- --- 9.12.0 released ---
+ --- 9.12.0rc2 released ---
+
+4859. [bug] A loop was possible when attempting to validate
+ unsigned CNAME responses from secure zones;
+ this caused a delay in returning SERVFAIL and
+ also increased the chances of encountering
+ CVE-2017-3145. [RT #46839]
+
+4858. [security] Addresses could be referenced after being freed
+ in resolver.c, causing an assertion failure.
+ (CVE-2017-3145) [RT #46839]
4850. [bug] Named failed to restart with multiple added zones in
lmdb database. [RT #46889]
BIND 9.12.0 is a new feature release of BIND. This document
summarizes new features and functional changes that have been
introduced on this branch, as well as features that have been
- deprecated or removed.
+ deprecated or removed. With each development release leading
+ up to the final BIND 9.12.0 release, this document will be
+ updated with additional features added and bugs fixed.
</para>
</section>
</para>
</section>
+ <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Addresses could be referenced after being freed during resolver
+ processing, causing an assertion failure. The chances of this
+ happening were remote, but the introduction of a delay in
+ resolution increasred them. This bug is disclosed in
+ CVE-2017-3145. [RT #46839]
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
<section xml:id="relnotes_features"><info><title>New Features</title></info>
<itemizedlist>
<listitem>
</itemizedlist>
</section>
+ <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Attempting to validate improperly unsigned CNAME responses
+ from secure zones could cause a validator loop. This caused
+ a delay in returning SERVFAIL and also increased the chances
+ of encountering the crash bug described in CVE-2017-3145.
+ [RT #46839]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Zones created with <command>rndc addzone</command> could
+ temporarily fail to inherit the <command>allow-transfer</command>
+ ACL set in the <command>options</command> section of
+ <filename>named.conf</filename>. [RT #46603]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The introduction of <command>libns</command> caused a bug
+ in which TCP client objects were not recycled after use,
+ leading to unconstrained memory growth. [RT #46029]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Some header files included <isc/util.h> incorrectly as
+ it pollutes with namespace with non ISC_ macros and this should
+ only be done by explicitly including <isc/util.h>. This
+ has been corrected. Some code may depend on <isc/util.h>
+ being implicitly included via other header files. Such
+ code should explicitly include <isc/util.h>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>named</command> failed to properly determine whether
+ there were active KSK and ZSK keys for an algorithm when
+ <command>update-check-ksk</command> was true (which is the
+ default setting). This could leave records unsigned
+ when rolling keys. [RT #46743] [RT #46754] [RT #46774]
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
<section xml:id="relnotes_license"><info><title>License</title></info>
<para>
BIND is open source software licenced under the terms of the Mozilla
* cannot fail in that case.
*/
result = isc_timer_reset(fctx->timer, isc_timertype_inactive,
- NULL, NULL, ISC_TRUE);
+ NULL, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_timer_reset(): %s",
}
}
-
static inline isc_result_t
fctx_startidletimer(fetchctx_t *fctx, isc_interval_t *interval) {
/*
for (find = ISC_LIST_HEAD(fctx->finds);
find != NULL;
- find = next_find) {
+ find = next_find)
+ {
next_find = ISC_LIST_NEXT(find, publink);
ISC_LIST_UNLINK(fctx->finds, find, publink);
dns_adb_destroyfind(&find);
for (find = ISC_LIST_HEAD(fctx->altfinds);
find != NULL;
- find = next_find) {
+ find = next_find)
+ {
next_find = ISC_LIST_NEXT(find, publink);
ISC_LIST_UNLINK(fctx->altfinds, find, publink);
dns_adb_destroyfind(&find);
for (addr = ISC_LIST_HEAD(fctx->forwaddrs);
addr != NULL;
- addr = next_addr) {
+ addr = next_addr)
+ {
next_addr = ISC_LIST_NEXT(addr, publink);
ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink);
dns_adb_freeaddrinfo(fctx->adb, &addr);
for (addr = ISC_LIST_HEAD(fctx->altaddrs);
addr != NULL;
- addr = next_addr) {
+ addr = next_addr)
+ {
next_addr = ISC_LIST_NEXT(addr, publink);
ISC_LIST_UNLINK(fctx->altaddrs, addr, publink);
dns_adb_freeaddrinfo(fctx->adb, &addr);
}
static inline void
-fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response,
- isc_boolean_t age_untried)
+fctx_stopqueries(fetchctx_t *fctx, isc_boolean_t no_response,
+ isc_boolean_t age_untried)
{
- FCTXTRACE("stopeverything");
+ FCTXTRACE("stopqueries");
fctx_cancelqueries(fctx, no_response, age_untried);
+ fctx_stoptimer(fctx);
+}
+
+static inline void
+fctx_cleanupall(fetchctx_t *fctx) {
fctx_cleanupfinds(fctx);
fctx_cleanupaltfinds(fctx);
fctx_cleanupforwaddrs(fctx);
fctx_cleanupaltaddrs(fctx);
- fctx_stoptimer(fctx);
}
static void
age_untried = ISC_TRUE;
fctx->reason = NULL;
- fctx_stopeverything(fctx, no_response, age_untried);
+
+ fctx_stopqueries(fctx, no_response, age_untried);
LOCK(&res->buckets[fctx->bucketnum].lock);
dns_resolver_cancelfetch(fctx->nsfetch);
/*
- * Shut down anything that is still running on behalf of this
- * fetch. To avoid deadlock with the ADB, we must do this
- * before we lock the bucket lock.
+ * Shut down anything still running on behalf of this
+ * fetch, and clean up finds and addresses. To avoid deadlock
+ * with the ADB, we must do this before we lock the bucket lock.
*/
- fctx_stopeverything(fctx, ISC_FALSE, ISC_FALSE);
+ fctx_stopqueries(fctx, ISC_FALSE, ISC_FALSE);
+ fctx_cleanupall(fctx);
LOCK(&res->buckets[bucketnum].lock);
for (parent = val; parent != NULL; parent = parent->parent) {
if (parent->event != NULL &&
- parent->event->type == type &&
+ (parent->event->type == type ||
+ parent->event->type == dns_rdatatype_cname) &&
dns_name_equal(parent->event->name, name) &&
/*
* As NSEC3 records are meta data you sometimes
projects / thirdparty / bind9.git / commitdiff
