diff options
| author | dougb <dougb@FreeBSD.org> | 2011-07-06 00:48:31 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2011-07-06 00:48:31 +0000 |
| commit | a56bc34bcb01041f2678d50c784cf1676b386aa4 (patch) | |
| tree | e2f081f6053b6868f97bb2f937aeb23d613958a3 /contrib/bind9/lib/dns/masterdump.c | |
| parent | 28d62831de06efc82624596849d25e9d6510caef (diff) | |
| download | FreeBSD-src-a56bc34bcb01041f2678d50c784cf1676b386aa4.zip FreeBSD-src-a56bc34bcb01041f2678d50c784cf1676b386aa4.tar.gz | |
Update to version 9.6-ESV-R4-P3
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
https://www.isc.org/software/bind/advisories/cve-2011-2464
Diffstat (limited to 'contrib/bind9/lib/dns/masterdump.c')
| -rw-r--r-- | contrib/bind9/lib/dns/masterdump.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/contrib/bind9/lib/dns/masterdump.c b/contrib/bind9/lib/dns/masterdump.c index 34c984b..d6befb5 100644 --- a/contrib/bind9/lib/dns/masterdump.c +++ b/contrib/bind9/lib/dns/masterdump.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.94.50.3.18.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: masterdump.c,v 1.94.50.3.18.3 2011-06-21 20:13:22 each Exp $ */ /*! \file */ @@ -356,6 +356,7 @@ rdataset_totext(dns_rdataset_t *rdataset, isc_uint32_t current_ttl; isc_boolean_t current_ttl_valid; dns_rdatatype_t type; + unsigned int type_start; REQUIRE(DNS_RDATASET_VALID(rdataset)); @@ -437,29 +438,26 @@ rdataset_totext(dns_rdataset_t *rdataset, * Type. */ - if (rdataset->type == 0) { + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { type = rdataset->covers; } else { type = rdataset->type; } - { - unsigned int type_start; - INDENT_TO(type_column); - type_start = target->used; - if (rdataset->type == 0) - RETERR(str_totext("\\-", target)); - result = dns_rdatatype_totext(type, target); - if (result != ISC_R_SUCCESS) - return (result); - column += (target->used - type_start); - } + INDENT_TO(type_column); + type_start = target->used; + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + RETERR(str_totext("\\-", target)); + result = dns_rdatatype_totext(type, target); + if (result != ISC_R_SUCCESS) + return (result); + column += (target->used - type_start); /* * Rdata. */ INDENT_TO(rdata_column); - if (rdataset->type == 0) { + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { if (NXDOMAIN(rdataset)) RETERR(str_totext(";-$NXDOMAIN\n", target)); else @@ -814,7 +812,7 @@ dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name, if (ctx->style.flags & DNS_STYLEFLAG_TRUST) { fprintf(f, "; %s\n", dns_trust_totext(rds->trust)); } - if (rds->type == 0 && + if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ } else { @@ -979,7 +977,7 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name, dns_rdataset_init(&rdataset); dns_rdatasetiter_current(rdsiter, &rdataset); - if (rdataset.type == 0 && + if (((rdataset.attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ } else { |
