Blame bind99-CVE-2015-1349.patch
|
Tomas Hozza |
fb5a2e |
commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892
|
|
Tomas Hozza |
fb5a2e |
Author: Evan Hunt <each@isc.org>
|
|
Tomas Hozza |
fb5a2e |
Date: Tue Feb 3 18:30:38 2015 -0800
|
|
Tomas Hozza |
fb5a2e |
|
|
Tomas Hozza |
fb5a2e |
[v9_9_6_patch] avoid crash due to managed-key rollover
|
|
Tomas Hozza |
fb5a2e |
|
|
Tomas Hozza |
fb5a2e |
4053. [security] Revoking a managed trust anchor and supplying
|
|
Tomas Hozza |
fb5a2e |
an untrusted replacement could cause named
|
|
Tomas Hozza |
fb5a2e |
to crash with an assertion failure.
|
|
Tomas Hozza |
fb5a2e |
(CVE-2015-1349) [RT #38344]
|
|
Tomas Hozza |
fb5a2e |
|
|
Tomas Hozza |
fb5a2e |
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
|
|
Tomas Hozza |
fb5a2e |
index 7a9825b..5db2844 100644
|
|
Tomas Hozza |
fb5a2e |
--- a/lib/dns/zone.c
|
|
Tomas Hozza |
fb5a2e |
+++ b/lib/dns/zone.c
|
|
Tomas Hozza |
fb5a2e |
@@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
|
|
Tomas Hozza |
fb5a2e |
namebuf, tag);
|
|
Tomas Hozza |
fb5a2e |
trustkey = ISC_TRUE;
|
|
Tomas Hozza |
fb5a2e |
}
|
|
Tomas Hozza |
fb5a2e |
+ } else {
|
|
Tomas Hozza |
fb5a2e |
+ /*
|
|
Tomas Hozza |
fb5a2e |
+ * No previously known key, and the key is not
|
|
Tomas Hozza |
fb5a2e |
+ * secure, so skip it.
|
|
Tomas Hozza |
fb5a2e |
+ */
|
|
Tomas Hozza |
fb5a2e |
+ continue;
|
|
Tomas Hozza |
fb5a2e |
}
|
|
Tomas Hozza |
fb5a2e |
|
|
Tomas Hozza |
fb5a2e |
/* Delete old version */
|
|
Tomas Hozza |
fb5a2e |
@@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
|
|
Tomas Hozza |
fb5a2e |
trust_key(zone, keyname, &dnskey, mctx);
|
|
Tomas Hozza |
fb5a2e |
}
|
|
Tomas Hozza |
fb5a2e |
|
|
Tomas Hozza |
fb5a2e |
- if (!deletekey) {
|
|
Tomas Hozza |
fb5a2e |
+ if (secure && !deletekey) {
|
|
Tomas Hozza |
fb5a2e |
INSIST(newkey || updatekey);
|
|
Tomas Hozza |
fb5a2e |
set_refreshkeytimer(zone, &keydata, now);
|
|
Tomas Hozza |
fb5a2e |
}
|