diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2011-11-17 00:16:15 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2011-11-17 00:16:15 +0000 |
| commit | 3939884dc90db099f5601bd7c27d39acf7a8c731 (patch) | |
| tree | e0cc3e116be3c1afa9db9cf6250e5448e283b073 | |
| parent | 4a28185ca651dac3b9efa694040b80ab0eaa0690 (diff) | |
Vendor import of BIND 9.8.1-P1vendor/bind9/9.8.1-P1
Notes
Notes:
svn path=/vendor/bind9/dist/; revision=227594
svn path=/vendor/bind9/9.8.1-P1/; revision=227595; tag=vendor/bind9/9.8.1-P1
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | bin/named/query.c | 21 | ||||
| -rw-r--r-- | lib/dns/rbtdb.c | 6 | ||||
| -rw-r--r-- | version | 6 |
4 files changed, 21 insertions, 18 deletions
@@ -1,3 +1,9 @@ + --- 9.8.1-P1 released --- + +3218. [security] Cache lookup could return RRSIG data associated with + nonexistent records, leading to an assertion + failure. [RT #26590] + --- 9.8.1 released --- --- 9.8.1rc1 released --- diff --git a/bin/named/query.c b/bin/named/query.c index 9be178beddb0..4945f474f73f 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */ +/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */ /*! \file */ @@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 9d66006b4712..10525d921233 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */ +/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */ /*! \file */ @@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, rdataset); if (need_headerupdate(found, search.now)) update = found; - if (foundsig != NULL) { + if (!NEGATIVE(found) && foundsig != NULL) { bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); if (need_headerupdate(foundsig, search.now)) @@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, } if (found != NULL) { bind_rdataset(rbtdb, rbtnode, found, now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(rbtdb, rbtnode, foundsig, now, sigrdataset); } @@ -1,4 +1,4 @@ -# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $ +# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -6,5 +6,5 @@ MAJORVER=9 MINORVER=8 PATCHVER=1 -RELEASETYPE= -RELEASEVER= +RELEASETYPE=-P +RELEASEVER=1 |