ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
26,619 Commits 589 Branches 805 Tags
311fbf3f5b67fcb366bb55d50901acb4b257e088
Commit Graph

629 Commits

Author SHA1 Message Date
Michał Kępień
0041aeb751 Use dns_fixedname_initname() where possible 
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.

This patch was mostly prepared using Coccinelle and the following
semantic patch:

    @@
    expression fixedname, name;
    @@
    -	dns_fixedname_init(&fixedname);
    	...
    -	name = dns_fixedname_name(&fixedname);
    +	name = dns_fixedname_initname(&fixedname);

The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.

It is likely that more occurrences of this pattern can be refactored in
an identical way.  This commit only takes care of the low-hanging fruit.

(cherry picked from commit 4df4a8e731)
 2018-04-10 13:09:24 -07:00
Mark Andrews
65bf254fc8 adjust goto target and conditional compilation so that cleanup_spillattimer and cleanup_alglock labels match the element to be cleanup and so that they are always used 
(cherry picked from commit 7b27be54ee)
 2018-02-26 10:39:43 +11:00
Petr Menšík
cb98ce8e67 Reuse new function from rt46864 for similar block elsewhere. 
(cherry picked from commit e7a93321f0)
 2018-02-23 13:51:23 -08:00
Ondřej Surý
557a5c3f78 Update license headers to not include years in copyright in all applicable files 
(cherry picked from commit 843d389661)
 2018-02-23 10:38:02 +01:00
Mark Andrews
a4d75d92aa make declaration and use of setnocookie fully conditional 2018-02-16 14:08:26 +11:00
Mark Andrews
615822391e use %u instead of %d 2018-02-16 14:08:25 +11:00
Evan Hunt
67b1e54716 [v9_12] address overflow in retry backoff 
4877.	[bug]		Address integer overflow when exponentially
			backing off retry intervals. [RT #47041]

(cherry picked from commit 8b440753b6)
 2018-01-24 09:45:55 -08:00
Mark Andrews
f6911d4295 4869. [bug] Address some cases where NULL with zero length could 
be passed to memmove which is undefined behaviour and
                        can lead to bad optimisation. [RT #46888]

(cherry picked from commit fdd8838bf9)
 2018-01-22 09:37:30 +11:00
Mukund Sivaraman
0374e1c3fd Fix various bugs reported by valgrind --tool=memcheck (#46978) 
(cherry picked from commit f96133826e)
 2018-01-13 00:37:28 +05:30
Tinderbox User
77caf49c98 update copyright notice / whitespace 2018-01-04 23:45:53 +00:00
Evan Hunt
2b51d5874c [v9_12] block validator deadlock and prevent use-after-free 
4859.	[bug]		A loop was possible when attempting to validate
			unsigned CNAME responses from secure zones;
			this caused a delay in returning SERVFAIL and
			also increased the chances of encountering
			CVE-2017-3145. [RT #46839]

4858.	[security]	Addresses could be referenced after being freed
			in resolver.c, causing an assertion failure.
			(CVE-2017-3145) [RT #46839]
 2018-01-03 19:18:29 -08:00
Michał Kępień
6035d557c4 [master] Refactor reclimit system test 
4823.	[test]		Refactor reclimit system test to improve its
			reliability and speed. [RT #46632]
 2017-11-21 10:32:45 +01:00
Evan Hunt
c9f8165a06 [master] tag initializing keys 
4798.	[func]		Keys specified in "managed-keys" statements
			are tagged as "initializing" until they have been
			updated by a key refresh query. If initialization
			fails it will be visible from "rndc secroots".
			[RT #46267]
 2017-10-27 15:49:44 -07:00
Evan Hunt
06049b1c6c [master] stats counter for priming queries 
4795.	[func]		A new statistics counter has been added to track
			priming queries. [RT #46313]
 2017-10-26 21:38:43 -07:00
Evan Hunt
b2597ce86b [master] ignore cache when sending 5011 refresh queries 
4771.	[bug]		When sending RFC 5011 refresh queries, disregard
			cached DNSKEY rrsets. [RT #46251]
 2017-10-11 14:24:29 -07:00
Ondřej Surý
5de02a075b [master] reduce unnecessary priming queries 
4770. [bug] Cache additional data from priming queries as glue.
Previously they were ignored as unsigned
non-answer data from a secure zone, and never
actually got added to the cache, causing hints
to be used frequently for root-server
addresses, which triggered re-priming. [RT #45241]
 2017-10-11 09:11:47 +02:00
Mark Andrews
b4c31c8795 tcp test got reversed 2017-09-27 15:19:34 +10:00
Mark Andrews
f9f3f20d2d 4739. [cleanup] Address clang static analysis warnings. [RT #45952] 2017-09-27 10:27:09 +10:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies 
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
 2017-09-12 15:26:30 -07:00
Mark Andrews
df50751585 4700. [func] Serving of stale answers is now supported. This 
allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]
 2017-09-06 09:58:29 +10:00
Mark Andrews
a322a0f31c silence converity warning [RT #45891] 2017-09-05 07:38:13 +10:00
Mark Andrews
5c269d84c2 remove development logging 2017-09-01 14:45:26 +10:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Mark Andrews
ff8d856db0 4675. [cleanup] Don't use C++ keyword class. [RT #45726] 2017-08-10 08:42:04 +10:00
Evan Hunt
cdacec1dcb [master] silence gcc 7 warnings 
4673.	[port]		Silence GCC 7 warnings. [RT #45592]
 2017-08-09 00:17:44 -07:00
Mark Andrews
31605091b4 add comment 2017-08-09 08:42:10 +05:30
Evan Hunt
6bba066302 style 2017-08-09 08:41:51 +05:30
Mark Andrews
bcb2df226f style changes from [RT #45321] 2017-08-09 07:48:57 +10:00
Evan Hunt
2013c9751d [master] address coverity warning about uninitialized variable 2017-08-08 10:46:49 -07:00
Mukund Sivaraman
c88efb83b3 Fix a race in resume_dslookup() (#45168) 2017-08-08 12:20:48 +05:30
Mark Andrews
d5cb164074 conditionally declare fctx 2017-08-08 00:51:37 +10:00
Mark Andrews
73cc289e79 remove unused variable 'fctx' from rctx_next 2017-08-05 12:31:45 +10:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Mark Andrews
638c7c635d 4580. [bug] 4578 introduced a regression when handling CNAME to 
referral below the current domain. [RT #44850]
 2017-03-14 15:07:00 +11:00
Mark Andrews
f240f4a5de Reimplement: 
4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]
 2017-03-01 12:01:16 +11:00
Evan Hunt
a1365a0042 [master] remove unnecessary INSIST 
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]
 2017-02-23 14:34:33 -08:00
Witold Krecicki
0790f8a361 4577. [func] Make qtype of resolver fuzzing packet configurable via command line. [RT #43540] 2017-02-21 03:49:55 -08:00
Evan Hunt
650b5e7592 [master] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]
 2017-02-03 17:05:58 -08:00
Evan Hunt
a2bd99a959 [master] address portability issues 2017-01-30 16:52:18 -08:00
Evan Hunt
cd668ea57f [master] change 4558 was incomplete 2017-01-30 14:10:30 -08:00
Mark Andrews
9f4bf43b79 4558. [bug] Synthesised CNAME before matching DNAME was still 
being cached when it should have been.  [RT #44318]
 2017-01-24 17:40:12 +11:00
Evan Hunt
4f744a027f [master] fix dig +ednsopt padding error 
4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]
 2017-01-19 23:52:41 -08:00
Tinderbox User
f557aeef7c update copyright notice / whitespace 2017-01-05 23:45:24 +00:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
6adf421e7e 4510. [security] Named mishandled some responses where covering RRSIG 
records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]
 2016-12-29 11:47:19 +11:00
Mark Andrews
2c1c4b99a1 4508. [security] Named incorrectly tried to cache TKEY records which 
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]
 2016-12-29 11:07:40 +11:00
Mark Andrews
f3bf3905c3 4517. [security] Named could mishandle authority sections that were 
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
 2016-12-29 10:39:51 +11:00