diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2009-07-29 00:14:14 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2009-07-29 00:14:14 +0000 |
commit | e8c0497d6897110bc83bda93cc1eb51d54d45dc1 (patch) | |
tree | c5a231fb0fd09847492b5a7211da8e69249eea8d | |
parent | 57bbdcd90887aa47cd123bf1200be30ae299356d (diff) | |
download | src-e8c0497d6897110bc83bda93cc1eb51d54d45dc1.tar.gz src-e8c0497d6897110bc83bda93cc1eb51d54d45dc1.zip |
Fix BIND named(8) dynamic update message remote DoS.
Obtained from: ISC
Security: FreeBSD-SA-09:12.bind
Security: CVE-2009-0696
Approved by: so (simon)
Notes
Notes:
svn path=/releng/6.3/; revision=195935
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | contrib/bind9/bin/named/update.c | 6 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
3 files changed, 9 insertions, 2 deletions
@@ -8,6 +8,9 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20090729: p12 FreeBSD-SA-09:12.bind + Fix BIND named(8) dynamic update message remote DoS. + 20090610: p11 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6, FreeBSD-SA-09:11.ntpd Prevent integer overflow in direct pipe write code from circumventing diff --git a/contrib/bind9/bin/named/update.c b/contrib/bind9/bin/named/update.c index fa0ddb01049a..63934baea2db 100644 --- a/contrib/bind9/bin/named/update.c +++ b/contrib/bind9/bin/named/update.c @@ -859,7 +859,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 171741175a4e..3e2b4265f97b 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="6.3" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi |