upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-18 08:41:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/contrib/bind9/lib/dns/include/dns/opcode.h
Doug Barton 37bb75f740 Upgrade to 9.6-ESV-R4-P1, which address the following issues: 
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
2011-05-28 00:21:28 +00:00

51 lines
1.5 KiB
C
Raw Blame History

/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: opcode.h,v 1.8 2007-06-19 23:47:17 tbox Exp $ */
#ifndef DNS_OPCODE_H
#define DNS_OPCODE_H 1
/*! \file dns/opcode.h */
#include <isc/lang.h>
#include <dns/types.h>
ISC_LANG_BEGINDECLS
isc_result_t dns_opcode_totext(dns_opcode_t opcode, isc_buffer_t *target);
/*%<
* Put a textual representation of error 'opcode' into 'target'.
*
* Requires:
*\li 'opcode' is a valid opcode.
*
*\li 'target' is a valid text buffer.
*
* Ensures:
*\li If the result is success:
* The used space in 'target' is updated.
*
* Returns:
*\li #ISC_R_SUCCESS on success
*\li #ISC_R_NOSPACE target buffer is too small
*/
ISC_LANG_ENDDECLS
#endif /* DNS_OPCODE_H */
Reference in a new issue View git blame Copy permalink