svn commit: r260646 - in stable: 8/contrib/bind9/bin/named 9/contrib/bind9/bin/named

Tue, 14 Jan 2014 11:39:19 -0800 

Author: delphij
Date: Tue Jan 14 19:38:37 2014
New Revision: 260646
URL: http://svnweb.freebsd.org/changeset/base/260646

Log:
  Fix  BIND remote denial of service vulnerability.
  
  Security:     FreeBSD-SA-14:04.bind
  Security:     CVE-2014-0591

Modified:
  stable/9/contrib/bind9/bin/named/query.c

Changes in other areas also in this revision:
Modified:
  stable/8/contrib/bind9/bin/named/query.c

Modified: stable/9/contrib/bind9/bin/named/query.c
==============================================================================
--- stable/9/contrib/bind9/bin/named/query.c    Tue Jan 14 19:33:28 2014        
(r260645)
+++ stable/9/contrib/bind9/bin/named/query.c    Tue Jan 14 19:38:37 2014        
(r260646)
@@ -5260,8 +5260,7 @@ query_findclosestnsec3(dns_name_t *qname
        dns_fixedname_t fixed;
        dns_hash_t hash;
        dns_name_t name;
-       int order;
-       unsigned int count;
+       unsigned int skip = 0, labels;
        dns_rdata_nsec3_t nsec3;
        dns_rdata_t rdata = DNS_RDATA_INIT;
        isc_boolean_t optout;
@@ -5276,6 +5275,7 @@ query_findclosestnsec3(dns_name_t *qname
 
        dns_name_init(&name, NULL);
        dns_name_clone(qname, &name);
+       labels = dns_name_countlabels(&name);
        dns_clientinfomethods_init(&cm, ns_client_sourceip);
        dns_clientinfo_init(&ci, client);
 
@@ -5309,13 +5309,14 @@ query_findclosestnsec3(dns_name_t *qname
                dns_rdata_reset(&rdata);
                optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
                if (found != NULL && optout &&
-                   dns_name_fullcompare(&name, dns_db_origin(db), &order,
-                                        &count) == dns_namereln_subdomain) {
+                   dns_name_issubdomain(&name, dns_db_origin(db)))
+               {
                        dns_rdataset_disassociate(rdataset);
                        if (dns_rdataset_isassociated(sigrdataset))
                                dns_rdataset_disassociate(sigrdataset);
-                       count = dns_name_countlabels(&name) - 1;
-                       dns_name_getlabelsequence(&name, 1, count, &name);
+                       skip++;
+                       dns_name_getlabelsequence(qname, skip, labels - skip,
+                                                 &name);
                        ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
                                      NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
                                      "looking for closest provable encloser");
@@ -5333,7 +5334,11 @@ query_findclosestnsec3(dns_name_t *qname
                ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
                              NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
                              "expected covering NSEC3, got an exact match");
-       if (found != NULL)
+       if (found == qname) {
+               if (skip != 0U)
+                       dns_name_getlabelsequence(qname, skip, labels - skip,
+                                                 found);
+       } else if (found != NULL)
                dns_name_copy(&name, found, NULL);
        return;
 }
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"

Reply via email to