svn commit: r195934 - stable/6/contrib/bind9/bin/named
Doug Barton
dougb at FreeBSD.org
Wed Jul 29 00:13:48 UTC 2009
Author: dougb
Date: Wed Jul 29 00:13:47 2009
New Revision: 195934
URL: http://svn.freebsd.org/changeset/base/195934
Log:
Apply the patch derived from version 9.6.1-P1 which addresses a remote
DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
cause BIND 9 servers to exit. This vulnerability affects all
servers -- it is not limited to those that are configured to
allow dynamic updates. Access controls will not provide an
effective workaround.
More details can be found here: https://www.isc.org/node/474
All BIND users are encouraged to update to a patched version ASAP.
Modified:
stable/6/contrib/bind9/bin/named/update.c
Modified: stable/6/contrib/bind9/bin/named/update.c
==============================================================================
--- stable/6/contrib/bind9/bin/named/update.c Tue Jul 28 23:59:22 2009 (r195933)
+++ stable/6/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934)
@@ -863,7 +863,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*
More information about the svn-src-stable-6
mailing list