From: Evan Hunt <each@isc.org>
Date: Mon, 2 Jul 2012 17:01:48 +0000 (-0700)
Subject: fix bad-cache assert
X-Git-Tag: v9.9.1-P2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10b94a2df4d1d79b80f8fb77848fde880405caf0;p=thirdparty%2Fbind9.git

fix bad-cache assert

3346.	[security]	Bad-cache data could be used before it was
			initialized, causing an assert. [RT #30025]
---

diff --git a/CHANGES b/CHANGES
index 10d1eb8f906..8cad6aa7e35 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3346.	[security]	Bad-cache data could be used before it was
+			initialized, causing an assert. [RT #30025]
+
 3345.	[bug]		Addressed race condition when removing the last item
 			or inserting the first item in an ISC_QUEUE.
 			[RT #29539]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index fb50360df17..20b8de4752a 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -8448,6 +8448,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 			goto cleanup;
 		bad->type = type;
 		bad->hashval = hashval;
+		bad->expire = *expire;
 		isc_buffer_init(&buffer, bad + 1, name->length);
 		dns_name_init(&bad->name, NULL);
 		dns_name_copy(name, &bad->name, &buffer);
@@ -8459,8 +8460,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 		if (resolver->badcount < resolver->badhash * 2 &&
 		    resolver->badhash > DNS_BADCACHE_SIZE)
 			resizehash(resolver, &now, ISC_FALSE);
-	}
-	bad->expire = *expire;
+	} else
+		bad->expire = *expire;
  cleanup:
 	UNLOCK(&resolver->lock);
 }