Update to BIND 9.6.3, the latest from ISC on the 9.6 branch.

All 9.6 users with DNSSEC validation enabled should upgrade to this
version, or the latest version in the 9.7 branch, prior to 2011-03-31
in order to avoid validation failures for names in .COM as described
here:

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record

In addition the fixes for this and other bugs, there are also the
following:

  * Various fixes to kerberos support, including GSS-TSIG
  * Various fixes to avoid leaking memory, and to problems that could
    prevent a clean shutdown of named

1 files changed, 11 insertions, 2 deletions

diff --git a/contrib/bind9/lib/dns/time.c b/contrib/bind9/lib/dns/time.c
index 62414dd..bd8cdc3 100644
--- a/contrib/bind9/lib/dns/time.c
+++ b/contrib/bind9/lib/dns/time.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: time.c,v 1.31.332.2 2009/01/18 23:47:40 tbox Exp $ */
+/* $Id: time.c,v 1.31.332.4 2010-04-21 23:48:05 tbox Exp $ */
 
 /*! \file */
 
@@ -24,6 +24,7 @@
 #include <stdio.h>
 #include <isc/string.h>		/* Required for HP/UX (and others?) */
 #include <time.h>
+#include <ctype.h>
 
 #include <isc/print.h>
 #include <isc/region.h>
@@ -132,6 +133,14 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) {
 
 	if (strlen(source) != 14U)
 		return (DNS_R_SYNTAX);
+	/*
+	 * Confirm the source only consists digits.  sscanf() allows some
+	 * minor exceptions.
+	 */
+	for (i = 0; i < 14; i++) {
+		if (!isdigit((unsigned char)source[i]))
+			return (DNS_R_SYNTAX);
+	}
 	if (sscanf(source, "%4d%2d%2d%2d%2d%2d",
 		   &year, &month, &day, &hour, &minute, &second) != 6)
 		return (DNS_R_SYNTAX);