~ubuntu-branches/ubuntu/quantal/bind9/quantal

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-07-05 08:33:30 UTC
Revision ID: james.westby@ubuntu.com-20110705083330-yy2urqvf4cooh9wm

Tags: 1:9.7.3.dfsg-1ubuntu3

* SECURITY UPDATE: denial of service via specially crafted packet
  - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
    nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
    flag to indicate negative-cache records rather than using rrtype 0.
  - Patch backported from 9.7.3-P3.
  - CVE-2011-2464

files modified:
debian/changelog

lib/dns/include/dns/rdataset.h

lib/dns/masterdump.c

lib/dns/message.c

lib/dns/ncache.c

lib/dns/nsec3.c

lib/dns/rbtdb.c

lib/dns/rdataset.c

lib/dns/resolver.c

lib/dns/validator.c

Show diffs side-by-side

added added

removed removed

lib/dns/rbtdb.c

278

#define RDATASET_ATTR_RESIGN 0x0020

279

#define RDATASET_ATTR_STATCOUNT 0x0040

280

#define RDATASET_ATTR_OPTOUT 0x0080

281

#define RDATASET_ATTR_NEGATIVE 0x0100

281

282

283

typedef struct acache_cbarg {

283

284

dns_rdatasetadditional_t type;

316

317

(((header)->attributes & RDATASET_ATTR_RESIGN) != 0)

317

318

#define OPTOUT(header) \

318

319

(((header)->attributes & RDATASET_ATTR_OPTOUT) != 0)

320

#define NEGATIVE(header) \

321

(((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0)

319

322

320

323

#define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */

321

324

691

694

/* At the moment we count statistics only for cache DB */

692

695

INSIST(IS_CACHE(rbtdb));

693

696

694

if (NXDOMAIN(header))

695

statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;

696

else if (RBTDB_RDATATYPE_BASE(header->type) == 0) {

697

statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;

698

base = RBTDB_RDATATYPE_EXT(header->type);

697

if (NEGATIVE(header)) {

698

if (NXDOMAIN(header))

699

statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;

700

else {

701

statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;

702

base = RBTDB_RDATATYPE_EXT(header->type);

703

}

699

704

} else

700

705

base = RBTDB_RDATATYPE_BASE(header->type);

701

706

2748

2753

rdataset->covers = RBTDB_RDATATYPE_EXT(header->type);

2749

2754

rdataset->ttl = header->rdh_ttl - now;

2750

2755

rdataset->trust = header->trust;

2756

if (NEGATIVE(header))

2757

rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE;

2751

2758

if (NXDOMAIN(header))

2752

2759

rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN;

2753

2760

if (OPTOUT(header))

4785

4792

*nodep = node;

4786

4793

}

4787

4794

4788

if (RBTDB_RDATATYPE_BASE(found->type) == 0) {

4795

if (NEGATIVE(found)) {

4789

4796

4790

4797

* We found a negative cache entry.

4791

4798

5454

5461

if (found == NULL)

5455

5462

return (ISC_R_NOTFOUND);

5456

5463

5457

if (RBTDB_RDATATYPE_BASE(found->type) == 0) {

5464

if (NEGATIVE(found)) {

5458

5465

5459

5466

* We found a negative cache entry.

5460

5467

5665

5672

negtype = 0;

5666

5673

if (rbtversion == NULL && !newheader_nx) {

5667

5674

rdtype = RBTDB_RDATATYPE_BASE(newheader->type);

5668

if (rdtype == 0) {

5675

if (NEGATIVE(newheader)) {

5669

5676

5670

5677

* We're adding a negative cache entry.

5671

5678

6207

6214

} else {

6208

6215

newheader->serial = 1;

6209

6216

newheader->resign = 0;

6217

if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)

6218

newheader->attributes |= RDATASET_ATTR_NEGATIVE;

6210

6219

if ((rdataset->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)

6211

6220

newheader->attributes |= RDATASET_ATTR_NXDOMAIN;

6212

6221

if ((rdataset->attributes & DNS_RDATASETATTR_OPTOUT) != 0)

7899

7908

7900

7909

type = header->type;

7901

7910

rdtype = RBTDB_RDATATYPE_BASE(header->type);

7902

if (rdtype == 0) {

7911

if (NEGATIVE(header)) {

7903

7912

covers = RBTDB_RDATATYPE_EXT(header->type);

7904

7913

negtype = RBTDB_RDATATYPE_VALUE(covers, 0);

7905

7914

} else

Older »