diff options
| author | erwin <erwin@FreeBSD.org> | 2012-12-07 12:39:58 +0000 |
|---|---|---|
| committer | erwin <erwin@FreeBSD.org> | 2012-12-07 12:39:58 +0000 |
| commit | 5d8c8fc50b9836a3c4a9d975721d7682dd286965 (patch) | |
| tree | c3abb28c9e8cb3396d1d00b0af4f9a474adaf5f5 /contrib/bind9/lib/dns/zone.c | |
| parent | d4467dc03357aa391339c667b9bce1af3f0455d9 (diff) | |
| parent | 4d1484242d381404f6b827320dad3260370137c8 (diff) | |
| download | FreeBSD-src-5d8c8fc50b9836a3c4a9d975721d7682dd286965.zip FreeBSD-src-5d8c8fc50b9836a3c4a9d975721d7682dd286965.tar.gz | |
Update to 9.8.4-P1.
Security Fixes
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received.
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get
an answer. [RT #29492]
Other critical bug fixes are included.
Approved by: delphij (mentor)
MFC after: 3 days
Security: CVE-2012-5688
Sponsored by: DK Hostmaster A/S
Diffstat (limited to 'contrib/bind9/lib/dns/zone.c')
| -rw-r--r-- | contrib/bind9/lib/dns/zone.c | 101 |
1 files changed, 50 insertions, 51 deletions
diff --git a/contrib/bind9/lib/dns/zone.c b/contrib/bind9/lib/dns/zone.c index efe31eb..22db239 100644 --- a/contrib/bind9/lib/dns/zone.c +++ b/contrib/bind9/lib/dns/zone.c @@ -3082,7 +3082,7 @@ zone_journal(dns_zone_t *zone, dns_diff_t *diff, const char *caller) { ISC_TRUE, &journal); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "%s:dns_journal_open -> %s\n", + "%s:dns_journal_open -> %s", caller, dns_result_totext(result)); return (result); } @@ -3091,7 +3091,7 @@ zone_journal(dns_zone_t *zone, dns_diff_t *diff, const char *caller) { dns_journal_destroy(&journal); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "%s:dns_journal_write_transaction -> %s\n", + "%s:dns_journal_write_transaction -> %s", caller, dns_result_totext(result)); return (result); } @@ -3116,7 +3116,7 @@ add_soa(dns_zone_t *zone, dns_db_t *db) { result = dns_db_newversion(db, &ver); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "add_soa:dns_db_newversion -> %s\n", + "add_soa:dns_db_newversion -> %s", dns_result_totext(result)); goto failure; } @@ -3126,7 +3126,7 @@ add_soa(dns_zone_t *zone, dns_db_t *db) { 0, 0, 0, 0, 0, buf, &rdata); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "add_soa:dns_soa_buildrdata -> %s\n", + "add_soa:dns_soa_buildrdata -> %s", dns_result_totext(result)); goto failure; } @@ -3178,7 +3178,7 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { result = dns_db_newversion(db, &ver); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sync_keyzone:dns_db_newversion -> %s\n", + "sync_keyzone:dns_db_newversion -> %s", dns_result_totext(result)); goto failure; } @@ -4939,7 +4939,7 @@ zone_resigninc(dns_zone_t *zone) { result = dns_db_newversion(db, &version); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:dns_db_newversion -> %s\n", + "zone_resigninc:dns_db_newversion -> %s", dns_result_totext(result)); goto failure; } @@ -4948,7 +4948,7 @@ zone_resigninc(dns_zone_t *zone) { zone_keys, &nkeys); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:find_zone_keys -> %s\n", + "zone_resigninc:find_zone_keys -> %s", dns_result_totext(result)); goto failure; } @@ -4972,7 +4972,7 @@ zone_resigninc(dns_zone_t *zone) { result = dns_db_getsigningtime(db, &rdataset, name); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:dns_db_getsigningtime -> %s\n", + "zone_resigninc:dns_db_getsigningtime -> %s", dns_result_totext(result)); } @@ -4996,7 +4996,7 @@ zone_resigninc(dns_zone_t *zone) { zone_keys, nkeys, now, ISC_TRUE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:del_sigs -> %s\n", + "zone_resigninc:del_sigs -> %s", dns_result_totext(result)); break; } @@ -5006,7 +5006,7 @@ zone_resigninc(dns_zone_t *zone) { expire, check_ksk, keyset_kskonly); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:add_sigs -> %s\n", + "zone_resigninc:add_sigs -> %s", dns_result_totext(result)); break; } @@ -5018,7 +5018,7 @@ zone_resigninc(dns_zone_t *zone) { } if (result != ISC_R_SUCCESS) dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:dns_db_getsigningtime -> %s\n", + "zone_resigninc:dns_db_getsigningtime -> %s", dns_result_totext(result)); } @@ -5029,7 +5029,7 @@ zone_resigninc(dns_zone_t *zone) { &sig_diff, zone_keys, nkeys, now, ISC_TRUE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:del_sigs -> %s\n", + "zone_resigninc:del_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -5044,7 +5044,7 @@ zone_resigninc(dns_zone_t *zone) { result = increment_soa_serial(db, version, &sig_diff, zone->mctx); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:increment_soa_serial -> %s\n", + "zone_resigninc:increment_soa_serial -> %s", dns_result_totext(result)); goto failure; } @@ -5058,7 +5058,7 @@ zone_resigninc(dns_zone_t *zone) { soaexpire, check_ksk, keyset_kskonly); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_resigninc:add_sigs -> %s\n", + "zone_resigninc:add_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -5753,7 +5753,7 @@ update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version, zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "update_sigs:del_sigs -> %s\n", + "update_sigs:del_sigs -> %s", dns_result_totext(result)); return (result); } @@ -5763,7 +5763,7 @@ update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version, expire, check_ksk, keyset_kskonly); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "update_sigs:add_sigs -> %s\n", + "update_sigs:add_sigs -> %s", dns_result_totext(result)); return (result); } @@ -5848,7 +5848,7 @@ zone_nsec3chain(dns_zone_t *zone) { result = dns_db_newversion(db, &version); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_nsec3chain:dns_db_newversion -> %s\n", + "zone_nsec3chain:dns_db_newversion -> %s", dns_result_totext(result)); goto failure; } @@ -5857,7 +5857,7 @@ zone_nsec3chain(dns_zone_t *zone) { DNS_MAXZONEKEYS, zone_keys, &nkeys); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_nsec3chain:find_zone_keys -> %s\n", + "zone_nsec3chain:find_zone_keys -> %s", dns_result_totext(result)); goto failure; } @@ -6003,7 +6003,7 @@ zone_nsec3chain(dns_zone_t *zone) { &nsec3_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "dns_nsec3_addnsec3 -> %s\n", + "dns_nsec3_addnsec3 -> %s", dns_result_totext(result)); goto failure; } @@ -6061,7 +6061,7 @@ zone_nsec3chain(dns_zone_t *zone) { } else if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "dns_dbiterator_next -> %s\n", + "dns_dbiterator_next -> %s", dns_result_totext(result)); goto failure; } else if (delegation) { @@ -6119,7 +6119,7 @@ zone_nsec3chain(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "need_nsec_chain -> %s\n", + "need_nsec_chain -> %s", dns_result_totext(result)); goto failure; } @@ -6144,7 +6144,7 @@ zone_nsec3chain(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "fixup_nsec3param -> %s\n", + "fixup_nsec3param -> %s", dns_result_totext(result)); goto failure; } @@ -6159,7 +6159,7 @@ zone_nsec3chain(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "deletematchingnsec3 -> %s\n", + "deletematchingnsec3 -> %s", dns_result_totext(result)); goto failure; } @@ -6260,7 +6260,7 @@ zone_nsec3chain(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "fixup_nsec3param -> %s\n", + "fixup_nsec3param -> %s", dns_result_totext(result)); goto failure; } @@ -6268,7 +6268,7 @@ zone_nsec3chain(dns_zone_t *zone) { } else if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "dns_dbiterator_next -> %s\n", + "dns_dbiterator_next -> %s", dns_result_totext(result)); goto failure; } else if (delegation) { @@ -6305,7 +6305,7 @@ zone_nsec3chain(dns_zone_t *zone) { result = dns_db_allrdatasets(db, node, version, 0, &iterator); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "dns_db_allrdatasets -> %s\n", + "dns_db_allrdatasets -> %s", dns_result_totext(result)); goto failure; } @@ -6331,7 +6331,7 @@ zone_nsec3chain(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "updatesecure -> %s\n", + "updatesecure -> %s", dns_result_totext(result)); goto failure; } @@ -6344,7 +6344,7 @@ zone_nsec3chain(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "dns_nsec3_addnsec3s -> %s\n", + "dns_nsec3_addnsec3s -> %s", dns_result_totext(result)); goto failure; } @@ -6359,7 +6359,7 @@ zone_nsec3chain(dns_zone_t *zone) { check_ksk, keyset_kskonly, &sig_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "update_sigs -> %s\n", dns_result_totext(result)); + "update_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -6372,7 +6372,7 @@ zone_nsec3chain(dns_zone_t *zone) { check_ksk, keyset_kskonly, &sig_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "update_sigs -> %s\n", dns_result_totext(result)); + "update_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -6383,7 +6383,7 @@ zone_nsec3chain(dns_zone_t *zone) { zone->minimum, ISC_FALSE, &nsec_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "updatesecure -> %s\n", + "updatesecure -> %s", dns_result_totext(result)); goto failure; } @@ -6394,7 +6394,7 @@ zone_nsec3chain(dns_zone_t *zone) { check_ksk, keyset_kskonly, &sig_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "update_sigs -> %s\n", dns_result_totext(result)); + "update_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -6409,14 +6409,14 @@ zone_nsec3chain(dns_zone_t *zone) { &sig_diff, zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "del_sigs -> %s\n", dns_result_totext(result)); + "del_sigs -> %s", dns_result_totext(result)); goto failure; } result = increment_soa_serial(db, version, &sig_diff, zone->mctx); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "increment_soa_serial -> %s\n", + "increment_soa_serial -> %s", dns_result_totext(result)); goto failure; } @@ -6426,7 +6426,7 @@ zone_nsec3chain(dns_zone_t *zone) { soaexpire, check_ksk, keyset_kskonly); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" - "add_sigs -> %s\n", dns_result_totext(result)); + "add_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -6470,7 +6470,7 @@ zone_nsec3chain(dns_zone_t *zone) { failure: if (result != ISC_R_SUCCESS) - dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain: %s\n", + dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain: %s", dns_result_totext(result)); /* * On error roll back the current nsec3chain. @@ -6673,7 +6673,7 @@ zone_sign(dns_zone_t *zone) { result = dns_db_newversion(db, &version); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:dns_db_newversion -> %s\n", + "zone_sign:dns_db_newversion -> %s", dns_result_totext(result)); goto failure; } @@ -6682,7 +6682,7 @@ zone_sign(dns_zone_t *zone) { DNS_MAXZONEKEYS, zone_keys, &nkeys); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:find_zone_keys -> %s\n", + "zone_sign:find_zone_keys -> %s", dns_result_totext(result)); goto failure; } @@ -6903,7 +6903,7 @@ zone_sign(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "updatesecure -> %s\n", + "updatesecure -> %s", dns_result_totext(result)); goto failure; } @@ -6915,8 +6915,7 @@ zone_sign(dns_zone_t *zone) { &post_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "updatesignwithkey " - "-> %s\n", + "updatesignwithkey -> %s", dns_result_totext(result)); goto failure; } @@ -6924,7 +6923,7 @@ zone_sign(dns_zone_t *zone) { goto next_signing; } else if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:dns_dbiterator_next -> %s\n", + "zone_sign:dns_dbiterator_next -> %s", dns_result_totext(result)); goto failure; } else if (delegation) { @@ -6950,7 +6949,7 @@ zone_sign(dns_zone_t *zone) { check_ksk, keyset_kskonly, &sig_diff); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_sign:" - "update_sigs -> %s\n", + "update_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -6970,7 +6969,7 @@ zone_sign(dns_zone_t *zone) { &sig_diff, zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:del_sigs -> %s\n", + "zone_sign:del_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -6978,7 +6977,7 @@ zone_sign(dns_zone_t *zone) { result = increment_soa_serial(db, version, &sig_diff, zone->mctx); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:increment_soa_serial -> %s\n", + "zone_sign:increment_soa_serial -> %s", dns_result_totext(result)); goto failure; } @@ -6992,7 +6991,7 @@ zone_sign(dns_zone_t *zone) { soaexpire, check_ksk, keyset_kskonly); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "zone_sign:add_sigs -> %s\n", + "zone_sign:add_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -8034,7 +8033,7 @@ zone_maintenance(dns_zone_t *zone) { DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) && DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP)) { dumping = was_dumping(zone); - } else + } else dumping = ISC_TRUE; UNLOCK_ZONE(zone); if (!dumping) { @@ -14008,7 +14007,7 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, zone_keys, &nkeys); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sign_apex:find_zone_keys -> %s\n", + "sign_apex:find_zone_keys -> %s", dns_result_totext(result)); return (result); } @@ -14039,7 +14038,7 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sign_apex:del_sigs -> %s\n", + "sign_apex:del_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -14049,7 +14048,7 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, keyset_kskonly); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sign_apex:add_sigs -> %s\n", + "sign_apex:add_sigs -> %s", dns_result_totext(result)); goto failure; } @@ -14061,7 +14060,7 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, - "sign_apex:update_sigs -> %s\n", + "sign_apex:update_sigs -> %s", dns_result_totext(result)); goto failure; } |
