This commit was generated by cvs2svn to compensate for changes in r162079,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
dougb
commit
7993bfbeba
@ -1,4 +1,11 @@
|
||||
|
||||
--- 9.3.2-P1 released ---
|
||||
|
||||
2066. [security] Handle SIG queries gracefully. [RT #16300]
|
||||
|
||||
1941. [bug] ncache_adderesult() should set eresult even if no
|
||||
rdataset is passed to it. [RT #15642]
|
||||
|
||||
--- 9.3.2 released ---
|
||||
|
||||
--- 9.3.2rc1 released ---
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: query.c,v 1.198.2.13.4.36 2005/08/11 05:25:20 marka Exp $ */
|
||||
/* $Id: query.c,v 1.198.2.13.4.36.6.1 2006/08/17 07:12:31 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@ -2393,7 +2393,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
is_zone = ISC_FALSE;
|
||||
|
||||
qtype = event->qtype;
|
||||
if (qtype == dns_rdatatype_rrsig)
|
||||
if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
|
||||
type = dns_rdatatype_any;
|
||||
else
|
||||
type = qtype;
|
||||
@ -2434,7 +2434,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
/*
|
||||
* If it's a SIG query, we'll iterate the node.
|
||||
*/
|
||||
if (qtype == dns_rdatatype_rrsig)
|
||||
if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
|
||||
type = dns_rdatatype_any;
|
||||
else
|
||||
type = qtype;
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: resolver.c,v 1.218.2.18.4.56 2005/10/14 01:38:48 marka Exp $ */
|
||||
/* $Id: resolver.c,v 1.218.2.18.4.56.4.1 2006/08/17 07:12:31 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@ -762,7 +762,8 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result) {
|
||||
INSIST(result != ISC_R_SUCCESS ||
|
||||
dns_rdataset_isassociated(event->rdataset) ||
|
||||
fctx->type == dns_rdatatype_any ||
|
||||
fctx->type == dns_rdatatype_rrsig);
|
||||
fctx->type == dns_rdatatype_rrsig ||
|
||||
fctx->type == dns_rdatatype_sig);
|
||||
|
||||
isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
|
||||
}
|
||||
@ -3188,7 +3189,8 @@ validated(isc_task_t *task, isc_event_t *event) {
|
||||
if (hevent != NULL) {
|
||||
if (!negative && !chaining &&
|
||||
(fctx->type == dns_rdatatype_any ||
|
||||
fctx->type == dns_rdatatype_rrsig)) {
|
||||
fctx->type == dns_rdatatype_rrsig ||
|
||||
fctx->type == dns_rdatatype_sig)) {
|
||||
/*
|
||||
* Don't bind rdatasets; the caller
|
||||
* will iterate the node.
|
||||
@ -3306,7 +3308,8 @@ validated(isc_task_t *task, isc_event_t *event) {
|
||||
if (!ISC_LIST_EMPTY(fctx->validators)) {
|
||||
INSIST(!negative);
|
||||
INSIST(fctx->type == dns_rdatatype_any ||
|
||||
fctx->type == dns_rdatatype_rrsig);
|
||||
fctx->type == dns_rdatatype_rrsig ||
|
||||
fctx->type == dns_rdatatype_sig);
|
||||
/*
|
||||
* Don't send a response yet - we have
|
||||
* more rdatasets that still need to
|
||||
@ -3455,14 +3458,15 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
|
||||
return (result);
|
||||
anodep = &event->node;
|
||||
/*
|
||||
* If this is an ANY or SIG query, we're not going
|
||||
* to return any rdatasets, unless we encountered
|
||||
* If this is an ANY, SIG or RRSIG query, we're not
|
||||
* going to return any rdatasets, unless we encountered
|
||||
* a CNAME or DNAME as "the answer". In this case,
|
||||
* we're going to return DNS_R_CNAME or DNS_R_DNAME
|
||||
* and we must set up the rdatasets.
|
||||
*/
|
||||
if ((fctx->type != dns_rdatatype_any &&
|
||||
fctx->type != dns_rdatatype_rrsig) ||
|
||||
fctx->type != dns_rdatatype_rrsig &&
|
||||
fctx->type != dns_rdatatype_sig) ||
|
||||
(name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
|
||||
ardataset = event->rdataset;
|
||||
asigrdataset = event->sigrdataset;
|
||||
@ -3521,7 +3525,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
|
||||
*/
|
||||
if (secure_domain && rdataset->trust != dns_trust_glue) {
|
||||
/*
|
||||
* SIGs are validated as part of validating the
|
||||
* RRSIGs are validated as part of validating the
|
||||
* type they cover.
|
||||
*/
|
||||
if (rdataset->type == dns_rdatatype_rrsig)
|
||||
@ -3591,7 +3595,8 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
|
||||
|
||||
if (ANSWER(rdataset) && need_validation) {
|
||||
if (fctx->type != dns_rdatatype_any &&
|
||||
fctx->type != dns_rdatatype_rrsig) {
|
||||
fctx->type != dns_rdatatype_rrsig &&
|
||||
fctx->type != dns_rdatatype_sig) {
|
||||
/*
|
||||
* This is The Answer. We will
|
||||
* validate it, but first we cache
|
||||
@ -3763,23 +3768,28 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
||||
isc_result_t *eresultp)
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_rdataset_t rdataset;
|
||||
|
||||
if (ardataset == NULL) {
|
||||
dns_rdataset_init(&rdataset);
|
||||
ardataset = &rdataset;
|
||||
}
|
||||
result = dns_ncache_add(message, cache, node, covers, now,
|
||||
maxttl, ardataset);
|
||||
if (result == DNS_R_UNCHANGED) {
|
||||
if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
|
||||
/*
|
||||
* The data in the cache are better than the negative cache
|
||||
* entry we're trying to add.
|
||||
* If the cache now contains a negative entry and we
|
||||
* care about whether it is DNS_R_NCACHENXDOMAIN or
|
||||
* DNS_R_NCACHENXRRSET then extract it.
|
||||
*/
|
||||
if (ardataset != NULL && ardataset->type == 0) {
|
||||
if (ardataset->type == 0) {
|
||||
/*
|
||||
* The cache data is also a negative cache
|
||||
* entry.
|
||||
* The cache data is a negative cache entry.
|
||||
*/
|
||||
if (NXDOMAIN(ardataset))
|
||||
*eresultp = DNS_R_NCACHENXDOMAIN;
|
||||
else
|
||||
*eresultp = DNS_R_NCACHENXRRSET;
|
||||
result = ISC_R_SUCCESS;
|
||||
} else {
|
||||
/*
|
||||
* Either we don't care about the nature of the
|
||||
@ -3791,14 +3801,11 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
||||
* XXXRTH There's a CNAME/DNAME problem here.
|
||||
*/
|
||||
*eresultp = ISC_R_SUCCESS;
|
||||
result = ISC_R_SUCCESS;
|
||||
}
|
||||
} else if (result == ISC_R_SUCCESS) {
|
||||
if (NXDOMAIN(ardataset))
|
||||
*eresultp = DNS_R_NCACHENXDOMAIN;
|
||||
else
|
||||
*eresultp = DNS_R_NCACHENXRRSET;
|
||||
result = ISC_R_SUCCESS;
|
||||
}
|
||||
if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset))
|
||||
dns_rdataset_disassociate(ardataset);
|
||||
|
||||
return (result);
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# $Id: version,v 1.26.2.17.2.21 2005/12/14 00:43:14 marka Exp $
|
||||
# $Id: version,v 1.26.2.17.2.21.4.1 2006/08/17 07:12:31 marka Exp $
|
||||
#
|
||||
# This file must follow /bin/sh rules. It is imported directly via
|
||||
# configure.
|
||||
@ -6,5 +6,5 @@
|
||||
MAJORVER=9
|
||||
MINORVER=3
|
||||
PATCHVER=2
|
||||
RELEASETYPE=
|
||||
RELEASEVER=
|
||||
RELEASETYPE=-P
|
||||
RELEASEVER=1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user