← Back to branch summary

~ubuntu-branches/ubuntu/quantal/bind9/quantal

« back to all changes in this revision

Viewing changes to lib/dns/nsec3.c

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-07-05 08:33:30 UTC
  • Revision ID: james.westby@ubuntu.com-20110705083330-yy2urqvf4cooh9wm
Tags: 1:9.7.3.dfsg-1ubuntu3
* SECURITY UPDATE: denial of service via specially crafted packet
  - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
    nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
    flag to indicate negative-cache records rather than using rrtype 0.
  - Patch backported from 9.7.3-P3.
  - CVE-2011-2464

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/dns/nsec3.c
1579
1579
 
1580
1580
isc_result_t
1581
1581
dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
1582
 
                     dns_rdatatype_t type, dns_diff_t *diff)
 
1582
                     dns_rdatatype_t privatetype, dns_diff_t *diff)
1583
1583
{
1584
1584
        dns_dbnode_t *node = NULL;
1585
1585
        dns_rdata_nsec3param_t nsec3param;
1624
1624
        dns_rdataset_disassociate(&rdataset);
1625
1625
 
1626
1626
 try_private:
1627
 
        if (type == 0)
 
1627
        if (privatetype == 0)
1628
1628
                goto success;
1629
 
        result = dns_db_findrdataset(db, node, version, type, 0, 0,
 
1629
        result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
1630
1630
                                     &rdataset, NULL);
1631
1631
        if (result == ISC_R_NOTFOUND)
1632
1632
                goto success;
1681
1681
 
1682
1682
isc_result_t
1683
1683
dns_nsec3_activex(dns_db_t *db, dns_dbversion_t *version,
1684
 
                  isc_boolean_t complete, dns_rdatatype_t type,
 
1684
                  isc_boolean_t complete, dns_rdatatype_t privatetype,
1685
1685
                  isc_boolean_t *answer)
1686
1686
{
1687
1687
        dns_dbnode_t *node = NULL;
1730
1730
                *answer = ISC_FALSE;
1731
1731
 
1732
1732
 try_private:
1733
 
        if (type == 0 || complete) {
 
1733
        if (privatetype == 0 || complete) {
1734
1734
                *answer = ISC_FALSE;
1735
1735
                return (ISC_R_SUCCESS);
1736
1736
        }
1737
 
        result = dns_db_findrdataset(db, node, version, type, 0, 0,
 
1737
        result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
1738
1738
                                     &rdataset, NULL);
1739
1739
 
1740
1740
        dns_db_detachnode(db, &node);