upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 03:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

3218. [security] Cache lookup could return RRSIG data associated with

Browse source 
nonexistent records, leading to an assertion
			failure. [RT #26590]
This commit is contained in:
Evan Hunt 2011-11-16 09:44:32 +00:00
parent 57df4a6213
commit 7c6a1a11fa
3 changed files with 16 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]

21
bin/named/query.c
View file

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.377 2011/10/28 11:46:49 marka Exp $ */
/* $Id: query.c,v 1.378 2011/11/16 09:44:31 each Exp $ */
/*! \file */
@ -1381,11 +1381,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
/*
* Negative cache entries don't have sigrdatasets.
*/
INSIST(sigrdataset == NULL ||
! dns_rdataset_isassociated(sigrdataset));
if (sigrdataset != NULL &&
dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@ -1426,8 +1424,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
INSIST(sigrdataset == NULL ||
! dns_rdataset_isassociated(sigrdataset));
if (sigrdataset != NULL &&
dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
mname = NULL;
@ -1885,10 +1884,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto setcache;
if (result == DNS_R_NCACHENXRRSET) {
dns_rdataset_disassociate(rdataset);
/*
* Negative cache entries don't have sigrdatasets.
*/
INSIST(! dns_rdataset_isassociated(sigrdataset));
if (dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset);
}
if (result == ISC_R_SUCCESS) {
/* Remember the result as a cache */

6
lib/dns/rbtdb.c
View file

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rbtdb.c,v 1.320 2011/11/08 20:49:11 marka Exp $ */
/* $Id: rbtdb.c,v 1.321 2011/11/16 09:44:32 each Exp $ */
/*! \file */
@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
rdataset);
if (need_headerupdate(found, search.now))
update = found;
if (foundsig != NULL) {
if (!NEGATIVE(found) && foundsig != NULL) {
bind_rdataset(search.rbtdb, node, foundsig, search.now,
sigrdataset);
if (need_headerupdate(foundsig, search.now))
@ -5686,7 +5686,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
}
if (found != NULL) {
bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
if (foundsig != NULL)
if (!NEGATIVE(found) && foundsig != NULL)
bind_rdataset(rbtdb, rbtnode, foundsig, now,
sigrdataset);
}