← Back to branch summary

~ubuntu-branches/ubuntu/quantal/bind9/quantal

« back to all changes in this revision

Viewing changes to lib/dns/ncache.c

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-07-05 08:33:30 UTC
  • Revision ID: james.westby@ubuntu.com-20110705083330-yy2urqvf4cooh9wm
Tags: 1:9.7.3.dfsg-1ubuntu3
* SECURITY UPDATE: denial of service via specially crafted packet
  - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
    nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
    flag to indicate negative-cache records rather than using rrtype 0.
  - Patch backported from 9.7.3-P3.
  - CVE-2011-2464

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/dns/ncache.c
296
296
        RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset)
297
297
                      == ISC_R_SUCCESS);
298
298
        ncrdataset.trust = trust;
 
299
        ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE;
299
300
        if (message->rcode == dns_rcode_nxdomain)
300
301
                ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN;
301
302
        if (optout)
326
327
 
327
328
        REQUIRE(rdataset != NULL);
328
329
        REQUIRE(rdataset->type == 0);
 
330
        REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
329
331
 
330
332
        savedbuffer = *target;
331
333
        count = 0;
554
556
 
555
557
        REQUIRE(ncacherdataset != NULL);
556
558
        REQUIRE(ncacherdataset->type == 0);
 
559
        REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
557
560
        REQUIRE(name != NULL);
558
561
        REQUIRE(!dns_rdataset_isassociated(rdataset));
559
562
        REQUIRE(type != dns_rdatatype_rrsig);
630
633
 
631
634
        REQUIRE(ncacherdataset != NULL);
632
635
        REQUIRE(ncacherdataset->type == 0);
 
636
        REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
633
637
        REQUIRE(name != NULL);
634
638
        REQUIRE(!dns_rdataset_isassociated(rdataset));
635
639
 
729
733
 
730
734
        REQUIRE(ncacherdataset != NULL);
731
735
        REQUIRE(ncacherdataset->type == 0);
 
736
        REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
732
737
        REQUIRE(found != NULL);
733
738
        REQUIRE(!dns_rdataset_isassociated(rdataset));
734
739