- "blackhole" ACLs could cause named to segfault due to some uninitialized

  memory. [rt18095]
- Also removed some erroneously duplicated code in zoneconf.c

diff --git a/CHANGES b/CHANGES
index 22726fe1e0033eb4e31c040802f68e634684dad5..0263e80f6daebaee91081af8a22bb12a25c29300 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
        --- 9.5.0 released ---
 
+2374.   [bug]           "blackhole" ACLs could cause named to segfault due
+                       to some uninitialized memory. [RT #18095]
+
 2372.   [bug]           fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
 
 2371.   [doc]           add +nsid option to dig man page. [RT #18039]

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 2ee22bd0e8925beb7a5cfe90d9760b3aed8ab4d7..f569f8930029c76c4d15a8755c6651833db6c2f3 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.139.56.2 2008/04/03 06:20:33 tbox Exp $ */
+/* $Id: zoneconf.c,v 1.139.56.3 2008/05/21 23:26:11 each Exp $ */
 
 /*% */
 
@@ -752,48 +752,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
                INSIST(result == ISC_R_SUCCESS);
                dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
                                   cfg_obj_asboolean(obj));
-       }
-
-       /*
-        * Configure update-related options.  These apply to
-        * primary masters only.
-        */
-       if (ztype == dns_zone_master) {
-               dns_acl_t *updateacl;
-               RETERR(configure_zone_acl(zconfig, vconfig, config,
-                                         "allow-update", ac, zone,
-                                         dns_zone_setupdateacl,
-                                         dns_zone_clearupdateacl));
-
-               updateacl = dns_zone_getupdateacl(zone);
-               if (updateacl != NULL  && dns_acl_isinsecure(updateacl))
-                       isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
-                                     NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
-                                     "zone '%s' allows updates by IP "
-                                     "address, which is insecure",
-                                     zname);
-
-               RETERR(configure_zone_ssutable(zoptions, zone));
-
-               obj = NULL;
-               result = ns_config_get(maps, "sig-validity-interval", &obj);
-               INSIST(result == ISC_R_SUCCESS);
-               dns_zone_setsigvalidityinterval(zone,
-                                               cfg_obj_asuint32(obj) * 86400);
-
-               obj = NULL;
-               result = ns_config_get(maps, "key-directory", &obj);
-               if (result == ISC_R_SUCCESS) {
-                       filename = cfg_obj_asstring(obj);
-                       if (!isc_file_isabsolute(filename)) {
-                               cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
-                                           "key-directory '%s' "
-                                           "is not absolute", filename);
-                               return (ISC_R_FAILURE);
-                       }
-                       RETERR(dns_zone_setkeydirectory(zone, filename));
-               }
-
        } else if (ztype == dns_zone_slave) {
                RETERR(configure_zone_acl(zconfig, vconfig, config,
                                          "allow-update-forwarding", ac, zone,

diff --git a/lib/isc/radix.c b/lib/isc/radix.c
index 903bf017f9bb2e2b27b148f7f8d334ce48eb38c2..9826833ca4ab1ed533333513b0b1899835498c2b 100644 (file)
--- a/lib/isc/radix.c
+++ b/lib/isc/radix.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: radix.c,v 1.9.6.4 2008/01/27 23:46:52 tbox Exp $ */
+/* $Id: radix.c,v 1.9.6.5 2008/05/21 23:26:11 each Exp $ */
 
 /*
  * This source was adapted from MRT's RCS Ids:
@@ -323,6 +323,7 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
                if (node == NULL)
                        return (ISC_R_NOMEMORY);
                node->bit = bitlen;
+               node->node_num[0] = node->node_num[1] = -1;
                result = _ref_prefix(radix->mctx, &node->prefix, prefix);
                if (result != ISC_R_SUCCESS) {
                        isc_mem_put(radix->mctx, node,
@@ -351,7 +352,6 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
                } else {
                        node->node_num[ISC_IS6(family)] =
                                ++radix->num_added_node;
-                       node->node_num[!ISC_IS6(family)] = -1;
                        node->data[0] = NULL;
                        node->data[1] = NULL;
                }