svn commit: r228189 - in stable/9/contrib/bind9: . bin/named lib/dns

Doug Barton dougb at FreeBSD.org
Thu Dec 1 21:13:42 UTC 2011 

Author: dougb
Date: Thu Dec  1 21:13:41 2011
New Revision: 228189
URL: http://svn.freebsd.org/changeset/base/228189

Log:
  Upgrade to BIND 9.8.1-P1 to address the following DDOS bug:
  
  Recursive name servers are failing with an assertion:
  INSIST(! dns_rdataset_isassociated(sigrdataset))
  
  At this time it is not thought that authoritative-only servers
  are affected, but information about this bug is evolving rapidly.
  
  Because it may be possible to trigger this bug even on networks
  that do not allow untrusted users to access the recursive name
  servers (perhaps via specially crafted e-mail messages, and/or
  malicious web sites) it is recommended that ALL operators of
  recursive name servers upgrade immediately.
  
  For more information see:
  https://www.isc.org/software/bind/advisories/cve-2011-4313
  which will be updated as more information becomes available.
  
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
  
  Approved by:	re (kib)

Modified:
  stable/9/contrib/bind9/CHANGES
  stable/9/contrib/bind9/bin/named/query.c
  stable/9/contrib/bind9/lib/dns/rbtdb.c
  stable/9/contrib/bind9/version
Directory Properties:
  stable/9/contrib/bind9/   (props changed)

Modified: stable/9/contrib/bind9/CHANGES
==============================================================================
--- stable/9/contrib/bind9/CHANGES	Thu Dec  1 20:39:18 2011	(r228188)
+++ stable/9/contrib/bind9/CHANGES	Thu Dec  1 21:13:41 2011	(r228189)
@@ -1,3 +1,9 @@
+	--- 9.8.1-P1 released ---
+
+3218.	[security]	Cache lookup could return RRSIG data associated with
+			nonexistent records, leading to an assertion
+			failure. [RT #26590]
+
 	--- 9.8.1 released ---
 
 	--- 9.8.1rc1 released ---

Modified: stable/9/contrib/bind9/bin/named/query.c
==============================================================================
--- stable/9/contrib/bind9/bin/named/query.c	Thu Dec  1 20:39:18 2011	(r228188)
+++ stable/9/contrib/bind9/bin/named/query.c	Thu Dec  1 21:13:41 2011	(r228189)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
+/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */
 
 /*! \file */
 
@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			/*
-			 * Negative cache entries don't have sigrdatasets.
-			 */
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
 		goto setcache;
 	if (result == DNS_R_NCACHENXRRSET) {
 		dns_rdataset_disassociate(rdataset);
-		/*
-		 * Negative cache entries don't have sigrdatasets.
-		 */
-		INSIST(! dns_rdataset_isassociated(sigrdataset));
+		if (dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
 	}
 	if (result == ISC_R_SUCCESS) {
 		/* Remember the result as a cache */

Modified: stable/9/contrib/bind9/lib/dns/rbtdb.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/rbtdb.c	Thu Dec  1 20:39:18 2011	(r228188)
+++ stable/9/contrib/bind9/lib/dns/rbtdb.c	Thu Dec  1 21:13:41 2011	(r228189)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */
+/* $Id: rbtdb.c,v 1.310.8.5.4.1 2011-11-16 09:32:08 marka Exp $ */
 
 /*! \file */
 
@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
 			      rdataset);
 		if (need_headerupdate(found, search.now))
 			update = found;
-		if (foundsig != NULL) {
+		if (!NEGATIVE(found) && foundsig != NULL) {
 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
 				      sigrdataset);
 			if (need_headerupdate(foundsig, search.now))
@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
 	}
 	if (found != NULL) {
 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-		if (foundsig != NULL)
+		if (!NEGATIVE(found) && foundsig != NULL)
 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
 				      sigrdataset);
 	}

Modified: stable/9/contrib/bind9/version
==============================================================================
--- stable/9/contrib/bind9/version	Thu Dec  1 20:39:18 2011	(r228188)
+++ stable/9/contrib/bind9/version	Thu Dec  1 21:13:41 2011	(r228189)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.53.8.9 2011-08-24 02:08:26 marka Exp $
+# $Id: version,v 1.53.8.9.6.1 2011-11-16 09:32:07 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=8
 PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1

More information about the svn-src-stable-9 mailing list