diff options
| author | dougb <dougb@FreeBSD.org> | 2011-07-06 00:48:31 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2011-07-06 00:48:31 +0000 |
| commit | a56bc34bcb01041f2678d50c784cf1676b386aa4 (patch) | |
| tree | e2f081f6053b6868f97bb2f937aeb23d613958a3 /contrib/bind9/lib/dns/ncache.c | |
| parent | 28d62831de06efc82624596849d25e9d6510caef (diff) | |
| download | FreeBSD-src-a56bc34bcb01041f2678d50c784cf1676b386aa4.zip FreeBSD-src-a56bc34bcb01041f2678d50c784cf1676b386aa4.tar.gz | |
Update to version 9.6-ESV-R4-P3
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
https://www.isc.org/software/bind/advisories/cve-2011-2464
Diffstat (limited to 'contrib/bind9/lib/dns/ncache.c')
| -rw-r--r-- | contrib/bind9/lib/dns/ncache.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/contrib/bind9/lib/dns/ncache.c b/contrib/bind9/lib/dns/ncache.c index cfa4783..f1fc323 100644 --- a/contrib/bind9/lib/dns/ncache.c +++ b/contrib/bind9/lib/dns/ncache.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.43.48.7.6.1 2011-05-27 00:19:19 each Exp $ */ +/* $Id: ncache.c,v 1.43.48.7.6.3 2011-06-21 20:13:22 each Exp $ */ /*! \file */ @@ -294,6 +294,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset) == ISC_R_SUCCESS); ncrdataset.trust = trust; + ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE; if (message->rcode == dns_rcode_nxdomain) ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN; if (optout) @@ -324,6 +325,7 @@ dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, REQUIRE(rdataset != NULL); REQUIRE(rdataset->type == 0); + REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); savedbuffer = *target; count = 0; @@ -552,6 +554,7 @@ dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); REQUIRE(type != dns_rdatatype_rrsig); @@ -628,6 +631,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); @@ -727,6 +731,7 @@ dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found, REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(found != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); |
