From owner-svn-src-all@FreeBSD.ORG Thu Nov 17 00:16:16 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA5AE106566C; Thu, 17 Nov 2011 00:16:15 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D020F8FC0C; Thu, 17 Nov 2011 00:16:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pAH0GFhQ072955; Thu, 17 Nov 2011 00:16:15 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pAH0GFIM072950; Thu, 17 Nov 2011 00:16:15 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201111170016.pAH0GFIM072950@svn.freebsd.org> From: Doug Barton Date: Thu, 17 Nov 2011 00:16:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r227594 - in vendor/bind9/dist: . bin/named lib/dns X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2011 00:16:16 -0000 Author: dougb Date: Thu Nov 17 00:16:15 2011 New Revision: 227594 URL: http://svn.freebsd.org/changeset/base/227594 Log: Vendor import of BIND 9.8.1-P1 Modified: vendor/bind9/dist/CHANGES vendor/bind9/dist/bin/named/query.c vendor/bind9/dist/lib/dns/rbtdb.c vendor/bind9/dist/version Modified: vendor/bind9/dist/CHANGES ============================================================================== --- vendor/bind9/dist/CHANGES Wed Nov 16 23:29:27 2011 (r227593) +++ vendor/bind9/dist/CHANGES Thu Nov 17 00:16:15 2011 (r227594) @@ -1,3 +1,9 @@ + --- 9.8.1-P1 released --- + +3218. [security] Cache lookup could return RRSIG data associated with + nonexistent records, leading to an assertion + failure. [RT #26590] + --- 9.8.1 released --- --- 9.8.1rc1 released --- Modified: vendor/bind9/dist/bin/named/query.c ============================================================================== --- vendor/bind9/dist/bin/named/query.c Wed Nov 16 23:29:27 2011 (r227593) +++ vendor/bind9/dist/bin/named/query.c Thu Nov 17 00:16:15 2011 (r227594) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */ +/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */ /*! \file */ @@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ Modified: vendor/bind9/dist/lib/dns/rbtdb.c ============================================================================== --- vendor/bind9/dist/lib/dns/rbtdb.c Wed Nov 16 23:29:27 2011 (r227593) +++ vendor/bind9/dist/lib/dns/rbtdb.c Thu Nov 17 00:16:15 2011 (r227594) @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */ +/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */ /*! \file */ @@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam rdataset); if (need_headerupdate(found, search.now)) update = found; - if (foundsig != NULL) { + if (!NEGATIVE(found) && foundsig != NULL) { bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); if (need_headerupdate(foundsig, search.now)) @@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn } if (found != NULL) { bind_rdataset(rbtdb, rbtnode, found, now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(rbtdb, rbtnode, foundsig, now, sigrdataset); } Modified: vendor/bind9/dist/version ============================================================================== --- vendor/bind9/dist/version Wed Nov 16 23:29:27 2011 (r227593) +++ vendor/bind9/dist/version Thu Nov 17 00:16:15 2011 (r227594) @@ -1,4 +1,4 @@ -# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $ +# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -6,5 +6,5 @@ MAJORVER=9 MINORVER=8 PATCHVER=1 -RELEASETYPE= -RELEASEVER= +RELEASETYPE=-P +RELEASEVER=1