diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-11-27 16:40:03 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-11-27 16:40:03 +0000 |
commit | 2a9511d53411b4fefd47535dcb58ba3998a8b28b (patch) | |
tree | 250e900f5f8392ec202fbf8fa3af4bd411576511 | |
parent | 23f9108859a7d6402960469d3a1ce7027b289d0a (diff) | |
download | src-2a9511d53411b4fefd47535dcb58ba3998a8b28b.tar.gz src-2a9511d53411b4fefd47535dcb58ba3998a8b28b.zip |
Correct a remote denial-of-service attack in named(8).releng/4.4
Notes
Notes:
svn path=/releng/4.4/; revision=123008
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | contrib/bind/Version | 2 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_resp.c | 12 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
4 files changed, 14 insertions, 5 deletions
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20031126: p47 FreeBSD-SA-03:19.bind + Corrected remote denial-of-service vulnerability in named(8). + 20031003: p46 FreeBSD-SA-03:17.procfs Correct integer underflows/overflows in procfs(5) and linprocfs(5). diff --git a/contrib/bind/Version b/contrib/bind/Version index e99a6add5fbb..b4a709b025d3 100644 --- a/contrib/bind/Version +++ b/contrib/bind/Version @@ -1 +1 @@ -8.3.3-REL +8.3.3-REL-p1 diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c index c371fba842af..21c4095b2048 100644 --- a/contrib/bind/bin/named/ns_resp.c +++ b/contrib/bind/bin/named/ns_resp.c @@ -272,7 +272,7 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) u_int qtype, qclass; int restart; /* flag for processing cname response */ int validanswer, dbflags; - int cname, lastwascname, externalcname; + int cname, lastwascname, externalcname, cachenegative; int count, founddata, foundname; int buflen; int newmsglen; @@ -912,6 +912,7 @@ tcp_retry: cname = 0; lastwascname = 0; externalcname = 0; + cachenegative = 1; strcpy(aname, qname); if (count) { @@ -981,6 +982,7 @@ tcp_retry: name); db_detach(&dp); validanswer = 0; + cachenegative = 0; continue; } if (type == T_CNAME && @@ -1011,6 +1013,7 @@ tcp_retry: "last was cname, ignoring auth. and add."); db_detach(&dp); validanswer = 0; + cachenegative = 0; break; } if (i < arfirst) { @@ -1026,6 +1029,7 @@ tcp_retry: sin_ntoa(from)); db_detach(&dp); validanswer = 0; + cachenegative = 0; continue; } else if (!ns_samedomain(name, qp->q_domain)) { @@ -1039,6 +1043,7 @@ tcp_retry: sin_ntoa(from)); db_detach(&dp); validanswer = 0; + cachenegative = 0; continue; } if (type == T_NS) { @@ -1231,8 +1236,9 @@ tcp_retry: ) ) { - cache_n_resp(msg, msglen, from, qp->q_name, - qp->q_class, qp->q_type); + if (cachenegative) + cache_n_resp(msg, msglen, from, qp->q_name, + qp->q_class, qp->q_type); if (!qp->q_cmsglen && validanswer) { ns_debug(ns_log_default, 3, diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 0b4545a32d54..3e967fd5a3aa 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.4" -BRANCH="RELEASE-p46" +BRANCH="RELEASE-p47" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" |