/dist-9.6/README Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/README Mon Dec 17 10:58:24 2012
(r244353)
@@ -48,9 +48,14 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.6-ESV-R8 (Extended Support Version)
+
+ BIND 9.6-ESV-R8 includes several bug fixes and patches security
+ flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
+
BIND 9.6-ESV-R7 (Extended Support Version)
- BIND 9.4-ESV-R7 is a maintenance release, fixing bugs in BIND
+ BIND 9.6-ESV-R7 is a maintenance release, fixing bugs in BIND
9.6-ESV-R6.
BIND 9.6-ESV-R6 (Extended Support Version)
@@ -60,7 +65,7 @@ BIND 9.6-ESV-R6 (Extended Support Versio
BIND 9.6-ESV-R5 (Extended Support Version)
- BIND 9.4-ESV-R5 is a maintenance release, fixing bugs in BIND
+ BIND 9.6-ESV-R5 is a maintenance release, fixing bugs in BIND
9.6-ESV-R4.
BIND 9.6.3/BIND 9.6-ESV-R4
Modified: vendor/bind9/dist-9.6/bin/check/check-tool.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/check/check-tool.c Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/bin/check/check-tool.c Mon Dec 17 10:58:24
2012 (r244353)
@@ -640,6 +640,9 @@ dump_zone(const char *zonename, dns_zone
{
isc_result_t result;
FILE *output = stdout;
+ const char *flags;
+
+ flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
if (debug) {
if (filename != NULL && strcmp(filename, "-") != 0)
@@ -650,7 +653,7 @@ dump_zone(const char *zonename, dns_zone
}
if (filename != NULL && strcmp(filename, "-") != 0) {
- result = isc_stdio_open(filename, "w+", &output);
+ result = isc_stdio_open(filename, flags, &output);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not open output "
Modified: vendor/bind9/dist-9.6/bin/dig/nslookup.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/dig/nslookup.c Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/bin/dig/nslookup.c Mon Dec 17 10:58:24 2012
(r244353)
@@ -57,6 +57,7 @@ static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
static isc_event_t *global_event = NULL;
+static int query_error = 1, print_error = 0;
static char domainopt[DNS_NAME_MAXTEXT];
@@ -406,6 +407,9 @@ isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char servtext[ISC_SOCKADDR_FORMATSIZE];
+ /* I've we've gotten this far, we've reached a server. */
+ query_error = 0;
+
debug("printmessage()");
isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
@@ -433,6 +437,9 @@ printmessage(dig_query_t *query, dns_mes
(msg->rcode != dns_rcode_nxdomain) ? nametext :
query->lookup->textname, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
+
+ /* the lookup failed */
+ print_error |= 1;
return (ISC_R_SUCCESS);
}
@@ -903,5 +910,5 @@ main(int argc, char **argv) {
destroy_libs();
isc_app_finish();
- return (0);
+ return (query_error | print_error);
}
Modified: vendor/bind9/dist-9.6/bin/dnssec/dnssec-signzone.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/dnssec/dnssec-signzone.c Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/bin/dnssec/dnssec-signzone.c Mon Dec 17 10:58:24
2012 (r244353)
@@ -3520,7 +3520,10 @@ main(int argc, char *argv[]) {
check_result(result, "isc_file_mktemplate");
fp = NULL;
- result = isc_file_openunique(tempfile, &fp);
+ if (outputformat == dns_masterformat_text)
+ result = isc_file_openunique(tempfile, &fp);
+ else
+ result = isc_file_bopenunique(tempfile, &fp);
if (result != ISC_R_SUCCESS)
fatal("failed to open temporary output file: %s",
isc_result_totext(result));
Modified: vendor/bind9/dist-9.6/bin/named/controlconf.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/named/controlconf.c Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/bin/named/controlconf.c Mon Dec 17 10:58:24
2012 (r244353)
@@ -373,8 +373,10 @@ control_recvmessage(isc_task_t *task, is
if (result == ISC_R_SUCCESS)
break;
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
- log_invalid(&conn->ccmsg, result);
- goto cleanup;
+ if (result != ISCCC_R_BADAUTH) {
+ log_invalid(&conn->ccmsg, result);
+ goto cleanup;
+ }
}
if (key == NULL) {
Modified: vendor/bind9/dist-9.6/bin/named/convertxsl.pl
==============================================================================
--- vendor/bind9/dist-9.6/bin/named/convertxsl.pl Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/bin/named/convertxsl.pl Mon Dec 17 10:58:24
2012 (r244353)
@@ -1,6 +1,6 @@
#!/usr/bin/env perl
#
-# Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2006-2008, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
Modified: vendor/bind9/dist-9.6/bin/named/statschannel.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/named/statschannel.c Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/bin/named/statschannel.c Mon Dec 17 10:58:24
2012 (r244353)
@@ -84,16 +84,19 @@ static const char *nsstats_desc[dns_nsst
static const char *resstats_desc[dns_resstatscounter_max];
static const char *zonestats_desc[dns_zonestatscounter_max];
static const char *sockstats_desc[isc_sockstatscounter_max];
+static const char *dnssecstats_desc[dns_dnssecstats_max];
#ifdef HAVE_LIBXML2
static const char *nsstats_xmldesc[dns_nsstatscounter_max];
static const char *resstats_xmldesc[dns_resstatscounter_max];
static const char *zonestats_xmldesc[dns_zonestatscounter_max];
static const char *sockstats_xmldesc[isc_sockstatscounter_max];
+static const char *dnssecstats_xmldesc[dns_dnssecstats_max];
#else
#define nsstats_xmldesc NULL
#define resstats_xmldesc NULL
#define zonestats_xmldesc NULL
#define sockstats_xmldesc NULL
+#define dnssecstats_xmldesc NULL
#endif /* HAVE_LIBXML2 */
#define TRY0(a) do { xmlrc = (a); if (xmlrc < 0) goto error; } while(0)
@@ -107,6 +110,7 @@ static int nsstats_index[dns_nsstatscoun
static int resstats_index[dns_resstatscounter_max];
static int zonestats_index[dns_zonestatscounter_max];
static int sockstats_index[isc_sockstatscounter_max];
+static int dnssecstats_index[dns_dnssecstats_max];
static inline void
set_desc(int counter, int maxcounter, const char *fdesc, const char **fdescs,
@@ -408,6 +412,33 @@ init_desc(void) {
"FDwatchRecvErr");
INSIST(i == isc_sockstatscounter_max);
+ /* Initialize DNSSEC statistics */
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ dnssecstats_desc[i] = NULL;
+#ifdef HAVE_LIBXML2
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ dnssecstats_xmldesc[i] = NULL;
+#endif
+
+#define SET_DNSSECSTATDESC(counterid, desc, xmldesc) \
+ do { \
+ set_desc(dns_dnssecstats_ ## counterid, \
+ dns_dnssecstats_max, \
+ desc, dnssecstats_desc,\
+ xmldesc, dnssecstats_xmldesc); \
+ dnssecstats_index[i++] = dns_dnssecstats_ ## counterid; \
+ } while (0)
+
+ i = 0;
+ SET_DNSSECSTATDESC(asis, "dnssec validation success with signer "
+ "\"as is\"", "DNSSECasis");
+ SET_DNSSECSTATDESC(downcase, "dnssec validation success with signer "
+ "lower cased", "DNSSECdowncase");
+ SET_DNSSECSTATDESC(wildcard, "dnssec validation of wildcard signature",
+ "DNSSECwild");
+ SET_DNSSECSTATDESC(fail, "dnssec validation failures", "DNSSECfail");
+ INSIST(i == dns_dnssecstats_max);
+
/* Sanity check */
for (i = 0; i < dns_nsstatscounter_max; i++)
INSIST(nsstats_desc[i] != NULL);
@@ -417,6 +448,8 @@ init_desc(void) {
INSIST(zonestats_desc[i] != NULL);
for (i = 0; i < isc_sockstatscounter_max; i++)
INSIST(sockstats_desc[i] != NULL);
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ INSIST(dnssecstats_desc[i] != NULL);
#ifdef HAVE_LIBXML2
for (i = 0; i < dns_nsstatscounter_max; i++)
INSIST(nsstats_xmldesc[i] != NULL);
@@ -426,6 +459,8 @@ init_desc(void) {
INSIST(zonestats_xmldesc[i] != NULL);
for (i = 0; i < isc_sockstatscounter_max; i++)
INSIST(sockstats_xmldesc[i] != NULL);
+ for (i = 0; i < dns_dnssecstats_max; i++)
+ INSIST(dnssecstats_xmldesc[i] != NULL);
#endif
}
Modified: vendor/bind9/dist-9.6/bin/nsupdate/nsupdate.c
==============================================================================
--- vendor/bind9/dist-9.6/bin/nsupdate/nsupdate.c Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/bin/nsupdate/nsupdate.c Mon Dec 17 10:58:24
2012 (r244353)
@@ -1011,7 +1011,7 @@ parse_name(char **cmdlinep, dns_message_
isc_buffer_t source;
word = nsu_strsep(cmdlinep, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read owner name\n");
return (STATUS_SYNTAX);
}
@@ -1044,6 +1044,11 @@ parse_rdata(char **cmdlinep, dns_rdatacl
dns_rdatacallbacks_t callbacks;
isc_result_t result;
+ if (cmdline == NULL) {
+ rdata->flags = DNS_RDATA_UPDATE;
+ return (STATUS_MORE);
+ }
+
while (*cmdline != 0 && isspace((unsigned char)*cmdline))
cmdline++;
@@ -1110,7 +1115,7 @@ make_prereq(char *cmdline, isc_boolean_t
*/
if (isrrset) {
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read class or type\n");
goto failure;
}
@@ -1126,7 +1131,7 @@ make_prereq(char *cmdline, isc_boolean_t
* Now read the type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read type\n");
goto failure;
}
@@ -1200,7 +1205,7 @@ evaluate_prereq(char *cmdline) {
ddebug("evaluate_prereq()");
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read operation code\n");
return (STATUS_SYNTAX);
}
@@ -1229,14 +1234,14 @@ evaluate_server(char *cmdline) {
long port;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read server name\n");
return (STATUS_SYNTAX);
}
server = word;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0)
+ if (word == NULL || *word == 0)
port = DNSDEFAULTPORT;
else {
char *endp;
@@ -1270,14 +1275,14 @@ evaluate_local(char *cmdline) {
struct in6_addr in6;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read server name\n");
return (STATUS_SYNTAX);
}
local = word;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0)
+ if (word == NULL || *word == 0)
port = 0;
else {
char *endp;
@@ -1326,7 +1331,7 @@ evaluate_key(char *cmdline) {
char *n;
namestr = nsu_strsep(&cmdline, " \t\r\n");
- if (*namestr == 0) {
+ if (namestr == NULL || *namestr == 0) {
fprintf(stderr, "could not read key name\n");
return (STATUS_SYNTAX);
}
@@ -1350,7 +1355,7 @@ evaluate_key(char *cmdline) {
}
secretstr = nsu_strsep(&cmdline, "\r\n");
- if (*secretstr == 0) {
+ if (secretstr == NULL || *secretstr == 0) {
fprintf(stderr, "could not read key secret\n");
return (STATUS_SYNTAX);
}
@@ -1391,7 +1396,7 @@ evaluate_zone(char *cmdline) {
isc_result_t result;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read zone name\n");
return (STATUS_SYNTAX);
}
@@ -1418,7 +1423,7 @@ evaluate_realm(char *cmdline) {
char buf[1024];
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (realm != NULL)
isc_mem_free(mctx, realm);
realm = NULL;
@@ -1443,7 +1448,7 @@ evaluate_ttl(char *cmdline) {
isc_uint32_t ttl;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not ttl\n");
return (STATUS_SYNTAX);
}
@@ -1477,7 +1482,7 @@ evaluate_class(char *cmdline) {
dns_rdataclass_t rdclass;
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read class name\n");
return (STATUS_SYNTAX);
}
@@ -1535,7 +1540,7 @@ update_addordelete(char *cmdline, isc_bo
* If it's a delete, ignore a TTL if present (for compatibility).
*/
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (!isdelete) {
fprintf(stderr, "could not read owner ttl\n");
goto failure;
@@ -1576,7 +1581,7 @@ update_addordelete(char *cmdline, isc_bo
*/
word = nsu_strsep(&cmdline, " \t\r\n");
parseclass:
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (isdelete) {
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
@@ -1600,7 +1605,7 @@ update_addordelete(char *cmdline, isc_bo
* Now read the type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
if (isdelete) {
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
@@ -1680,7 +1685,7 @@ evaluate_update(char *cmdline) {
ddebug("evaluate_update()");
word = nsu_strsep(&cmdline, " \t\r\n");
- if (*word == 0) {
+ if (word == NULL || *word == 0) {
fprintf(stderr, "could not read operation code\n");
return (STATUS_SYNTAX);
}
@@ -1770,6 +1775,7 @@ get_next_command(void) {
char cmdlinebuf[MAXCMD];
char *cmdline;
char *word;
+ char *tmp;
ddebug("get_next_command()");
if (interactive) {
@@ -1781,11 +1787,18 @@ get_next_command(void) {
isc_app_unblock();
if (cmdline == NULL)
return (STATUS_QUIT);
+
+ /*
+ * Normalize input by removing any eol.
+ */
+ tmp = cmdline;
+ (void)nsu_strsep(&tmp, "\r\n");
+
word = nsu_strsep(&cmdline, " \t\r\n");
if (feof(input))
return (STATUS_QUIT);
- if (*word == 0)
+ if (word == NULL || *word == 0)
return (STATUS_SEND);
if (word[0] == ';')
return (STATUS_MORE);
Modified: vendor/bind9/dist-9.6/configure.in
==============================================================================
--- vendor/bind9/dist-9.6/configure.in Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/configure.in Mon Dec 17 10:58:24 2012
(r244353)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -1090,7 +1090,7 @@ case "$use_libxml2" in
;;
auto|yes)
case X`(xml2-config --version) 2>/dev/null` in
- X2.[[67]].*)
+ X2.[[678]].*)
libxml2_libs=`xml2-config --libs`
libxml2_cflags=`xml2-config --cflags`
;;
Modified: vendor/bind9/dist-9.6/doc/Makefile.in
==============================================================================
--- vendor/bind9/dist-9.6/doc/Makefile.in Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/doc/Makefile.in Mon Dec 17 10:58:24 2012
(r244353)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: vendor/bind9/dist-9.6/doc/arm/Bv9ARM-book.xml
==============================================================================
--- vendor/bind9/dist-9.6/doc/arm/Bv9ARM-book.xml Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/doc/arm/Bv9ARM-book.xml Mon Dec 17 10:58:24
2012 (r244353)
@@ -9978,7 +9978,7 @@ zone <replaceable>zone_name</replaceable
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
- is specified in the <replacable>identity</replacable>
+ is specified in the <replaceable>identity</replaceable>
field.
</para>
</entry>
@@ -9995,7 +9995,7 @@ zone <replaceable>zone_name</replaceable
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
- <replacable>identity</replacable> field.
+ <replaceable>identity</replaceable> field.
</para>
</entry>
</row>
@@ -10010,7 +10010,7 @@ zone <replaceable>zone_name</replaceable
(host/machine@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
- is specified in the <replacable>identity</replacable>
+ is specified in the <replaceable>identity</replaceable>
field.
</para>
</entry>
@@ -10027,7 +10027,7 @@ zone <replaceable>zone_name</replaceable
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
- <replacable>identity</replacable> field.
+ <replaceable>identity</replaceable> field.
</para>
</entry>
</row>
Modified: vendor/bind9/dist-9.6/doc/arm/Bv9ARM.ch06.html
==============================================================================
--- vendor/bind9/dist-9.6/doc/arm/Bv9ARM.ch06.html Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/doc/arm/Bv9ARM.ch06.html Mon Dec 17 10:58:24
2012 (r244353)
@@ -6255,7 +6255,7 @@ zone <em class="replaceable"><code>zone_
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
- is specified in the <font
color="red"><replacable>identity</replacable></font>
+ is specified in the <em
class="replaceable"><code>identity</code></em>
field.
</p>
</td>
@@ -6273,7 +6273,7 @@ zone <em class="replaceable"><code>zone_
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
- <font
color="red"><replacable>identity</replacable></font> field.
+ <em class="replaceable"><code>identity</code></em>
field.
</p>
</td>
</tr>
@@ -6289,7 +6289,7 @@ zone <em class="replaceable"><code>zone_
(host/machine@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
- is specified in the <font
color="red"><replacable>identity</replacable></font>
+ is specified in the <em
class="replaceable"><code>identity</code></em>
field.
</p>
</td>
@@ -6307,7 +6307,7 @@ zone <em class="replaceable"><code>zone_
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
- <font
color="red"><replacable>identity</replacable></font> field.
+ <em class="replaceable"><code>identity</code></em>
field.
</p>
</td>
</tr>
Modified: vendor/bind9/dist-9.6/doc/arm/Bv9ARM.pdf
==============================================================================
Binary file (source and/or target). No diff available.
Modified: vendor/bind9/dist-9.6/doc/misc/format-options.pl
==============================================================================
--- vendor/bind9/dist-9.6/doc/misc/format-options.pl Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/doc/misc/format-options.pl Mon Dec 17 10:58:24
2012 (r244353)
@@ -1,6 +1,6 @@
#!/usr/bin/perl
#
-# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: vendor/bind9/dist-9.6/doc/misc/sort-options.pl
==============================================================================
--- vendor/bind9/dist-9.6/doc/misc/sort-options.pl Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/doc/misc/sort-options.pl Mon Dec 17 10:58:24
2012 (r244353)
@@ -1,6 +1,6 @@
#!/bin/perl
#
-# Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
Modified: vendor/bind9/dist-9.6/isc-config.sh.in
==============================================================================
--- vendor/bind9/dist-9.6/isc-config.sh.in Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/isc-config.sh.in Mon Dec 17 10:58:24 2012
(r244353)
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: vendor/bind9/dist-9.6/lib/Makefile.in
==============================================================================
--- vendor/bind9/dist-9.6/lib/Makefile.in Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/lib/Makefile.in Mon Dec 17 10:58:24 2012
(r244353)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001, 2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: vendor/bind9/dist-9.6/lib/bind9/api
==============================================================================
--- vendor/bind9/dist-9.6/lib/bind9/api Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/lib/bind9/api Mon Dec 17 10:58:24 2012
(r244353)
@@ -4,5 +4,5 @@
# 9.8: 80-89
# 9.9: 90-109
LIBINTERFACE = 50
-LIBREVISION = 7
+LIBREVISION = 9
LIBAGE = 0
Modified: vendor/bind9/dist-9.6/lib/bind9/check.c
==============================================================================
--- vendor/bind9/dist-9.6/lib/bind9/check.c Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/lib/bind9/check.c Mon Dec 17 10:58:24 2012
(r244353)
@@ -287,10 +287,6 @@ disabled_algorithms(const cfg_obj_t *dis
tresult = dns_secalg_fromtext(&alg, &r);
if (tresult != ISC_R_SUCCESS) {
- isc_uint8_t ui;
- result = isc_parse_uint8(&ui, r.base, 10);
- }
- if (tresult != ISC_R_SUCCESS) {
cfg_obj_log(cfg_listelt_value(element), logctx,
ISC_LOG_ERROR, "invalid algorithm '%s'",
r.base);
@@ -1028,6 +1024,29 @@ typedef struct {
} optionstable;
static isc_result_t
+check_nonzero(const cfg_obj_t *options, isc_log_t *logctx) {
+ isc_result_t result = ISC_R_SUCCESS;
+ const cfg_obj_t *obj = NULL;
+ unsigned int i;
+
+ static const char *nonzero[] = { "max-retry-time", "min-retry-time",
+ "max-refresh-time", "min-refresh-time" };
+ /*
+ * Check if value is zero.
+ */
+ for (i = 0; i < sizeof(nonzero) / sizeof(nonzero[0]); i++) {
+ obj = NULL;
+ if (cfg_map_get(options, nonzero[i], &obj) == ISC_R_SUCCESS &&
+ cfg_obj_asuint32(obj) == 0) {
+ cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+ "'%s' must not be zero", nonzero[i]);
+ result = ISC_R_FAILURE;
+ }
+ }
+ return (result);
+}
+
+static isc_result_t
check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
const cfg_obj_t *config, isc_symtab_t *symtab,
dns_rdataclass_t defclass, cfg_aclconfctx_t *actx,
@@ -1036,7 +1055,7 @@ check_zoneconf(const cfg_obj_t *zconfig,
const char *zname;
const char *typestr;
unsigned int ztype;
- const cfg_obj_t *zoptions;
+ const cfg_obj_t *zoptions, *goptions = NULL;
const cfg_obj_t *obj = NULL;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
@@ -1105,9 +1124,11 @@ check_zoneconf(const cfg_obj_t *zconfig,
};
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
-
zoptions = cfg_tuple_get(zconfig, "options");
+ if (config != NULL)
+ cfg_map_get(config, "options", &goptions);
+
obj = NULL;
(void)cfg_map_get(zoptions, "type", &obj);
if (obj == NULL) {
@@ -1188,6 +1209,12 @@ check_zoneconf(const cfg_obj_t *zconfig,
}
/*
+ * Check if value is zero.
+ */
+ if (check_nonzero(zoptions, logctx) != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+
+ /*
* Look for inappropriate options for the given zone type.
* Check that ACLs expand correctly.
*/
@@ -1760,10 +1787,16 @@ check_viewconf(const cfg_obj_t *config,
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult = ISC_R_SUCCESS;
cfg_aclconfctx_t actx;
+ const cfg_obj_t *options = NULL;
const cfg_obj_t *obj;
isc_boolean_t enablednssec, enablevalidation;
/*
+ * Get global options block.
+ */
+ (void)cfg_map_get(config, "options", &options);
+
+ /*
* Check that all zone statements are syntactically correct and
* there are no duplicate zones.
*/
@@ -1798,8 +1831,6 @@ check_viewconf(const cfg_obj_t *config,
* Check that forwarding is reasonable.
*/
if (voptions == NULL) {
- const cfg_obj_t *options = NULL;
- (void)cfg_map_get(config, "options", &options);
if (options != NULL)
if (check_forward(options, NULL,
logctx) != ISC_R_SUCCESS)
@@ -1810,11 +1841,17 @@ check_viewconf(const cfg_obj_t *config,
}
/*
+ * Check non-zero options at the global and view levels.
+ */
+ if (options != NULL && check_nonzero(options, logctx) != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+ if (voptions != NULL &&check_nonzero(voptions, logctx) != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+
+ /*
* Check that dual-stack-servers is reasonable.
*/
if (voptions == NULL) {
- const cfg_obj_t *options = NULL;
- (void)cfg_map_get(config, "options", &options);
if (options != NULL)
if (check_dual_stack(options, logctx) != ISC_R_SUCCESS)
result = ISC_R_FAILURE;
@@ -1838,15 +1875,15 @@ check_viewconf(const cfg_obj_t *config,
tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
ISC_FALSE, &symtab);
if (tresult != ISC_R_SUCCESS)
- return (ISC_R_NOMEMORY);
+ goto cleanup;
(void)cfg_map_get(config, "key", &keys);
tresult = check_keylist(keys, symtab, mctx, logctx);
if (tresult == ISC_R_EXISTS)
result = ISC_R_FAILURE;
else if (tresult != ISC_R_SUCCESS) {
- isc_symtab_destroy(&symtab);
- return (tresult);
+ result = tresult;
+ goto cleanup;
}
if (voptions != NULL) {
@@ -1856,8 +1893,8 @@ check_viewconf(const cfg_obj_t *config,
if (tresult == ISC_R_EXISTS)
result = ISC_R_FAILURE;
else if (tresult != ISC_R_SUCCESS) {
- isc_symtab_destroy(&symtab);
- return (tresult);
+ result = tresult;
+ goto cleanup;
}
}
@@ -1939,6 +1976,9 @@ check_viewconf(const cfg_obj_t *config,
if (tresult != ISC_R_SUCCESS)
result = tresult;
+ cleanup:
+ if (symtab != NULL)
+ isc_symtab_destroy(&symtab);
cfg_aclconfctx_destroy(&actx);
return (result);
Modified: vendor/bind9/dist-9.6/lib/bind9/include/Makefile.in
==============================================================================
--- vendor/bind9/dist-9.6/lib/bind9/include/Makefile.in Mon Dec 17 10:51:22
2012 (r244352)
+++ vendor/bind9/dist-9.6/lib/bind9/include/Makefile.in Mon Dec 17 10:58:24
2012 (r244353)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: vendor/bind9/dist-9.6/lib/bind9/include/bind9/Makefile.in
==============================================================================
--- vendor/bind9/dist-9.6/lib/bind9/include/bind9/Makefile.in Mon Dec 17
10:51:22 2012 (r244352)
+++ vendor/bind9/dist-9.6/lib/bind9/include/bind9/Makefile.in Mon Dec 17
10:58:24 2012 (r244353)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: vendor/bind9/dist-9.6/lib/dns/adb.c
==============================================================================
--- vendor/bind9/dist-9.6/lib/dns/adb.c Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/lib/dns/adb.c Mon Dec 17 10:58:24 2012
(r244353)
@@ -3430,8 +3430,10 @@ dns_adb_adjustsrtt(dns_adb_t *adb, dns_a
addr->entry->srtt = new_srtt;
addr->srtt = new_srtt;
- isc_stdtime_get(&now);
- addr->entry->expires = now + ADB_ENTRY_WINDOW;
+ if (addr->entry->expires == 0) {
+ isc_stdtime_get(&now);
+ addr->entry->expires = now + ADB_ENTRY_WINDOW;
+ }
UNLOCK(&adb->entrylocks[bucket]);
}
@@ -3441,6 +3443,7 @@ dns_adb_changeflags(dns_adb_t *adb, dns_
unsigned int bits, unsigned int mask)
{
int bucket;
+ isc_stdtime_t now;
REQUIRE(DNS_ADB_VALID(adb));
REQUIRE(DNS_ADBADDRINFO_VALID(addr));
@@ -3449,6 +3452,11 @@ dns_adb_changeflags(dns_adb_t *adb, dns_
LOCK(&adb->entrylocks[bucket]);
addr->entry->flags = (addr->entry->flags & ~mask) | (bits & mask);
+ if (addr->entry->expires == 0) {
+ isc_stdtime_get(&now);
+ addr->entry->expires = now + ADB_ENTRY_WINDOW;
+ }
+
/*
* Note that we do not update the other bits in addr->flags with
* the most recent values from addr->entry->flags.
@@ -3527,15 +3535,16 @@ dns_adb_freeaddrinfo(dns_adb_t *adb, dns
entry = addr->entry;
REQUIRE(DNS_ADBENTRY_VALID(entry));
- isc_stdtime_get(&now);
-
*addrp = NULL;
overmem = isc_mem_isovermem(adb->mctx);
bucket = addr->entry->lock_bucket;
LOCK(&adb->entrylocks[bucket]);
- entry->expires = now + ADB_ENTRY_WINDOW;
+ if (entry->expires == 0) {
+ isc_stdtime_get(&now);
+ entry->expires = now + ADB_ENTRY_WINDOW;
+ }
want_check_exit = dec_entry_refcnt(adb, overmem, entry, ISC_FALSE);
Modified: vendor/bind9/dist-9.6/lib/dns/api
==============================================================================
--- vendor/bind9/dist-9.6/lib/dns/api Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/lib/dns/api Mon Dec 17 10:58:24 2012
(r244353)
@@ -3,6 +3,6 @@
# 9.7: 60-79
# 9.8: 80-89
# 9.9: 90-109
-LIBINTERFACE = 110
+LIBINTERFACE = 111
LIBREVISION = 2
-LIBAGE = 0
+LIBAGE = 1
Modified: vendor/bind9/dist-9.6/lib/dns/dnssec.c
==============================================================================
--- vendor/bind9/dist-9.6/lib/dns/dnssec.c Mon Dec 17 10:51:22 2012
(r244352)
+++ vendor/bind9/dist-9.6/lib/dns/dnssec.c Mon Dec 17 10:58:24 2012
(r244353)
@@ -35,16 +35,20 @@
#include <dns/dnssec.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
+#include <dns/log.h>
#include <dns/message.h>
#include <dns/rdata.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#include <dns/result.h>
+#include <dns/stats.h>
#include <dns/tsig.h> /* for DNS_TSIG_FUDGE */
#include <dst/result.h>
+LIBDNS_EXTERNAL_DATA isc_stats_t *dns_dnssec_stats;
+
#define is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR)
#define RETERR(x) do { \
@@ -74,6 +78,12 @@ digest_callback(void *arg, isc_region_t
return (dst_context_adddata(ctx, data));
}
+static inline void
+inc_stat(isc_statscounter_t counter) {
+ if (dns_dnssec_stats != NULL)
+ isc_stats_increment(dns_dnssec_stats, counter);
+}
+
/*
* Make qsort happy.
*/
@@ -150,7 +160,9 @@ dns_dnssec_keyfromrdata(dns_name_t *name
}
static isc_result_t
-digest_sig(dst_context_t *ctx, dns_rdata_t *sigrdata, dns_rdata_rrsig_t *sig) {
+digest_sig(dst_context_t *ctx, isc_boolean_t downcase, dns_rdata_t *sigrdata,
+ dns_rdata_rrsig_t *rrsig)
+{
isc_region_t r;
isc_result_t ret;
dns_fixedname_t fname;
@@ -162,11 +174,16 @@ digest_sig(dst_context_t *ctx, dns_rdata
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
return (ret);
- dns_fixedname_init(&fname);
- RUNTIME_CHECK(dns_name_downcase(&sig->signer,
- dns_fixedname_name(&fname), NULL)
- == ISC_R_SUCCESS);
- dns_name_toregion(dns_fixedname_name(&fname), &r);
+ if (downcase) {
+ dns_fixedname_init(&fname);
+
+ RUNTIME_CHECK(dns_name_downcase(&rrsig->signer,
+ dns_fixedname_name(&fname),
+ NULL) == ISC_R_SUCCESS);
+ dns_name_toregion(dns_fixedname_name(&fname), &r);
+ } else
+ dns_name_toregion(&rrsig->signer, &r);
+
return (dst_context_adddata(ctx, &r));
}
@@ -188,6 +205,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rd
isc_uint32_t flags;
unsigned int sigsize;
dns_fixedname_t fnewname;
+ dns_fixedname_t fsigner;
REQUIRE(name != NULL);
REQUIRE(dns_name_countlabels(name) <= 255);
@@ -215,8 +233,14 @@ dns_dnssec_sign(dns_name_t *name, dns_rd
sig.common.rdtype = dns_rdatatype_rrsig;
ISC_LINK_INIT(&sig.common, link);
+ /*
+ * Downcase signer.
+ */
dns_name_init(&sig.signer, NULL);
- dns_name_clone(dst_key_name(key), &sig.signer);
+ dns_fixedname_init(&fsigner);
+ RUNTIME_CHECK(dns_name_downcase(dst_key_name(key),
+ dns_fixedname_name(&fsigner), NULL) == ISC_R_SUCCESS);
+ dns_name_clone(dns_fixedname_name(&fsigner), &sig.signer);
sig.covered = set->type;
sig.algorithm = dst_key_alg(key);
@@ -256,7 +280,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rd
/*
* Digest the SIG rdata.
*/
- ret = digest_sig(ctx, &tmpsigrdata, &sig);
+ ret = digest_sig(ctx, ISC_FALSE, &tmpsigrdata, &sig);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
