90 lines
3.0 KiB
Diff
90 lines
3.0 KiB
Diff
The patch to fix CVE-2011-4313
|
|
|
|
Upstream-Status: Backport
|
|
|
|
Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
|
|
|
|
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
|
|
through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
|
|
through 9.9.0b1 allows remote attackers to cause a denial of service
|
|
(assertion failure and named exit) via unknown vectors related to recursive DNS
|
|
queries, error logging, and the caching of an invalid record by the resolver.
|
|
|
|
Signed-off-by Ming Liu <ming.liu@windriver.com>
|
|
---
|
|
bin/named/query.c | 19 ++++++++-----------
|
|
lib/dns/rbtdb.c | 4 ++--
|
|
2 files changed, 10 insertions(+), 13 deletions(-)
|
|
|
|
--- a/bin/named/query.c
|
|
+++ b/bin/named/query.c
|
|
@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
|
|
goto addname;
|
|
if (result == DNS_R_NCACHENXRRSET) {
|
|
dns_rdataset_disassociate(rdataset);
|
|
- /*
|
|
- * Negative cache entries don't have sigrdatasets.
|
|
- */
|
|
- INSIST(sigrdataset == NULL ||
|
|
- ! dns_rdataset_isassociated(sigrdataset));
|
|
+ if (sigrdataset != NULL &&
|
|
+ dns_rdataset_isassociated(sigrdataset))
|
|
+ dns_rdataset_disassociate(sigrdataset);
|
|
}
|
|
if (result == ISC_R_SUCCESS) {
|
|
mname = NULL;
|
|
@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
|
|
goto addname;
|
|
if (result == DNS_R_NCACHENXRRSET) {
|
|
dns_rdataset_disassociate(rdataset);
|
|
- INSIST(sigrdataset == NULL ||
|
|
- ! dns_rdataset_isassociated(sigrdataset));
|
|
+ if (sigrdataset != NULL &&
|
|
+ dns_rdataset_isassociated(sigrdataset))
|
|
+ dns_rdataset_disassociate(sigrdataset);
|
|
}
|
|
if (result == ISC_R_SUCCESS) {
|
|
mname = NULL;
|
|
@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
|
|
goto setcache;
|
|
if (result == DNS_R_NCACHENXRRSET) {
|
|
dns_rdataset_disassociate(rdataset);
|
|
- /*
|
|
- * Negative cache entries don't have sigrdatasets.
|
|
- */
|
|
- INSIST(! dns_rdataset_isassociated(sigrdataset));
|
|
+ if (dns_rdataset_isassociated(sigrdataset))
|
|
+ dns_rdataset_disassociate(sigrdataset);
|
|
}
|
|
if (result == ISC_R_SUCCESS) {
|
|
/* Remember the result as a cache */
|
|
--- a/lib/dns/rbtdb.c
|
|
+++ b/lib/dns/rbtdb.c
|
|
@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
|
|
rdataset);
|
|
if (need_headerupdate(found, search.now))
|
|
update = found;
|
|
- if (foundsig != NULL) {
|
|
+ if (!NEGATIVE(found) && foundsig != NULL) {
|
|
bind_rdataset(search.rbtdb, node, foundsig, search.now,
|
|
sigrdataset);
|
|
if (need_headerupdate(foundsig, search.now))
|
|
@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
|
|
}
|
|
if (found != NULL) {
|
|
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
|
|
- if (foundsig != NULL)
|
|
+ if (!NEGATIVE(found) && foundsig != NULL)
|
|
bind_rdataset(rbtdb, rbtnode, foundsig, now,
|
|
sigrdataset);
|
|
}
|
|
@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
|
|
}
|
|
if (found != NULL) {
|
|
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
|
|
- if (foundsig != NULL)
|
|
+ if (!NEGATIVE(found) && foundsig != NULL)
|
|
bind_rdataset(rbtdb, rbtnode, foundsig, now,
|
|
sigrdataset);
|
|
}
|