assertion failure could be triggered on answers from
a specially configured server.
</para>
+ <para>
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
- </para>
+ </para>
</listitem>
</itemizedlist>
</sect2>
debugging.
</para>
</listitem>
+ <listitem>
+ <para>
+ EDNS COOKIE options content is now displayed as
+ "COOKIE: <hexvalue>".
+ </para>
+ </listitem>
</itemizedlist>
</sect2>
<sect2 id="relnotes_changes">
Asynchronous zone loads were not handled correctly when the
zone load was already in progress; this could trigger a crash
in zt.c. [RT #37573]
- </para>
+ </para>
</listitem>
<listitem>
<para>
<para>
The BIND 9.9 (Extended Support Version) will be supported until June, 2017.
<ulink url="https://www.isc.org/downloads/software-support-policy/"
- >https://www.isc.org/downloads/software-support-policy/</ulink>
+ >https://www.isc.org/downloads/software-support-policy/</ulink>
</para>
</sect2>
<sect2 id="relnotes_thanks">
#define DNS_OPT_NSID 0x0003 /*%< NSID opt code */
#define DNS_OPT_CLIENT_SUBNET 0x0008 /*%< client subnet opt code */
#define DNS_OPT_EXPIRE 0x0009 /*%< EXPIRE opt code */
+#define DNS_OPT_COOKIE 0x000a /*%< COOKIE opt code */
/*%< The number of EDNS options we know about. */
-#define DNS_EDNSOPTIONS 3
+#define DNS_EDNSOPTIONS 4
#define DNS_MESSAGE_REPLYPRESERVE (DNS_MESSAGEFLAG_RD|DNS_MESSAGEFLAG_CD)
#define DNS_MESSAGEEXTFLAG_REPLYPRESERVE (DNS_MESSAGEEXTFLAG_DO)
#include <dns/rdatastruct.h>
#include <dns/result.h>
#include <dns/tsig.h>
+#include <dns/ttl.h>
#include <dns/view.h>
#ifdef SKAN_MSG_DEBUG
if (optcode == DNS_OPT_NSID) {
ADD_STRING(target, "; NSID");
+ } else if (optcode == DNS_OPT_COOKIE) {
+ ADD_STRING(target, "; COOKIE");
+ } else if (optcode == DNS_OPT_EXPIRE) {
+ if (optlen == 4) {
+ isc_uint32_t secs;
+ secs = isc_buffer_getuint32(&optbuf);
+ ADD_STRING(target, "; EXPIRE: ");
+ snprintf(buf, sizeof(buf), "%u", secs);
+ ADD_STRING(target, buf);
+ ADD_STRING(target, " (");
+ dns_ttl_totext(secs, ISC_TRUE, target);
+ ADD_STRING(target, ")\n");
+ continue;
+ }
+ ADD_STRING(target, "; EXPIRE");
} else {
ADD_STRING(target, "; OPT=");
snprintf(buf, sizeof(buf), "%u", optcode);
optdata = isc_buffer_current(&optbuf);
for (i = 0; i < optlen; i++) {
- sprintf(buf, "%02x ", optdata[i]);
+ const char *sep;
+ switch (optcode) {
+ case DNS_OPT_COOKIE:
+ sep = "";
+ break;
+ default:
+ sep = " ";
+ break;
+ }
+ snprintf(buf, sizeof(buf), "%02x%s",
+ optdata[i], sep);
ADD_STRING(target, buf);
}
+ isc_buffer_forward(&optbuf, optlen);
+
+ if (optcode == DNS_OPT_COOKIE) {
+ ADD_STRING(target, "\n");
+ continue;
+ }
+
+ /*
+ * For non-COOKIE options, add a printable
+ * version
+ */
+ ADD_STRING(target, "(\"");
+ if (isc_buffer_availablelength(target) < optlen)
+ return (ISC_R_NOSPACE);
for (i = 0; i < optlen; i++) {
- ADD_STRING(target, " (");
- if (!isc_buffer_availablelength(target))
- return (ISC_R_NOSPACE);
if (isprint(optdata[i]))
isc_buffer_putmem(target,
&optdata[i],
1);
else
isc_buffer_putstr(target, ".");
- ADD_STRING(target, ")");
}
- isc_buffer_forward(&optbuf, optlen);
+ ADD_STRING(target, "\")");
}
ADD_STRING(target, "\n");
}
projects / thirdparty / bind9.git / commitdiff
