Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Nov 2011 00:16:15 +0000 (UTC)
From:      Doug Barton <dougb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r227594 - in vendor/bind9/dist: . bin/named lib/dns
Message-ID:  <201111170016.pAH0GFIM072950@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: dougb
Date: Thu Nov 17 00:16:15 2011
New Revision: 227594
URL: http://svn.freebsd.org/changeset/base/227594

Log:
  Vendor import of BIND 9.8.1-P1

Modified:
  vendor/bind9/dist/CHANGES
  vendor/bind9/dist/bin/named/query.c
  vendor/bind9/dist/lib/dns/rbtdb.c
  vendor/bind9/dist/version

Modified: vendor/bind9/dist/CHANGES
==============================================================================
--- vendor/bind9/dist/CHANGES	Wed Nov 16 23:29:27 2011	(r227593)
+++ vendor/bind9/dist/CHANGES	Thu Nov 17 00:16:15 2011	(r227594)
@@ -1,3 +1,9 @@
+	--- 9.8.1-P1 released ---
+
+3218.	[security]	Cache lookup could return RRSIG data associated with
+			nonexistent records, leading to an assertion
+			failure. [RT #26590]
+
 	--- 9.8.1 released ---
 
 	--- 9.8.1rc1 released ---

Modified: vendor/bind9/dist/bin/named/query.c
==============================================================================
--- vendor/bind9/dist/bin/named/query.c	Wed Nov 16 23:29:27 2011	(r227593)
+++ vendor/bind9/dist/bin/named/query.c	Thu Nov 17 00:16:15 2011	(r227594)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
+/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */
 
 /*! \file */
 
@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			/*
-			 * Negative cache entries don't have sigrdatasets.
-			 */
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
 		goto setcache;
 	if (result == DNS_R_NCACHENXRRSET) {
 		dns_rdataset_disassociate(rdataset);
-		/*
-		 * Negative cache entries don't have sigrdatasets.
-		 */
-		INSIST(! dns_rdataset_isassociated(sigrdataset));
+		if (dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
 	}
 	if (result == ISC_R_SUCCESS) {
 		/* Remember the result as a cache */

Modified: vendor/bind9/dist/lib/dns/rbtdb.c
==============================================================================
--- vendor/bind9/dist/lib/dns/rbtdb.c	Wed Nov 16 23:29:27 2011	(r227593)
+++ vendor/bind9/dist/lib/dns/rbtdb.c	Thu Nov 17 00:16:15 2011	(r227594)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */
+/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */
 
 /*! \file */
 
@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
 			      rdataset);
 		if (need_headerupdate(found, search.now))
 			update = found;
-		if (foundsig != NULL) {
+		if (!NEGATIVE(found) && foundsig != NULL) {
 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
 				      sigrdataset);
 			if (need_headerupdate(foundsig, search.now))
@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
 	}
 	if (found != NULL) {
 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-		if (foundsig != NULL)
+		if (!NEGATIVE(found) && foundsig != NULL)
 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
 				      sigrdataset);
 	}

Modified: vendor/bind9/dist/version
==============================================================================
--- vendor/bind9/dist/version	Wed Nov 16 23:29:27 2011	(r227593)
+++ vendor/bind9/dist/version	Thu Nov 17 00:16:15 2011	(r227594)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $
+# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=8
 PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111170016.pAH0GFIM072950>