3218. [security] Cache lookup could return RRSIG data associated with

author Evan Hunt <each@isc.org>

Wed, 16 Nov 2011 09:44:32 +0000 (09:44 +0000)

committer Evan Hunt <each@isc.org>

Wed, 16 Nov 2011 09:44:32 +0000 (09:44 +0000)
author Evan Hunt <each@isc.org>
Wed, 16 Nov 2011 09:44:32 +0000 (09:44 +0000)
committer Evan Hunt <each@isc.org>
Wed, 16 Nov 2011 09:44:32 +0000 (09:44 +0000)
diff --git a/CHANGES b/CHANGES

index c951b551dd11b7fc1cd54f25af202c1162a90a1a..ff110c319a2397613f0d695af5b2bc7ec4d7a6e8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3218.  [security]      Cache lookup could return RRSIG data associated with
+                       nonexistent records, leading to an assertion
+                       failure. [RT #26590]
+
  3217.  [cleanup]       Fix build problem with --disable-static. [RT #26476]
  
  3216.  [bug]           resolver.c:validated() was not thread-safe. [RT #26478]
diff --git a/bin/named/query.c b/bin/named/query.c

index 3869f5b964f41084c37fe7732d6c02ec76b23144..eef5799619a8db68690764530972b03aa95f78f0 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: query.c,v 1.377 2011/10/28 11:46:49 marka Exp $ */
+/* $Id: query.c,v 1.378 2011/11/16 09:44:31 each Exp $ */
  
  /*! \file */
  
@@ -1381,11 +1381,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
                         goto addname;
                 if (result == DNS_R_NCACHENXRRSET) {
                         dns_rdataset_disassociate(rdataset);
-                       /*
-                        * Negative cache entries don't have sigrdatasets.
-                        */
-                       INSIST(sigrdataset == NULL ||
-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
                 }
                 if (result == ISC_R_SUCCESS) {
                         mname = NULL;
@@ -1426,8 +1424,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
                         goto addname;
                 if (result == DNS_R_NCACHENXRRSET) {
                         dns_rdataset_disassociate(rdataset);
-                       INSIST(sigrdataset == NULL ||
-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
                 }
                 if (result == ISC_R_SUCCESS) {
                         mname = NULL;
@@ -1885,10 +1884,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
                 goto setcache;
         if (result == DNS_R_NCACHENXRRSET) {
                 dns_rdataset_disassociate(rdataset);
-               /*
-                * Negative cache entries don't have sigrdatasets.
-                */
-               INSIST(! dns_rdataset_isassociated(sigrdataset));
+               if (dns_rdataset_isassociated(sigrdataset))
+                       dns_rdataset_disassociate(sigrdataset);
         }
         if (result == ISC_R_SUCCESS) {
                 /* Remember the result as a cache */
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c

index 6da85fab4878fbecd582ea43e861beeb513bfce4..d7b478596c793df41daf5a54c5c9df536741cb1f 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: rbtdb.c,v 1.320 2011/11/08 20:49:11 marka Exp $ */
+/* $Id: rbtdb.c,v 1.321 2011/11/16 09:44:32 each Exp $ */
  
  /*! \file */
  
@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
                               rdataset);
                 if (need_headerupdate(found, search.now))
                         update = found;
-               if (foundsig != NULL) {
+               if (!NEGATIVE(found) && foundsig != NULL) {
                         bind_rdataset(search.rbtdb, node, foundsig, search.now,
                                       sigrdataset);
                         if (need_headerupdate(foundsig, search.now))
@@ -5686,7 +5686,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
         }
         if (found != NULL) {
                 bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-               if (foundsig != NULL)
+               if (!NEGATIVE(found) && foundsig != NULL)
                         bind_rdataset(rbtdb, rbtnode, foundsig, now,
                                       sigrdataset);
         }
author	Evan Hunt <each@isc.org>
	Wed, 16 Nov 2011 09:44:32 +0000 (09:44 +0000)
committer	Evan Hunt <each@isc.org>
	Wed, 16 Nov 2011 09:44:32 +0000 (09:44 +0000)
CHANGES		patch \| blob \| blame \| history
bin/named/query.c		patch \| blob \| blame \| history
lib/dns/rbtdb.c		patch \| blob \| blame \| history