~ubuntu-branches/ubuntu/quantal/bind9/quantal

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-07-05 08:33:30 UTC
Revision ID: james.westby@ubuntu.com-20110705083330-yy2urqvf4cooh9wm

Tags: 1:9.7.3.dfsg-1ubuntu3

* SECURITY UPDATE: denial of service via specially crafted packet
  - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
    nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
    flag to indicate negative-cache records rather than using rrtype 0.
  - Patch backported from 9.7.3-P3.
  - CVE-2011-2464

files modified:
debian/changelog

lib/dns/include/dns/rdataset.h

lib/dns/masterdump.c

lib/dns/message.c

lib/dns/ncache.c

lib/dns/nsec3.c

lib/dns/rbtdb.c

lib/dns/rdataset.c

lib/dns/resolver.c

lib/dns/validator.c

Show diffs side-by-side

added added

removed removed

lib/dns/resolver.c

426

FCTX_ADDRINFO_TRIED) != 0)

427

428

#define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)

429

#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)

429

430

431

static void destroy(dns_resolver_t *res);

431

432

static void empty_bucket(dns_resolver_t *res);

1052

1053

* Negative results must be indicated in event->result.

1053

1054

1055

if (dns_rdataset_isassociated(event->rdataset) &&

1055

event->rdataset->type == dns_rdatatype_none) {

1056

NEGATIVE(event->rdataset)) {

1056

1057

INSIST(event->result == DNS_R_NCACHENXDOMAIN ||

1057

1058

event->result == DNS_R_NCACHENXRRSET);

1058

1059

}

4221

4222

if (result != ISC_R_SUCCESS &&

4222

4223

result != DNS_R_UNCHANGED)

4223

4224

goto noanswer_response;

4224

if (ardataset != NULL && ardataset->type == 0) {

4225

if (ardataset != NULL && NEGATIVE(ardataset)) {

4225

4226

if (NXDOMAIN(ardataset))

4226

4227

eresult = DNS_R_NCACHENXDOMAIN;

4227

4228

else

4548

4549

result = ISC_R_SUCCESS;

4549

4550

if (!need_validation &&

4550

4551

ardataset != NULL &&

4551

ardataset->type == 0) {

4552

NEGATIVE(ardataset)) {

4552

4553

4554

* The answer in the cache is

4554

4555

* better than the answer we

4678

4679

if (result == DNS_R_UNCHANGED) {

4679

4680

if (ANSWER(rdataset) &&

4680

4681

ardataset != NULL &&

4681

ardataset->type == 0) {

4682

NEGATIVE(ardataset)) {

4682

4683

4684

* The answer in the cache is better

4684

4685

* than the answer we found, and is

4708

4709

* Negative results must be indicated in event->result.

4709

4710

4711

if (dns_rdataset_isassociated(event->rdataset) &&

4711

event->rdataset->type == dns_rdatatype_none) {

4712

NEGATIVE(event->rdataset)) {

4712

4713

INSIST(eresult == DNS_R_NCACHENXDOMAIN ||

4713

4714

eresult == DNS_R_NCACHENXRRSET);

4714

4715

}

4788

4789

* care about whether it is DNS_R_NCACHENXDOMAIN or

4789

4790

* DNS_R_NCACHENXRRSET then extract it.

4790

4791

if (ardataset->type == 0) {

4792

if (NEGATIVE(ardataset)) {

4792

4793

4794

* The cache data is a negative cache entry.

4794

4795

Older »