Upgrade to 9.8.3-P1, the latest from ISC. This version contains
a critical bugfix: Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers may crash on restart after transferring a zone containing these records. Master servers may corrupt zone data if the zone option "auto-dnssec" is set to "maintain". Other unexpected problems that are not listed here may also be encountered. All BIND users are strongly encouraged to upgrade.
This commit is contained in:
commit
fe5cfeb46b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=236586
@ -1,3 +1,8 @@
|
||||
--- 9.8.3-P1 released ---
|
||||
|
||||
3331. [security] dns_rdataslab_fromrdataset could produce bad
|
||||
rdataslabs. [RT #29644]
|
||||
|
||||
--- 9.8.3 released ---
|
||||
|
||||
3318. [tuning] Reduce the amount of work performed while holding a
|
||||
|
@ -329,8 +329,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
|
||||
|
||||
REQUIRE(rdata1 != NULL);
|
||||
REQUIRE(rdata2 != NULL);
|
||||
REQUIRE(rdata1->data != NULL);
|
||||
REQUIRE(rdata2->data != NULL);
|
||||
REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
|
||||
REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
|
||||
REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
|
||||
REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
|
||||
|
||||
@ -360,8 +360,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
|
||||
|
||||
REQUIRE(rdata1 != NULL);
|
||||
REQUIRE(rdata2 != NULL);
|
||||
REQUIRE(rdata1->data != NULL);
|
||||
REQUIRE(rdata2->data != NULL);
|
||||
REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
|
||||
REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
|
||||
REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
|
||||
REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
|
||||
|
||||
|
@ -126,6 +126,11 @@ isc_result_t
|
||||
dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
|
||||
isc_region_t *region, unsigned int reservelen)
|
||||
{
|
||||
/*
|
||||
* Use &removed as a sentinal pointer for duplicate
|
||||
* rdata as rdata.data == NULL is valid.
|
||||
*/
|
||||
static unsigned char removed;
|
||||
struct xrdata *x;
|
||||
unsigned char *rawbuf;
|
||||
#if DNS_RDATASET_FIXED
|
||||
@ -169,6 +174,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
|
||||
INSIST(result == ISC_R_SUCCESS);
|
||||
dns_rdata_init(&x[i].rdata);
|
||||
dns_rdataset_current(rdataset, &x[i].rdata);
|
||||
INSIST(x[i].rdata.data != &removed);
|
||||
#if DNS_RDATASET_FIXED
|
||||
x[i].order = i;
|
||||
#endif
|
||||
@ -201,8 +207,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
|
||||
*/
|
||||
for (i = 1; i < nalloc; i++) {
|
||||
if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
|
||||
x[i-1].rdata.data = NULL;
|
||||
x[i-1].rdata.length = 0;
|
||||
x[i-1].rdata.data = &removed;
|
||||
#if DNS_RDATASET_FIXED
|
||||
/*
|
||||
* Preserve the least order so A, B, A -> A, B
|
||||
@ -292,7 +297,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
|
||||
#endif
|
||||
|
||||
for (i = 0; i < nalloc; i++) {
|
||||
if (x[i].rdata.data == NULL)
|
||||
if (x[i].rdata.data == &removed)
|
||||
continue;
|
||||
#if DNS_RDATASET_FIXED
|
||||
offsettable[x[i].order] = rawbuf - offsetbase;
|
||||
|
@ -6,5 +6,5 @@
|
||||
MAJORVER=9
|
||||
MINORVER=8
|
||||
PATCHVER=3
|
||||
RELEASETYPE=
|
||||
RELEASEVER=
|
||||
RELEASETYPE=-P
|
||||
RELEASEVER=1
|
||||
|
Loading…
Reference in New Issue
Block a user