ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
24,602 Commits 589 Branches 805 Tags
2c00a11db3e577fefce3c5d384db99a924bf518b
Commit Graph

315 Commits

Author SHA1 Message Date
Evan Hunt
88dc9d367d [v9_10] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]

(cherry picked from commit 581c1526ab)
(cherry picked from commit a03f4b1ea4)
 2017-06-27 11:40:31 -07:00
Tinderbox User
e0615b47c2 update copyright notice / whitespace 2017-05-02 23:46:45 +00:00
Mark Andrews
ad32220fa8 4615. [bug] AD could be set on truncated answer with no records 
present in the answer and authority sections.
                        [RT #45140]

(cherry picked from commit 33e94f501f)
 2017-05-03 07:52:08 +10:00
Evan Hunt
655092507c [v9_10] silence warning 
(cherry picked from commit b3aebb5890)
 2016-12-28 17:54:47 -08:00
Tinderbox User
ad4e4b05f2 update copyright notice / whitespace 2016-12-28 23:52:29 +00:00
Mark Andrews
6bed6ea11b fix back port issue 2016-12-29 10:48:46 +11:00
Mark Andrews
04c7ee66b1 4517. [security] Named could mishandle authority sections that were 
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
 2016-12-29 10:41:19 +11:00
Mark Andrews
83139f2a21 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 
(cherry picked from commit def6b33bad)
 2016-12-13 16:37:47 +11:00
Mark Andrews
88e9f0b489 4468. [bug] Address ECS option handling issues. [RT #43191] 
(cherry picked from commit df17290113)
 2016-09-14 09:06:24 +10:00
Mark Andrews
9dd582167a 4467. [security] It was possible to trigger a assertion when rendering 
a message. [RT #43139]

(cherry picked from commit 2bd0922cf9)
 2016-09-09 11:32:12 +10:00
Evan Hunt
a95ec4fb11 [v9_10] fix ECS family 0 handling 
4341.	[bug]		Correct the handling of ECS options with
			address family 0. [RT #41377]
 2016-03-23 19:04:04 -07:00
Mark Andrews
9f8d166497 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.

(cherry picked from commit 33a4294f44)
 2016-03-10 16:54:08 +11:00
Mukund Sivaraman
b15dde2889 Code cleanups (#41656) 
(cherry picked from commit 9da98335c1)
 2016-03-04 12:23:32 +05:30
Mark Andrews
c0a2b2672f 4312. [bug] dig's unknown dns and edns flags (MBZ value) logging 
was not consistent. [RT #41600]

(cherry picked from commit 8d00c5ab2c)
 2016-02-02 14:19:41 +11:00
Evan Hunt
847eacdf56 [v9_10] fix unchecked result 
4295.	[bug]		An unchecked result in dns_message_pseudosectiontotext()
			could allow incorrect text formatting of EDNS EXPIRE
			options. [RT #41437]
 2016-01-20 17:19:47 -08:00
Tinderbox User
29846050bb update copyright notice / whitespace 2016-01-05 23:45:56 +00:00
Evan Hunt
8dd83ecf37 [v9_10] check addrlen/scopelen fit within family address length 2016-01-05 13:40:06 -08:00
Evan Hunt
0bcdd1a803 [v9_10] check ECS address length 2016-01-05 12:28:22 -08:00
Tinderbox User
66035c86ad update copyright notice / whitespace 2015-12-31 11:45:18 +00:00
Mark Andrews
a9eeaea7d6 4286. [security] render_ecs errors were mishandled when printing out 
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a8)
 2015-12-31 22:19:31 +11:00
Mark Andrews
d090709551 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] 
(cherry picked from commit f647c0df9f)

Conflicts:
	CHANGES
	bin/named/query.c
	bin/tests/system/sit/tests.sh
	lib/dns/message.c
 2015-12-15 20:02:37 +11:00
Mark Andrews
3a4c24c4a5 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]

(cherry picked from commit c8821d124c)
 2015-11-16 13:21:54 +11:00
Mark Andrews
de8a5c0d3b 4210. [cleanup] Silence use after free false positive. [RT #40743] 
(cherry picked from commit f43e5c8ed2)
 2015-09-17 14:05:51 +10:00
Mark Andrews
bb7971417a 4157. [protocol] Update experimental SIT code to use the EDNS COOKIE 
option code point (10).  This is the minimal change
                        required to use the new code point. [RT #39928]
 2015-07-07 15:43:04 +10:00
Mark Andrews
6eb68161a9 add warning not about handling malformed option content 
(cherry picked from commit bd08b82891)
 2015-07-07 10:25:30 +10:00
Mark Andrews
28d2815802 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 
(cherry picked from commit 46fc714aa0)
 2015-07-06 23:04:18 +10:00
Mark Andrews
a6f608404f 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]

(cherry picked from commit 4a61eae651)
 2015-06-29 15:49:12 +10:00
Evan Hunt
a6a15bb069 [v9_10] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:54 -07:00
Mark Andrews
b6d33c97b2 update variable name to better reflect reality 
(cherry picked from commit 51a82fe30d)
 2015-05-11 13:41:46 +10:00
Mark Andrews
a55c3151b2 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 
(cherry picked from commit 29d52c001f)
 2015-03-03 16:49:37 +11:00
Tinderbox User
3817256ab9 update copyright notice / whitespace 2015-01-20 23:47:01 +00:00
Evan Hunt
1ef4faabd5 [v9_10] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:43:35 -08:00
Mark Andrews
298b35a1df 3861. [security] Missing isc_buffer_availablelength check results 
in a REQUIRE assertion when printing out a packet.
                        [RT #36078]
 2014-05-25 12:39:52 +10:00
Evan Hunt
de03407445 [v9_10] restore changes post 9.10.0 
This reverts commit 2bb45e9515.
 2014-04-25 16:29:32 -07:00
Evan Hunt
2bb45e9515 [v9_10] revert so 9.10.0 can be tagged 
(changes for 9.10.1 were inadvertently committed early)
 2014-04-25 16:27:03 -07:00
Mark Andrews
7ce6651a2a 3819. [bug] NSEC3 hashes need to be able to be entered and 
displayed without padding.  This is not a issue for
                        currently defined algorithms but may be for future
                        hash algorithms. [RT #27925]

(cherry picked from commit 36e5ac0033)
 2014-04-24 19:12:00 +10:00
Mark Andrews
f0c00f10a0 report if sit is good/bad 2014-02-20 15:55:09 +11:00
Mark Andrews
51d6d7eea4 continue rather than break 2014-02-20 15:20:12 +11:00
Evan Hunt
6cba0b8e61 [expireopt] format expire time 2014-02-20 14:57:47 +11:00
Mark Andrews
16134801ce 3750. [experimental] Partially implement EDNS EXPIRE option as described 
in draft-andrews-dnsext-expire-00.  Retrivial of
                        remaining time to expiry from slave zones is supported.

                        EXPIRE uses an experimental option code (65002) and
                        is subject to change. [RT #35416]
 2014-02-20 14:56:20 +11:00
Evan Hunt
d7b9756a21 [master] ENDS client-subnet in dig 
3749.	[func]		"dig +subnet" sends an EDNS client subnet option
			containing the specified address/prefix when
                        querying. (Thanks to Wilmer van der Gaast.)
                        [RT #35415]
 2014-02-19 15:51:02 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Evan Hunt
1d761cb453 [master] delve 
3741.	[func]		"delve" (domain entity lookup and validation engine):
			A new tool with dig-like semantics for performing DNS
			lookups, with internal DNSSEC validation, using the
			same resolver and validator logic as named. This
			allows easy validation of DNSSEC data in environments
			with untrustworthy resolvers, and assists with
			troubleshooting of DNSSEC problems. (Note: not yet
			available on win32.) [RT #32406]
 2014-02-16 13:03:17 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Evan Hunt
a499dddb4b [master] easier to read NSID output 
3626.	[func]		dig: NSID output now easier to read. [RT #21160]
 2013-08-08 16:50:34 -07:00
Mark Andrews
11d945cd75 silence signed/unsigned compare warning 2013-04-09 06:32:10 +10:00
Mark Andrews
4adf97c32f 3548. [bug] The NSID request code in resolver.c was broken 
resulting in invalid EDNS options being sent.
                        [RT #33153]
 2013-04-08 16:29:26 +10:00
Evan Hunt
df925e6c66 [master] add zone memory context pools 
3492.	[bug]		Fixed a regression in zone loading performance
			due to lock contention. [RT #30399]
 2013-02-20 21:39:05 -08:00