Author: dougb Date: Thu Nov 17 00:25:35 2011 New Revision: 227596 URL: http://svn.freebsd.org/changeset/base/227596
Log: Upgrade to BIND 9.8.1-P1 to address the following DDOS bug: Recursive name servers are failing with an assertion: INSIST(! dns_rdataset_isassociated(sigrdataset)) At this time it is not thought that authoritative-only servers are affected, but information about this bug is evolving rapidly. Because it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately. For more information see: https://www.isc.org/software/bind/advisories/cve-2011-tbd which will be updated as more information becomes available. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313 Modified: head/contrib/bind9/CHANGES head/contrib/bind9/bin/named/query.c head/contrib/bind9/lib/dns/rbtdb.c head/contrib/bind9/version Directory Properties: head/contrib/bind9/ (props changed) Modified: head/contrib/bind9/CHANGES ============================================================================== --- head/contrib/bind9/CHANGES Thu Nov 17 00:16:44 2011 (r227595) +++ head/contrib/bind9/CHANGES Thu Nov 17 00:25:35 2011 (r227596) @@ -1,3 +1,9 @@ + --- 9.8.1-P1 released --- + +3218. [security] Cache lookup could return RRSIG data associated with + nonexistent records, leading to an assertion + failure. [RT #26590] + --- 9.8.1 released --- --- 9.8.1rc1 released --- Modified: head/contrib/bind9/bin/named/query.c ============================================================================== --- head/contrib/bind9/bin/named/query.c Thu Nov 17 00:16:44 2011 (r227595) +++ head/contrib/bind9/bin/named/query.c Thu Nov 17 00:25:35 2011 (r227596) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */ +/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */ /*! \file */ @@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ Modified: head/contrib/bind9/lib/dns/rbtdb.c ============================================================================== --- head/contrib/bind9/lib/dns/rbtdb.c Thu Nov 17 00:16:44 2011 (r227595) +++ head/contrib/bind9/lib/dns/rbtdb.c Thu Nov 17 00:25:35 2011 (r227596) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */ +/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */ /*! \file */ @@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam rdataset); if (need_headerupdate(found, search.now)) update = found; - if (foundsig != NULL) { + if (!NEGATIVE(found) && foundsig != NULL) { bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); if (need_headerupdate(foundsig, search.now)) @@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn } if (found != NULL) { bind_rdataset(rbtdb, rbtnode, found, now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(rbtdb, rbtnode, foundsig, now, sigrdataset); } Modified: head/contrib/bind9/version ============================================================================== --- head/contrib/bind9/version Thu Nov 17 00:16:44 2011 (r227595) +++ head/contrib/bind9/version Thu Nov 17 00:25:35 2011 (r227596) @@ -1,4 +1,4 @@ -# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $ +# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -6,5 +6,5 @@ MAJORVER=9 MINORVER=8 PATCHVER=1 -RELEASETYPE= -RELEASEVER= +RELEASETYPE=-P +RELEASEVER=1 _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
