From 843bd4156ea230ebc6615c51fd504619c1c3e81c Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Tue, 13 Jun 2017 14:25:47 +0000 Subject: [PATCH] - Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. - 1.6.3 tag created, with only #1280 fix, trunk is 1.6.4 development. git-svn-id: file:///svn/unbound/trunk@4224 be551aaa-1e26-0410-a405-d3ace91eadb9 --- configure | 25 +++++++++++++------------ configure.ac | 5 +++-- doc/Changelog | 4 ++++ services/outside_network.c | 2 +- testdata/fwd_malformed.tpkg | Bin 0 -> 1481 bytes 5 files changed, 21 insertions(+), 15 deletions(-) create mode 100644 testdata/fwd_malformed.tpkg diff --git a/configure b/configure index c45f9ba8d..202dc7d6e 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.6.3. +# Generated by GNU Autoconf 2.69 for unbound 1.6.4. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.6.3' -PACKAGE_STRING='unbound 1.6.3' +PACKAGE_VERSION='1.6.4' +PACKAGE_STRING='unbound 1.6.4' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1437,7 +1437,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.6.3 to adapt to many kinds of systems. +\`configure' configures unbound 1.6.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1502,7 +1502,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.6.3:";; + short | recursive ) echo "Configuration of unbound 1.6.4:";; esac cat <<\_ACEOF @@ -1714,7 +1714,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.6.3 +unbound configure 1.6.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2423,7 +2423,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.6.3, which was +It was created by unbound $as_me 1.6.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2775,11 +2775,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=6 -UNBOUND_VERSION_MICRO=3 +UNBOUND_VERSION_MICRO=4 LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=2 +LIBUNBOUND_REVISION=3 LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2833,6 +2833,7 @@ LIBUNBOUND_AGE=5 # 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type # 1.6.2 had 7:1:5 # 1.6.3 had 7:2:5 +# 1.6.4 had 7:3:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -20641,7 +20642,7 @@ _ACEOF -version=1.6.3 +version=1.6.4 date=`date +'%b %e, %Y'` @@ -21160,7 +21161,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.6.3, which was +This file was extended by unbound $as_me 1.6.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21226,7 +21227,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.6.3 +unbound config.status 1.6.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 3652deecc..e908ff213 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[3]) +m4_define([VERSION_MICRO],[4]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=2 +LIBUNBOUND_REVISION=3 LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -72,6 +72,7 @@ LIBUNBOUND_AGE=5 # 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type # 1.6.2 had 7:1:5 # 1.6.3 had 7:2:5 +# 1.6.4 had 7:3:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary diff --git a/doc/Changelog b/doc/Changelog index fc2a67724..46ad6ec7d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,9 @@ 13 June 2017: Wouter - Fix #1279: Memory leak on reload when python module is enabled. + - Fix #1280: Unbound fails assert when response from authoritative + contains malformed qname. When 0x20 caps-for-id is enabled, when + assertions are not enabled the malformed qname is handled correctly. + - 1.6.3 tag created, with only #1280 fix, trunk is 1.6.4 development. 12 June 2017: Wouter - Fix #1278: Incomplete wildcard proof. diff --git a/services/outside_network.c b/services/outside_network.c index 89518ce19..c5d6782b3 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -1559,7 +1559,7 @@ serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen) return 0; while(len1 != 0 || len2 != 0) { if(LABEL_IS_PTR(len1)) { - d1 = sldns_buffer_at(pkt, PTR_OFFSET(len1, *d1)); + d1 = sldns_buffer_begin(pkt)+PTR_OFFSET(len1, *d1); if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt))) return 0; len1 = *d1++; diff --git a/testdata/fwd_malformed.tpkg b/testdata/fwd_malformed.tpkg new file mode 100644 index 0000000000000000000000000000000000000000..82a11ac23d8882be2813bd0bba3c1b47429af4c1 GIT binary patch literal 1481 zcmV;)1vdI0iwFR=qd!>y1MOICbJ|7_<}3Frw&1ao=}49YLKrt5+koq&33hA}r_**A zp*uh^=+u)GOr}4+djg49m&`b^Cyh3-bhmf+?7i*7u6kqI8QH@g7b8Yh>Wcl`R~HS% zvP}8bEmK>3Cz8`kx^7v9Ue?Mv4WE{k1M}-oWnH2mv;{zJ%%hNr`}=Kc|4ya1cK*v6 zhkLz;+K>lasg&w@`Im$z{DpeY9x=(E)U#rQUjCZ zi{M2gB^(H5)1U@A$-5pdzh^rPYlfw2_z$%{7hw&KFE6gz$0Q#GObI5zkoRlgagxXD z#GH@|#4HrBvrBvK5CIC2*X5B%Rn(x~83@k9X&;0To;_mI8s&<|L*?&?iHS1gjy)Xk zAe@3rV~*_y3f@%3r8StafM9uS3#xqP9>Yb=kW_?9T5L)Ms?s$aAGa^!=@$rj>ce;f z+2;Q=a2{-9oBx}dmH59A>vgNFRWkp73^}y}){4Dk>DxZ$T zK48u**iks(0_g(6fgOTiVI;f&QULI6=az*ksUwBRfekxEBkhQRUV>MV2iifcWY)?W z)SK6BF!0dH8yi^$|B#S?3KeeDx_W{y_oLUh(Rl+>N0fd{D5TCuK6<$q)<}Is8_Z{( zq$)BmowK1|BbQ=zajGvExr~WqMUOhtX6p?h>c~lScZT#OkuU8aV6;ZgYv|M$dYtkM-3ZZuoN(&HkS+v@0HD;5QC9+{jJ;6uFQ8HR#;#)5a zvlt!Ba@7Vn1Qn&Js;BZT)V7*pR2_$csp|(otEL6j18U;%k_nY=RYDqUiWXzMRn;2= zFmENy9K)eq1FD)XM{4@CfAYYpX;#6qE9pE^`SAH;ieYIcb}d=h^}w>>{xdlQ|E+pA z`8|3htTi~lTZHUGCNddB~cB1I@F%7$nM6s1Ut5b#Ji z3}ZZoq#ED`z$e@-nZ?0)z&vony+F2NK=lVGJ#_DVHS}-$Dt1$6BmRQj-2`YuJ6ge1 z4(96EJWd5%58^T^UAv1WeGI!?uRk-jJYdPnQWGJUSIrj%X&Mv3B2XT$CvIZSfJ5O3 zsN09}c&xHJd*lz9>hKZvmD=Mp?F7Y#op-I%i+8O?N2ZKxBj6uIWq>zD?obNuV1SG{ zvD5_xB5SzcDrz9EB*`!;=0m1Iwik?{Qogz zlmFwH|DU{Hm3GlRN8D3`0qL`_BW#cIQAfsuV30+hez9{kE0MFCMD^@hs)e6HfBt;t zr^^EuYXvwuTAj#r%p5f-ZR#sGAMa(n6Y{eaZj_w&ka|I9nv#*7*NxV7r;W*T>pG^U z1aAYIV`hGoaE@`btHbVebuSw)c79r%m{iOP_e^VK-!hP2g^?R$mcv9C6b5_2e*78m z&*S~QrLEZ8-%Hx3U)tgx$z)~gFR=d28IB<8#-(&CW;_{R47`zD4DI_uYL@tY2P^wY zR|Wq&2@o7DFm198=}Z^5VoAAB*|;T=!dG--+g&=VPUI()KW&>$MCupW{|Tbst^Ciw zef(E8*Z9AZ@&Dtt%u;aTF j67pNnEckzxoo13rCYfZCNhX