aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2011-11-17 01:02:33 +0000
committerDoug Barton <dougb@FreeBSD.org>2011-11-17 01:02:33 +0000
commit8fed7b07ce5adb35627c62d642f655ab8a74fa88 (patch)
treef9aee4c814b21f83a4a3b0f52d3d888a34094b4f
parent92ca6d96a96522bb1e8e222f02352a8b98d9203b (diff)
downloadsrc-vendor/bind9-9.4.tar.gz
src-vendor/bind9-9.4.zip
Vendor import of BIND 9.4-ESV-R5-P1vendor/bind9/9.4-ESV-R5-P1vendor/bind9-9.4
Notes
Notes: svn path=/vendor/bind9/dist-9.4/; revision=227600 svn path=/vendor/bind9/9.4-ESV-R5-P1/; revision=227602; tag=vendor/bind9/9.4-ESV-R5-P1
-rw-r--r--CHANGES6
-rw-r--r--bin/named/query.c21
-rw-r--r--lib/dns/rbtdb.c6
-rw-r--r--version4
4 files changed, 20 insertions, 17 deletions
diff --git a/CHANGES b/CHANGES
index 86d88abf874e..a4306d2b137c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+ --- 9.4-ESV-R5-P1 released ---
+
+3218. [security] Cache lookup could return RRSIG data associated with
+ nonexistent records, leading to an assertion
+ failure. [RT #26590]
+
--- 9.4-ESV-R5 released ---
3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
diff --git a/bin/named/query.c b/bin/named/query.c
index f6a6f1de448a..2e557dbcb264 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.257.18.56 2010-11-17 10:21:01 marka Exp $ */
+/* $Id: query.c,v 1.257.18.56.12.1 2011-11-16 09:33:40 each Exp $ */
/*! \file */
@@ -1251,11 +1251,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1296,8 +1294,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- INSIST(sigrdataset == NULL ||
- ! dns_rdataset_isassociated(sigrdataset));
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@@ -1746,10 +1745,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto setcache;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
- /*
- * Negative cache entries don't have sigrdatasets.
- */
- INSIST(! dns_rdataset_isassociated(sigrdataset));
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
/* Remember the result as a cache */
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 8118fee7417f..a6e06ab7c82e 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.196.18.67 2011-06-09 00:42:47 each Exp $ */
+/* $Id: rbtdb.c,v 1.196.18.67.2.1 2011-11-16 09:33:41 each Exp $ */
/*! \file */
@@ -3672,7 +3672,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
result == DNS_R_NCACHENXRRSET) {
bind_rdataset(search.rbtdb, node, found, search.now,
rdataset);
- if (foundsig != NULL)
+ if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(search.rbtdb, node, foundsig, search.now,
sigrdataset);
}
@@ -4258,7 +4258,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
}
if (found != NULL) {
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
- if (foundsig != NULL)
+ if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(rbtdb, rbtnode, foundsig, now,
sigrdataset);
}
diff --git a/version b/version
index 62cab3d10205..022a037eb579 100644
--- a/version
+++ b/version
@@ -1,4 +1,4 @@
-# $Id: version,v 1.29.134.35 2011-07-21 02:11:00 marka Exp $
+# $Id: version,v 1.29.134.35.2.1 2011-11-16 09:33:40 each Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -7,4 +7,4 @@ MAJORVER=9
MINORVER=4
PATCHVER=
RELEASETYPE=-ESV
-RELEASEVER=-R5
+RELEASEVER=-R5-P1