3218. [security] Cache lookup could return RRSIG data associated with

                        nonexistent records, leading to an assertion
                        failure. [RT #26590]

diff --git a/CHANGES b/CHANGES
index a5cc148d3703f4d8f236007662fc0a0557978feb..970e3961e05a436e4c4ea294edd1f97be5282dc2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+       --- 9.7.4-P1 released ---
+
+3218.  [security]      Cache lookup could return RRSIG data associated with
+                       nonexistent records, leading to an assertion
+                       failure. [RT #26590]
+
        --- 9.7.4 released ---
 
 3135.  [port]          FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.

diff --git a/bin/named/query.c b/bin/named/query.c
index 32bf03fa57d22875c7a280099ad5f59302ecc52f..b538523861a47928973206bb65af881b3d0c8844 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.335.8.14 2011/03/19 10:06:40 marka Exp $ */
+/* $Id: query.c,v 1.335.8.14.10.1 2011/11/16 09:37:44 marka Exp $ */
 
 /*! \file */
 
@@ -1280,11 +1280,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
                        goto addname;
                if (result == DNS_R_NCACHENXRRSET) {
                        dns_rdataset_disassociate(rdataset);
-                       /*
-                        * Negative cache entries don't have sigrdatasets.
-                        */
-                       INSIST(sigrdataset == NULL ||
-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
                }
                if (result == ISC_R_SUCCESS) {
                        mname = NULL;
@@ -1325,8 +1323,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
                        goto addname;
                if (result == DNS_R_NCACHENXRRSET) {
                        dns_rdataset_disassociate(rdataset);
-                       INSIST(sigrdataset == NULL ||
-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
                }
                if (result == ISC_R_SUCCESS) {
                        mname = NULL;
@@ -1776,10 +1775,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
                goto setcache;
        if (result == DNS_R_NCACHENXRRSET) {
                dns_rdataset_disassociate(rdataset);
-               /*
-                * Negative cache entries don't have sigrdatasets.
-                */
-               INSIST(! dns_rdataset_isassociated(sigrdataset));
+               if (dns_rdataset_isassociated(sigrdataset))
+                       dns_rdataset_disassociate(sigrdataset);
        }
        if (result == ISC_R_SUCCESS) {
                /* Remember the result as a cache */

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index e9ad9d9b47318e67a959aced638b8ec5a0620889..24ec6fbca62bc6aedce292e759c947764a462384 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.292.8.21 2011/06/08 23:15:43 each Exp $ */
+/* $Id: rbtdb.c,v 1.292.8.21.10.1 2011/11/16 09:37:44 marka Exp $ */
 
 /*! \file */
 
@@ -4830,7 +4830,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
                              rdataset);
                if (need_headerupdate(found, search.now))
                        update = found;
-               if (foundsig != NULL) {
+               if (!NEGATIVE(found) && foundsig != NULL) {
                        bind_rdataset(search.rbtdb, node, foundsig, search.now,
                                      sigrdataset);
                        if (need_headerupdate(foundsig, search.now))
@@ -5462,7 +5462,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
        }
        if (found != NULL) {
                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-               if (foundsig != NULL)
+               if (!NEGATIVE(found) && foundsig != NULL)
                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
                                      sigrdataset);
        }

diff --git a/version b/version
index 8319a689d0383b39f5233b0e83a405416099f244..8e6b6ef4aacea106beaa11f8f466c7e2b3df547a 100644 (file)
--- a/version
+++ b/version
@@ -1,4 +1,4 @@
-# $Id: version,v 1.51.2.14 2011/07/21 02:43:43 marka Exp $
+# $Id: version,v 1.51.2.14.12.1 2011/11/16 09:37:44 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=7
 PATCHVER=4
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1