]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
[master] avoid crash due to managed-key rollover
authorEvan Hunt <each@isc.org>
Wed, 4 Feb 2015 02:25:28 +0000 (18:25 -0800)
committerEvan Hunt <each@isc.org>
Wed, 4 Feb 2015 02:25:28 +0000 (18:25 -0800)
4053. [security] Revoking a managed trust anchor and supplying
an untrusted replacement could cause named
to crash with an assertion failure.
(CVE-2015-1349) [RT #38344]

CHANGES
doc/arm/notes.xml
lib/dns/zone.c

diff --git a/CHANGES b/CHANGES
index d476ed1c6d9fc1f16e45b0a9ee80c19fa2ba0a31..897347729fc5c526d21811b48a81342a2a405add 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+4053.  [security]      Revoking a managed trust anchor and supplying
+                       an untrusted replacement could cause named
+                       to crash with an assertion failure.
+                       (CVE-2015-1349) [RT #38344]
+
 4052.  [bug]           Fix a leak of query fetchlock. [RT #38454]
 
 4051.  [bug]           Fix a leak of pthread_mutexattr_t. [RT #38454]
index 0ff522c5c3becd4b2288806cf757c9505a2f5143..00853e4b7886be81e28e09c503717632579ebf33 100644 (file)
   <sect2 id="relnotes_security">
     <title>Security Fixes</title>
     <itemizedlist>
+      <listitem>
+       <para>
+         On servers configured to perform DNSSEC validation using
+         managed trust anchors (i.e., keys configured explicitly
+         via <command>managed-keys</command>, or implicitly 
+         via <command>dnssec-validation auto;</command> or
+         <command>dnssec-lookaside auto;</command>), revoking
+         a trust anchor and sending a new untrusted replacement
+         could cause <command>named</command> to crash with an
+         assertion failure. This could occur in the event of a
+         botched key rollover, or potentially as a result of a
+         deliberate attack if the attacker was in position to
+         monitor the victim's DNS traffic.
+       </para>
+       <para>
+         This flaw was discovered by Jan-Piet Mens, and is
+         disclosed in CVE-2015-1349. [RT #38344]
+       </para>
+      </listitem>
       <listitem>
        <para>
          A flaw in delegation handling could be exploited to put
index d7c7444ed3440b017c5f3fc8d4b3d46cc31c1ca7..1bc8608ed633e8e7bc17246e80906d5d7ada7a1c 100644 (file)
@@ -9006,6 +9006,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
                                             namebuf, tag);
                                trustkey = ISC_TRUE;
                        }
+               } else {
+                       /*
+                        * No previously known key, and the key is not
+                        * secure, so skip it.
+                        */
+                       continue;
                }
 
                /* Delete old version */
@@ -9054,7 +9060,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
                        trust_key(zone, keyname, &dnskey, mctx);
                }
 
-               if (!deletekey) {
+               if (secure && !deletekey) {
                        INSIST(newkey || updatekey);
                        set_refreshkeytimer(zone, &keydata, now);
                }