rpms / bind

Clone
Source Code
GIT

Blame bind-9.9.4-CVE-2014-0591.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-fasttrack c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master private-fleite-IT101669-branch private-mruprich-bind-branch private-pemensik-master-P4
  1.   f18
  2.   bind-9.9.4-CVE-2014-0591.patch
Blob History Raw
Tomas Hozza cd34c9 
diff -pruN bind-9.9.4-P1/bin/named/query.c bind-9.9.4-P2/bin/named/query.c
Tomas Hozza cd34c9 
--- bind-9.9.4-P1/bin/named/query.c	2013-10-16 01:04:32.000000000 +0200
Tomas Hozza cd34c9 
+++ bind-9.9.4-P2/bin/named/query.c	2013-12-20 01:28:28.000000000 +0100
Tomas Hozza cd34c9 
@@ -5260,8 +5260,7 @@ query_findclosestnsec3(dns_name_t *qname
Tomas Hozza cd34c9 
 	dns_fixedname_t fixed;
Tomas Hozza cd34c9 
 	dns_hash_t hash;
Tomas Hozza cd34c9 
 	dns_name_t name;
Tomas Hozza cd34c9 
-	int order;
Tomas Hozza cd34c9 
-	unsigned int count;
Tomas Hozza cd34c9 
+	unsigned int skip = 0, labels;
Tomas Hozza cd34c9 
 	dns_rdata_nsec3_t nsec3;
Tomas Hozza cd34c9 
 	dns_rdata_t rdata = DNS_RDATA_INIT;
Tomas Hozza cd34c9 
 	isc_boolean_t optout;
Tomas Hozza cd34c9 
@@ -5276,6 +5275,7 @@ query_findclosestnsec3(dns_name_t *qname
Tomas Hozza cd34c9
Tomas Hozza cd34c9 
 	dns_name_init(&name, NULL);
Tomas Hozza cd34c9 
 	dns_name_clone(qname, &name);
Tomas Hozza cd34c9 
+	labels = dns_name_countlabels(&name);
Tomas Hozza cd34c9 
 	dns_clientinfomethods_init(&cm, ns_client_sourceip);
Tomas Hozza cd34c9 
 	dns_clientinfo_init(&ci, client);
Tomas Hozza cd34c9
Tomas Hozza cd34c9 
@@ -5309,13 +5309,14 @@ query_findclosestnsec3(dns_name_t *qname
Tomas Hozza cd34c9 
 		dns_rdata_reset(&rdata);
Tomas Hozza cd34c9 
 		optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
Tomas Hozza cd34c9 
 		if (found != NULL && optout &&
Tomas Hozza cd34c9 
-		    dns_name_fullcompare(&name, dns_db_origin(db), &order,
Tomas Hozza cd34c9 
-					 &count) == dns_namereln_subdomain) {
Tomas Hozza cd34c9 
+		    dns_name_issubdomain(&name, dns_db_origin(db)))
Tomas Hozza cd34c9 
+		{
Tomas Hozza cd34c9 
 			dns_rdataset_disassociate(rdataset);
Tomas Hozza cd34c9 
 			if (dns_rdataset_isassociated(sigrdataset))
Tomas Hozza cd34c9 
 				dns_rdataset_disassociate(sigrdataset);
Tomas Hozza cd34c9 
-			count = dns_name_countlabels(&name) - 1;
Tomas Hozza cd34c9 
-			dns_name_getlabelsequence(&name, 1, count, &name);
Tomas Hozza cd34c9 
+			skip++;
Tomas Hozza cd34c9 
+			dns_name_getlabelsequence(qname, skip, labels - skip,
Tomas Hozza cd34c9 
+						  &name);
Tomas Hozza cd34c9 
 			ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
Tomas Hozza cd34c9 
 				      NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
Tomas Hozza cd34c9 
 				      "looking for closest provable encloser");
Tomas Hozza cd34c9 
@@ -5333,7 +5334,11 @@ query_findclosestnsec3(dns_name_t *qname
Tomas Hozza cd34c9 
 		ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
Tomas Hozza cd34c9 
 			      NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
Tomas Hozza cd34c9 
 			      "expected covering NSEC3, got an exact match");
Tomas Hozza cd34c9 
-	if (found != NULL)
Tomas Hozza cd34c9 
+	if (found == qname) {
Tomas Hozza cd34c9 
+		if (skip != 0U)
Tomas Hozza cd34c9 
+			dns_name_getlabelsequence(qname, skip, labels - skip,
Tomas Hozza cd34c9 
+						  found);
Tomas Hozza cd34c9 
+	} else if (found != NULL)
Tomas Hozza cd34c9 
 		dns_name_copy(&name, found, NULL);
Tomas Hozza cd34c9 
 	return;
Tomas Hozza cd34c9 
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation