upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 16:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
2796 commits 23 branches 209 tags 123 MiB
Commit graph

352 commits

Author SHA1 Message Date
Wouter Wijngaards
416df19f6d - Fix use-after-free in out-of-memory handling code (thanks Jake 
Montgomery).


git-svn-id: file:///svn/unbound/trunk@2900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-05-16 07:36:37 +00:00
Wouter Wijngaards
fbedfb7429 - Robust checks on dname validity from rdata for dname compare. 
git-svn-id: file:///svn/unbound/trunk@2892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 10:28:25 +00:00
Wouter Wijngaards
ffab065d1e - includes and have_ssl fixes for nss. 
git-svn-id: file:///svn/unbound/trunk@2830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-30 13:15:03 +00:00
Wouter Wijngaards
ed6b39c095 fixup for doxygen 1.8.3 
git-svn-id: file:///svn/unbound/trunk@2827 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-28 13:44:38 +00:00
Matthijs Mekking
79ffc1ab81 Fix validation for responses with CNAME and wildcard expanded CNAME in 
ANSWER section.



git-svn-id: file:///svn/unbound/trunk@2777 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-29 14:06:00 +00:00
Wouter Wijngaards
a8e468fc67 - ignore trusted-keys globs that have no files (from Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2770 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-01 07:18:49 +00:00
Wouter Wijngaards
5e5e89b9f5 - RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled. 
git-svn-id: file:///svn/unbound/trunk@2753 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-30 12:02:53 +00:00
Wouter Wijngaards
07470115e5 - fix bogus nodata cname chain not reported as bogus by validator, 
(Thanks Peter van Dijk).


git-svn-id: file:///svn/unbound/trunk@2727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-27 13:38:00 +00:00
Wouter Wijngaards
f82edc1b64 - review fix for libnss, check hash prefix allocation size. 
git-svn-id: file:///svn/unbound/trunk@2723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-25 14:32:37 +00:00
Wouter Wijngaards
85c915f116 - fix missing break for GOST DS hash function. 
- make depend


git-svn-id: file:///svn/unbound/trunk@2721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-23 12:27:04 +00:00
Wouter Wijngaards
d4f49a7a40 - Fix validation of qtype DS queries that result in no data for 
non-optout NSEC3 zones.


git-svn-id: file:///svn/unbound/trunk@2712 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-06 13:56:44 +00:00
Wouter Wijngaards
097c70be91 - detect if openssl has FIPS_mode. 
git-svn-id: file:///svn/unbound/trunk@2703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-28 06:54:16 +00:00
Wouter Wijngaards
87ded67cb6 - disable RSAMD5 if in FIPS mode (for openssl and for libnss). 
git-svn-id: file:///svn/unbound/trunk@2702 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:13:44 +00:00
Wouter Wijngaards
98b6f90637 - disable RSAMD5 if in FIPS mode (when compiled with openssl). 
git-svn-id: file:///svn/unbound/trunk@2701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:02:52 +00:00
Wouter Wijngaards
b9ed797a22 Test for ECC support for libNSS. 
git-svn-id: file:///svn/unbound/trunk@2700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 15:20:56 +00:00
Wouter Wijngaards
25096aa3ab implement DNSSEC with libNSS: NSEC3, RSA, DSA, ECDSA, and DS hashes. 
make test succeeds.


git-svn-id: file:///svn/unbound/trunk@2699 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 14:31:29 +00:00
Wouter Wijngaards
cd8e4a0bc5 RSA with nss. 
git-svn-id: file:///svn/unbound/trunk@2697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 15:19:16 +00:00
Wouter Wijngaards
d051dfaf19 remove double free. 
git-svn-id: file:///svn/unbound/trunk@2696 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:01:34 +00:00
Wouter Wijngaards
f2da5c6867 - nss check for verification failure. 
git-svn-id: file:///svn/unbound/trunk@2695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:00:48 +00:00
Wouter Wijngaards
6ba973a8bd - fix error handling of alloc failure during rrsig verification. 
git-svn-id: file:///svn/unbound/trunk@2693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 07:22:01 +00:00
Wouter Wijngaards
ccf4099366 - work on --with-nss build option (for now, --with-libunbound-only). 
git-svn-id: file:///svn/unbound/trunk@2690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-20 15:11:53 +00:00
Wouter Wijngaards
15aacbe89b code review. 
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
Wouter Wijngaards
06a3f735d7 - The key-cache bad key ttl is now 60 seconds. 
git-svn-id: file:///svn/unbound/trunk@2685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-15 12:25:29 +00:00
Wouter Wijngaards
0a1195f690 - Protect if statements in val_anchor for compilate without locks. 
git-svn-id: file:///svn/unbound/trunk@2670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-16 10:54:52 +00:00
Wouter Wijngaards
2bf79c2e65 - Fix validation of nodata for DS query in NSEC zones, reported by 
Ondrej Mikle.


git-svn-id: file:///svn/unbound/trunk@2662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-02 11:58:27 +00:00
Wouter Wijngaards
773d8e3b84 Fix prefetch and stickyness. 
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
Wouter Wijngaards
682ff957ed lint and doxygen fixes. 
git-svn-id: file:///svn/unbound/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 10:08:07 +00:00
Wouter Wijngaards
718dcce317 fix race condition. 
git-svn-id: file:///svn/unbound/trunk@2625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 15:03:36 +00:00
Wouter Wijngaards
08835e01ee free unsupported trust anchors. 
git-svn-id: file:///svn/unbound/trunk@2624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:53:45 +00:00
Wouter Wijngaards
d64b14cff9 - unbound-control forward_add, forward_remove, stub_add, stub_remove 
can modify stubs and forwards for running unbound (on mobile computer)
  they can also add and remove domain-insecure for the zone.


git-svn-id: file:///svn/unbound/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:35:28 +00:00
Wouter Wijngaards
c352ee2e85 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem. 
git-svn-id: file:///svn/unbound/trunk@2608 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 16:40:46 +00:00
Wouter Wijngaards
924789d877 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This 
implementation is experimental at this time and not recommended
  for use on the public internet (the protocol numbers have not
  been assigned).  Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.


git-svn-id: file:///svn/unbound/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 13:22:44 +00:00
Wouter Wijngaards
8c2f658cd1 - fix for windows, rename() is not posix compliant on windows. 
git-svn-id: file:///svn/unbound/trunk@2605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-03 14:56:09 +00:00
Wouter Wijngaards
9c8ac75026 - Fix to write key files completely to a temporary file, and if that 
succeeds, replace the real key file.  So failures leave a useful file.


git-svn-id: file:///svn/unbound/trunk@2590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-19 14:17:22 +00:00
Wouter Wijngaards
2e26ec2d01 - Fix bug where canonical_compare of RRSIG did not downcase the 
signer-name.  This is mostly harmless because RRSIGs do not have
  to be sorted in canonical order, usually.


git-svn-id: file:///svn/unbound/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-17 09:06:18 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
Wouter Wijngaards
e0fd0ef80c - Fix to constrain signer_name to be a parent of the lookupname. 
git-svn-id: file:///svn/unbound/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-13 12:37:47 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
b72d40f3dd - fix various compiler warnings (reported by Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 11:35:01 +00:00
Wouter Wijngaards
22290ac234 - Fix validation of . DS query. 
git-svn-id: file:///svn/unbound/trunk@2474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-17 14:28:32 +00:00
Wouter Wijngaards
7359d84e2f - Fix wildcard expansion no-data reply under an optout NSEC3 zone is 
validated as insecure, reported by Jia Li (lijia@cnnic.cn).


git-svn-id: file:///svn/unbound/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-11 09:03:18 +00:00
Wouter Wijngaards
784d659e91 - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
Wouter Wijngaards
3922eed584 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
Wouter Wijngaards
b4a089ff0d - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
Wouter Wijngaards
003658eea0 test and cleanup. 
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
Wouter Wijngaards
daab92e954 - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9 Work on validation of multiple algorithms. 
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
Wouter Wijngaards
c4c8a65ff2 - fix validation in this case: CNAME to nodata for co-hosted opt-in 
NSEC3 insecure delegation, was bogus, fixed to be insecure.


git-svn-id: file:///svn/unbound/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-17 10:05:56 +00:00
Wouter Wijngaards
488aee467a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00