Import named-4.9.3-patch1

This is a small fix, as a result of talking to Ultrix Hesiod-enabled named's. Apparently there are some buffer overruns causing data mangling.
1996-01-22 04:55:42 +00:00 · 1996-01-22 04:55:42 +00:00 · ebcbc731ab
commit ebcbc731ab
parent ffa065a6d4
4 changed files with 2825 additions and 5 deletions
--- a/usr.sbin/named/CHANGES
+++ b/usr.sbin/named/CHANGES
--- a/usr.sbin/named/OPTIONS
+++ b/usr.sbin/named/OPTIONS
@ -0,0 +1,411 @@
+OPTIONS
+    Original: Paul Vixie, 28Mar92
+    Revised: $Id: OPTIONS,v 8.5 1995/12/29 21:08:13 vixie Exp $
+
+Options available in this version of BIND are controlled by conf/options.h,
+rather than by $(DEFS) in the Makefile.  The options are:
+
+DEBUG (origin: U C Berkeley)
+	enables the -d command line option, and allows SIGUSR1 to increment
+and SIGUSR2 to clear the internal variable "debug", which in turn controls
+hundreds of fprintf()'s out to /usr/tmp/named.run.
+	you probably want this.  it makes the binary bigger but not slower (or
+at least not much slower), but SIGUSR[12] are the only way you'll track down
+misconfigured name servers that hose you down with billions of bogus requests.
+	you may need this, it is on by default.
+
+ALLOW_T_UNSPEC (origin: MIT Project Athena)
+	enables the "unspec" RR type for ancient Athena software that does not
+know about TXT RR's.
+	you probably do not care about this, it is off by default.
+
+ALLOW_UPDATES (origin: Mike Schwartz, University of Washington)
+	enables "dynamic updates", described in "doc/DynamicUpdate".  this lets
+you update named's in-memory database on the fly if you have the right client.
+there is absolutely no security around this; if you enable it, anyone who can
+reach your server can update your database.
+	this code doesn't compile any more and will be removed shortly.
+
+INVQ (origin: U C Berkeley, with #ifdef's by Paul Vixie)
+	enables "inverse queries", which in all of the internet only one
+client ever uses: ancient nslookup.  if you build named with INVQ defined,
+you get the time-honored behaviour of supporting this whole class of queries
+for no real purpose other than to waste a few hundred kilobytes of your
+memory and about 3% of named's total CPU time.  if you build with INVQ
+undefined, old nslookups will not be able to reach your server in their
+startup phase, and you will have to use the "server" command after it fails
+over to some other server, or use "nslookup - 0" to get in from the shell.
+	you probably do not want this.
+
+DSTORAGE (origin: U C Berkeley, with #ifdef's by Paul Vixie)
+	enables a malloc-debugger that checks for overruns on both ends of
+each allocated block of memory.  used when debugging since C has no bounds
+or type checking.
+	you probably do not want this, it is off by default.
+
+DMALLOC (origin: Paul Vixie of Digital)
+	enables a malloc-debugger that traces all allocated blocks of memory
+such that SIGIOT's output (see STATS option) includes a list of all mallocs
+in the program, how many times each has been called, how many blocks of memory
+allocated by that malloc are not yet free, and how many bytes they use up.
+under each one will be a list of each free/realloc that has deallocated a block
+of that malloc's memory, and how many times it has done so.
+	this is extremely helpful for finding memory leaks.  as such, you
+probably do not want this unless you are debugging named.
+	you probably do not need this, it is off by default.
+
+XFRNETS (origin: Paul Vixie of Digital)
+	enables the "xfrnets" command in named.boot.  this has the same
+syntax as "forwarders" and "sortlist" -- that is, a list of dotted quads.
+each one is a network (16.0.0.0 and 130.180.0.0 are examples) or a host.
+if you put any xfrnets commands into your named.boot, then zone transfers
+will only be honored if they come from inside one of the specified
+networks.  this is very useful if you want to keep people outside from
+being able to trivially map your entire network, but it doesn't stop them
+from iterating so it's more annoying than secure.
+	this feature was once called "tcplist" out of ignorance on my part,
+but with advice from phil almquist i decided to rename it "xfrnets" and make
+it only control zone transfers -- previously it controlled all TCP connections
+which made certain TCP-only resolvers unable to use our servers.  the "tcplist"
+syntax still works; it is a synonym for "xfrnets".
+	it is also nice if you want to keep the outside world from making your
+nameserver fork and swap trying to do unauthorized zone transfers. if you have 
+large zone files or use BIND for TXT records you will find this useful.
+	you probably want this, it is on by default.
+
+PID_FIX (origin: Don Lewis of Harris)
+	tells named that if it starts up but can't keep going because another
+nameserver is already running (and sitting on the server port), it should
+put the /etc/named.pid (/var/run/named.pid) file back the way it found it.
+	you probably want this, it is on by default.
+
+FWD_LOOP (origin: Don Lewis of Harris)
+	tells named that if you list any of your own IP addresses in a
+"forwarders" command in your named.boot file, you should be scolded.
+	you probably want this, it is on by default.
+
+NO_GLUE (origin: Don Lewis of Harris, and Andrew Partan of UUNET)
+	tells named-xfer that incoming zone transfers should be checked
+for "glue" that comes from a zone outside the zone being transfered, and
+comment this garbage out in the zone file so that when named reads in the
+zone file after named-xfer exits, the garbage will not be entered into the
+memory-resident database.
+	also tells named that when it is performing an outgoing zone
+transfer, it should not send any of these "glue" records.
+	you definitely want this, it is on by default.
+
+BOGUSNS (origin: Piet Beertema of EUNet)
+	enables the "bogusns" command in named.boot.  this has the same
+syntax as forwarders and sortlist.  any NS RR's that come in whose addresses
+are on the list of "bogusns" addresses will be ignored.  this is the last
+resort when someone is bogusly advertising themselves as a root server.
+	just in case, though you won't use it often.
+	you probably want this, it is on by default.
+
+QRYLOG (origin: Bryan Beecher of UMich)
+	enables "query logging", such that SIGWINCH toggles tracing of all
+incoming queries.  the trace is sent to syslog, and is huge, but when you
+need this you will need it bad and it does not slow named down or make it
+larger.
+	If you define QRYLOG you may also start up named in query logging
+mode by using the -q flag.  If you do so you will probably want to analyze
+the logs produced, the dnsstats and lamers scrips (in the contrib/umich
+and contrib/lamers directories) will do it for you.
+	you probably want this, it is on by default.
+
+LOGFAC (origin: various people)
+	If you start up named with the -q flag you will be logging
+large amounts of data, and probably will not want them logged to the
+default logging facility, which is LOG_DAEMON.  You will want to
+redefine LOGFAC, presumably to LOC_LOCALn (0 <= n <= 7).  Remember to
+modify /etc/syslog.conf appropriately.
+	This only works on a system with a modern syslogd.
+	as such, it is on by default.
+
+YPKLUDGE (origin: Piet Beertema of EUNet)
+	certain versions of NIS/YP are capable of using the DNS for names
+that cannot be found in the YP servers.  of these, certain versions can't
+tell the difference between a dotted quad and a domain name, and they send
+queries to the DNS for dotted quads as if they were domain names.  if your
+named does not do anything special with these queries, they will end up
+getting forwarded to other servers, effectively hosing all of you down with
+endless useless network traffic.  YPKLUDGE enables some checking in named
+that lets it catch these bogus queries and send back immediate errors.
+	If you run "ypserv -i" you definitely want this, as a malconfigured
+NIS server can cause DNS "flood" queries otherwise. Trust me.
+	this is off by default.
+
+TRACEROOT (origin: pma@cnd.hp.com and Bryan Beecher of UMich)
+	enables some checking in named for bogus root nameservers.  This
+code has been in use at U-M for years, so it is pretty well tested, plus we
+have never been burned by the "bogus root NS scares" that have plagued the
+DNS off and on.
+	this feature people will very much want to use, it is on by default.
+
+LOCALDOM (origin: Berkeley)
+	if set, the "domain" directive is recognized in the named.boot file.
+this causes us to retry queries with the specified domain appended to the
+name if the first lookup fails.  this is a very bad idea since a given name
+server will often be used by clients in more than one domain -- a name server
+should _not_ make any presumptions as to the "home domain" of a requestor.
+	you almost certainly do not want this, it is off by default.
+
+SLAVE_FORWARD (origin: pma@sdd.hp.com)
+	if set, "slave" servers behave in an arguably more-correct way.  this
+is an experimental addition to BIND 4.9 that causes slaves to time out queries
+in 60/N seconds where N is the number of forwarders defined.  previously a
+query would time out almost immediately, which caused a lot of unnecessary
+network traffic.
+	you probably want this, it is on by default.
+
+FORCED_RELOAD (origin: pma@sdd.hp.com)
+	if set, then when a HUP signal is received, all secondary zones are
+scheduled for serial-number comparison with the primaries.  this has the effect
+that if you HUP your server, it will refresh any zones which have changed,
+even if those zones' refresh times have not been reached.
+	you probably want this, it is on by default.
+
+WANT_PIDFILE (origin: berkeley, parameterized by arc@sgi)
+	if set, a file called named.pid will be created in /etc or /var/run
+when the name server has started.  this file can be used to send signals to
+BIND, as in "kill -HUP `cat /etc/named.pid`".
+	unless you are only on an SGI (where killall(1M) makes the pid file 
+unnecessary); 
+	you probably want this, it is on by default.
+
+DOTTED_SERIAL (origin: berkeley; parameterized by vixie)
+	if set, allows a somewhat arcane n.m syntax in the serial number
+field of an SOA.  this is officially deprecated for 4.9; you should use
+straight integer values and find an encoding that does not depend on 
+scaled-integer pseudodecimals.  i suggest YYYYMMDDnn where YYYY is the
+four-digit year, MM is the two-digit month, DD is the two-digit day-of-month,
+and nn is a daily version number in case you change your serial number more
+than once in a day.  this encoding will overflow in the year 4294 gregorian.
+	you almost certainly do not want this, but if you have old zone files
+lying around and you don't want to think your way through converting their
+serial numbers, this deprecated behaviour is available.
+	graciously, it is on by default.
+
+SENSIBLE_DOTS (origin: kagotani@cs.titech.ac.jp; parameterized by vixie)
+	if set, changes the semantics of an "n.m" serial number from
+		n*10^(3+int(0.9+log10(m))) + m
+to
+		n*10000+m
+	if you are using DOTTED_SERIAL in spite of its deprecated status,
+and you are interested in a more predictable and sensible interpretation of
+dotted numbers, then you probably want this.
+	it is off by default.
+
+VALIDATE (origin: USC/ISI)
+	enables a validation procedure to provide some security in an
+otherwise insecure environment. Any RRs are accepted from a server only if
+the server is authoritative over that domain. We consider a server
+authoritative (for validation purposes) for even the sub-domains that it has
+delegated to others. RRs are validated against the data we have in cache
+already. Invalid records are neither cached nor returned.
+	it is off by default because it is hopeless, and the code will all
+be ripped out of BIND in the near future.
+
+NCACHE (origin: USC/ISI)
+	enables negative caching. We cache only authoritative NXDOMAIN or
+authoritative NOERROR with zero RR count. Non-authoritative NXDOMAIN answers
+now contain NS records in the authority section. Non-authoritative NOERROR
+responses have no authority or additional records to differentiate them from
+referrals. They are cached for NTTL secs (currently 10 minutes) and are timed
+out when the ttl expires.
+	you probably want this, it is on by default.
+
+RESOLVSORT (origin: marka@syd.dms.csiro.au)
+	enable sorting of addresses returned by gethostbyname. Sorting order
+is specified by address/netmask pairs. This enables a host to override the
+sortlist specified in the nameserver.
+	you probably want this, it is on by default.
+
+STUBS (origin: marka@syd.dms.csiro.au)
+	enable transfer and loading of NS records only for a zone.
+still experimental. it won't hurt to enable it, but it may not work perfectly 
+so using it could lead to some confusion.  
+	you probably don't care, it is on by default.
+
+SUNSECURITY (origin: rossc@ucc.su.oz.au)
+  	enable checking of PTR records in gethostbyaddr() to detect
+spoofing.  Forced on SunOS 4 shared library as rlogin etc. depend on this.
+	you should probably not set this by hand.
+
+SECURE_ZONES (origin: gshapiro@guest.wpi.edu)
+	enables support for secure zones.  This restricts access to
+information in the zone according to the information found in the
+secure_zone TXT RR found in the zone.  If none is found, the zone is
+world-readable.  For information on the format of the secure_zone TXT
+RR, see the Name Server Operations Guide for BIND.
+	you probably want this, it is on by default.
+
+ROUND_ROBIN (origin: Marshall Rose of TPC.INT)
+	if set, causes the databuf list in a namebuf to be rotated by one
+slot after each access to it.  this has the effect that if multiple RR's
+of a given type are present, they will be given in "round robin" order 
+instead of always being given in the same order.
+	you probably want this, it is on by default.
+
+ADDAUTH (origin: marka@syd.dms.csiro.au)
+	if set, cause NS and glue A records to be returned with authoritative
+answers.  this causes slightly larger replies but less DNS traffic overall.
+	unless you have Mac's with an older version of Mac/TCP;
+	you probably want this, it is on by default.
+
+RFC1535 (origin: paul@vix.com)
+	if set, the resolver's default "search" list will be just the entire
+"domain" name rather than the sliding window it had before 4.9.2.  this will
+make the default search list shorter, so folks who are saying "domain a.b.c"
+and relying on the implicit "search a.b.c a.b c" will miss "a.b" and "c".
+	this option is on for compatibility with RFC 1535.  
+	you should NOT turn it off, it is on by default.
+
+GEN_AXFR (origin: mark@comp.vuw.ac.nz, tytso@ATHENA.MIT.EDU, gdmr@dcs.ed.ac.uk)
+	if set, allows specification of zones in classes other than "IN" in
+the named.boot file. Allows an optional "/class" on the "primary" and
+"secondary" directives.  Also fixes zone transfers so only data in the class
+requested is transfered.
+	you probably want this, it is on by default.
+
+DATUMREFCNT (origin: mark andrews)
+	you want this.  it will not be optional in future releases.
+
+LAME_DELEGATION (origin: don lewis; reworked by bryan beecher and don lewis)
+	this will detect the condition where some other server has told you 
+that a given set of servers is authoritative for some domain, and at least 
+one of those "delegated" servers disagrees (i.e., answers non-authoritatively).
+	you probably want this, it is on by default.
+
+LAME_LOGGING (origin: don lewis)
+	enable logging of lame delegations and set the log level
+	you may want this, it is on by default.
+
+RETURNSOA (origin: mark andrews)
+	This allows negative caching to work. Without this, older
+pre-4.9.3 nameservers will not accept -ve cached anwsers.  We actually
+store the SOA record from the authority section rather that what was
+requested because it is the existence of the NXDOMAIN that matters not
+the type of data. The zone of the SOA record is tagged to the end of
+the SOA record to allow it to be reconstructed.
+	You probably DO NOT WANT THIS, it's experimental and dangerous.
+	it is off by default.
+
+CLEANCACHE (origin: mark andrews)
+	Bind consumes memory without bound without this option. This
+patch allows bind to periodically remove any stale entries in the
+cache.  Bind's memory usage should stabilize after approximately 1 day of
+operation, as most TTL's are <= 1 day. Without this option stale entries
+are only removed when they are looked up.
+	You probably want this, it is on by default.
+
+PURGE_ZONE (origin: mark andrews)
+	Various junk below a zone tends to hang around and corrupt future
+zone data if a zone grows deeper.  PURGE_ZONE will remove all traces of or
+data which could be part of zone before loading a new one.
+	You probably want this, it is on by default.
+
+STATS (origin: Paul Vixie)
+	Named's internal statistics can take a fair amount of memory and
+if you aren't interested in looking at these numbers you should disable
+the feature. Future versions may require this.
+	You probably want this, it is on by default.
+
+RENICE (origin: bp@deins.informatik.uni-dortmund.de)
+	if set, the process priority of the AXFR subprocesses is changed to
+"normal". If you are planning to raise the priority of the main nameserver
+process, you will use this.
+	You probably want this, it is on by default.
+
+GETSER_LOGGING (origin: Paul Vixie)
+	if set, errors that occur during the fetch of serial numbers for zone
+transfer consideration will be syslog()'d.  this can lead to a lot of logging,
+but is very helpful if you don't know why a zone isn't transfering.
+	You may not want this, but it is on by default.
+
+SHORT_FNAMES (origin: pma@sdd.hp.com)
+	on systems whose file names can only be 14 characters long, the temp
+files created by named-xfer need to be constructed somewhat differently.  this
+should probably become the default since it is harmless.
+	you probably don't care one way or the other, it is off by default.
+
+XSTATS (origin: Benoit.Grange@inria.fr)
+	if set, the name server keeps more STATS about requests
+received, and logs to syslog total counters from time to time. If you
+aren't interested in looking at these numbers you should disable the
+feature. Requires STATS.
+	You may want this, it is on by default.
+
+BIND_NOTIFY (origin: paul@vix.com)
+	experimental at this time; an internet draft is circulating.  this
+option informs slaves ("secondary" servers in BIND's erroneous terminology)
+instantly when the master (primary, or another slave) loads a new zone.  it
+works fine and seems to cause no problems with slaves that don't support it,
+but it does not implement the current internet draft (it lacks some necessary
+delays) and causes a lot of extra syslog traffic, especially at startup.  if
+you don't mind running code that will absolutely NOT be compatible with the
+eventual standard when the RFC is released, go ahead and turn this on.
+	vendors should not enable this in versions shipped to customers.
+	You will want this when it becomes compliant, it is off by default.
+
+LOC_RR (origin: ckd@kei.com)
+        incorporates support for the LOC RR type, currently in the
+internet-draft stage.
+        you don't want this yet, it is off by default.
+
+SORT_RESPONSE (legacy)
+	should responses be sorted in what the server considers an optimal
+order for the client?  this is on by default but it does very little good.
+
+## ++Copyright++ 1989
+## -
+## Copyright (c) 1989
+##    The Regents of the University of California.  All rights reserved.
+## 
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions
+## are met:
+## 1. Redistributions of source code must retain the above copyright
+##    notice, this list of conditions and the following disclaimer.
+## 2. Redistributions in binary form must reproduce the above copyright
+##    notice, this list of conditions and the following disclaimer in the
+##    documentation and/or other materials provided with the distribution.
+## 3. All advertising materials mentioning features or use of this software
+##    must display the following acknowledgement:
+## 	This product includes software developed by the University of
+## 	California, Berkeley and its contributors.
+## 4. Neither the name of the University nor the names of its contributors
+##    may be used to endorse or promote products derived from this software
+##    without specific prior written permission.
+## 
+## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+## ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+## -
+## Portions Copyright (c) 1993 by Digital Equipment Corporation.
+## 
+## Permission to use, copy, modify, and distribute this software for any
+## purpose with or without fee is hereby granted, provided that the above
+## copyright notice and this permission notice appear in all copies, and that
+## the name of Digital Equipment Corporation not be used in advertising or
+## publicity pertaining to distribution of the document or software without
+## specific, written prior permission.
+## 
+## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+## SOFTWARE.
+## -
+## --Copyright--
--- a/usr.sbin/named/ns_main.c
+++ b/usr.sbin/named/ns_main.c
@ -1,6 +1,6 @@
 #if !defined(lint) && !defined(SABER)
 static char sccsid[] = "@(#)ns_main.c	4.55 (Berkeley) 7/1/91";
-static char rcsid[] = "$Id: ns_main.c,v 8.12 1995/12/29 07:16:18 vixie Exp $";
+static char rcsid[] = "$Id: ns_main.c,v 8.13 1996/01/09 20:23:55 vixie Exp $";
 #endif /* not lint */

 /*
@ -652,7 +652,8 @@ main(argc, argv, envp)
 		        for (udpcnt = 0; udpcnt < 42; udpcnt++) {  /*XXX*/
 			    int from_len = sizeof(from_addr);

-			    if ((n = recvfrom(dqp->dq_dfd, (char *)buf, sizeof(buf), 0,
+			    if ((n = recvfrom(dqp->dq_dfd, (char *)buf,
+					      MIN(PACKETSZ, sizeof buf), 0,
 				(struct sockaddr *)&from_addr, &from_len)) < 0)
 			    {
 #if defined(SPURIOUS_ECONNREFUSED)
--- a/usr.sbin/named/ns_resp.c
+++ b/usr.sbin/named/ns_resp.c
@ -1,6 +1,6 @@
 #if !defined(lint) && !defined(SABER)
 static char sccsid[] = "@(#)ns_resp.c	4.65 (Berkeley) 3/3/91";
-static char rcsid[] = "$Id: ns_resp.c,v 8.18 1995/12/29 21:08:13 vixie Exp $";
+static char rcsid[] = "$Id: ns_resp.c,v 8.19 1996/01/09 20:23:55 vixie Exp $";
 #endif /* not lint */

 /*
@ -944,10 +944,10 @@ ns_resp(msg, msglen)
 	 */
 	if ((!restart || !cname) && qp->q_cmsglen && ancount) {
 		dprintf(1, (ddt, "Cname second pass\n"));
-		newmsglen = qp->q_cmsglen;
+		newmsglen = MIN(PACKETSZ, qp->q_cmsglen);
 		bcopy(qp->q_cmsg, newmsg, newmsglen);
 	} else {
-		newmsglen = msglen;
+		newmsglen = MIN(PACKETSZ, msglen);
 		bcopy(msg, newmsg, newmsglen);
 	}
 	hp = (HEADER *) newmsg;