From: Evan Hunt Date: Wed, 16 Nov 2011 09:33:41 +0000 (+0000) Subject: 3218. [security] Cache lookup could return RRSIG data associated with X-Git-Tag: v9.4-ESV-R5-P1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00a93b246610516865ce85c654349f50027dedb4;p=thirdparty%2Fbind9.git 3218. [security] Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [RT #26590] --- diff --git a/CHANGES b/CHANGES index 86d88abf874..a4306d2b137 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ + --- 9.4-ESV-R5-P1 released --- + +3218. [security] Cache lookup could return RRSIG data associated with + nonexistent records, leading to an assertion + failure. [RT #26590] + --- 9.4-ESV-R5 released --- 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing. diff --git a/bin/named/query.c b/bin/named/query.c index 5104558fdb8..aca2e34cada 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.257.18.56 2010/11/17 10:21:01 marka Exp $ */ +/* $Id: query.c,v 1.257.18.56.12.1 2011/11/16 09:33:40 each Exp $ */ /*! \file */ @@ -1251,11 +1251,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1296,8 +1294,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto addname; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - INSIST(sigrdataset == NULL || - ! dns_rdataset_isassociated(sigrdataset)); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { mname = NULL; @@ -1746,10 +1745,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto setcache; if (result == DNS_R_NCACHENXRRSET) { dns_rdataset_disassociate(rdataset); - /* - * Negative cache entries don't have sigrdatasets. - */ - INSIST(! dns_rdataset_isassociated(sigrdataset)); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); } if (result == ISC_R_SUCCESS) { /* Remember the result as a cache */ diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index a1ad2a4045a..df7162d3fb2 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.196.18.67 2011/06/09 00:42:47 each Exp $ */ +/* $Id: rbtdb.c,v 1.196.18.67.2.1 2011/11/16 09:33:41 each Exp $ */ /*! \file */ @@ -3672,7 +3672,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result == DNS_R_NCACHENXRRSET) { bind_rdataset(search.rbtdb, node, found, search.now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); } @@ -4258,7 +4258,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, } if (found != NULL) { bind_rdataset(rbtdb, rbtnode, found, now, rdataset); - if (foundsig != NULL) + if (!NEGATIVE(found) && foundsig != NULL) bind_rdataset(rbtdb, rbtnode, foundsig, now, sigrdataset); } diff --git a/version b/version index 4c470646dad..e445b1bdcb2 100644 --- a/version +++ b/version @@ -1,4 +1,4 @@ -# $Id: version,v 1.29.134.35 2011/07/21 02:11:00 marka Exp $ +# $Id: version,v 1.29.134.35.2.1 2011/11/16 09:33:40 each Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=4 PATCHVER= RELEASETYPE=-ESV -RELEASEVER=-R5 +RELEASEVER=-R5-P1