upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-22 10:10:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix NULL Pointer Dereference in QP-trie Cache add()

Browse source 
When RRSIG(rdtype) was independently cached before the RDATA for the
rdtype itself, named would crash on the subsequent query for the RDATA
itself.  This has been fixed.

ISC would like to thank Vitaly Simonovich for bringing this
vulnerability to our attention.
This commit is contained in:
Ondřej Surý 2026-02-07 05:19:48 +01:00
parent b5837eba31
commit 53b2bddd65
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/dns/qpcache.c
View file

@ -2964,8 +2964,8 @@ add(qpcache_t *qpdb, qpcnode_t *qpnode, dns_slabheader_t *newheader,
if (EXISTS(newheader) && NEGATIVE(newheader) &&
!dns_rdatatype_issig(rdtype) && related != NULL)
{
dns_slabheader_t *oldsigheader = first_header(oldtop->related);
mark_ancient(oldsigheader);
dns_slabheader_t *relatedheader = first_header(related);
mark_ancient(relatedheader);
}
bindrdataset(qpdb, qpnode, newheader, now, nlocktype, tlocktype,