From ced7835c06b507528a27a1ef54de7f2533a2200c Mon Sep 17 00:00:00 2001 From: dougb Date: Sat, 28 May 2011 00:21:28 +0000 Subject: Upgrade to 9.6-ESV-R4-P1, which address the following issues: 1. Very large RRSIG RRsets included in a negative cache can trigger an assertion failure that will crash named (BIND 9 DNS) due to an off-by-one error in a buffer size check. This bug affects all resolving name servers, whether DNSSEC validation is enabled or not, on all BIND versions prior to today. There is a possibility of malicious exploitation of this bug by remote users. 2. Named could fail to validate zones listed in a DLV that validated insecure without using DLV and had DS records in the parent zone. Add a patch provided by ru@ and confirmed by ISC to fix a crash at shutdown time when a SIG(0) key is being used. --- contrib/bind9/lib/dns/ncache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'contrib/bind9/lib/dns/ncache.c') diff --git a/contrib/bind9/lib/dns/ncache.c b/contrib/bind9/lib/dns/ncache.c index 5f24683..cfa4783 100644 --- a/contrib/bind9/lib/dns/ncache.c +++ b/contrib/bind9/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.43.48.7 2010-05-19 09:53:46 marka Exp $ */ +/* $Id: ncache.c,v 1.43.48.7.6.1 2011-05-27 00:19:19 each Exp $ */ /*! \file */ @@ -186,7 +186,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); -- cgit v1.1