Ondřej Surý
8ad12f613e
Fix extra closing parenthesis in DNSTAP code
2018-08-12 16:12:14 +02:00
Ondřej Surý
1084b40b44
Replace custom isc_boolean_t with C standard bool type
...
(cherry picked from commit 994e656977 )
(cherry picked from commit 884929400c )
2018-08-10 15:20:57 +02:00
Ondřej Surý
aaa76dc654
Replace custom isc_u?intNN_t types with C99 u?intNN_t types
...
(cherry picked from commit cb6a185c69 )
(cherry picked from commit d61e6a3111 )
2018-08-10 15:20:57 +02:00
Ondřej Surý
bfc6a25f2d
Replace ISC_PRINT_QUADFORMAT with inttypes.h format constants
...
(cherry picked from commit 64fe6bbaf2 )
(cherry picked from commit c863a076ae )
2018-08-10 15:20:57 +02:00
Evan Hunt
ba162bd0d4
caclulate nlabels and set *chainingp correctly
...
(cherry picked from commit e78e55f435 )
2018-08-08 14:27:44 -07:00
Evan Hunt
98b2377de3
explicit DNAME query could trigger a crash if deny-answer-aliases was set
...
(cherry picked from commit a21c3810d3453548cc05ae19995125dabea9ca9c)
(cherry picked from commit 6e187b8656 )
2018-08-08 14:27:17 -07:00
Witold Kręcicki
9b17be187f
Don't fetch DNSKEY when fuzzing resolver
...
(cherry picked from commit cb3208aa43 )
2018-06-06 15:27:27 +02:00
Evan Hunt
920eb326a5
Merge branch '183-add-dns_fixedname_initname-v9_11' into 'v9_11'
...
Add and use dns_fixedname_initname()
Closes #183
See merge request isc-projects/bind9!161
2018-04-10 14:08:27 -07:00
Michał Kępień and Evan Hunt
ecea678dac
Use dns_fixedname_initname() where possible
...
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.
This patch was mostly prepared using Coccinelle and the following
semantic patch:
@@
expression fixedname, name;
@@
- dns_fixedname_init(&fixedname);
...
- name = dns_fixedname_name(&fixedname);
+ name = dns_fixedname_initname(&fixedname);
The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.
It is likely that more occurrences of this pattern can be refactored in
an identical way. This commit only takes care of the low-hanging fruit.
(cherry picked from commit 4df4a8e731 )
(cherry picked from commit 0041aeb751 )
2018-04-10 13:26:23 -07:00
Evan Hunt
8b205089b7
update file headers to remove copyright years
2018-03-14 16:40:20 -07:00
Mark Andrews
82b109bf5d
adjust goto target and conditional compilation so that cleanup_spillattimer and cleanup_alglock labels match the element to be cleanup and so that they are always used
...
(cherry picked from commit 7b27be54ee )
2018-02-26 10:40:09 +11:00
Petr Menšík and Evan Hunt
6876501605
Reuse new function from rt46864 for similar block elsewhere.
...
(cherry picked from commit e7a93321f0 )
(cherry picked from commit cb98ce8e67 )
2018-02-23 13:52:43 -08:00
Mark Andrews
9cc1ea9566
use %u instead of %d
2018-02-16 14:32:24 +11:00
Mukund Sivaraman
929329d2d6
Fix various bugs reported by valgrind --tool=memcheck ( #46978 )
...
(cherry picked from commit f96133826e )
(cherry picked from commit 0374e1c3fd )
2018-01-13 11:47:46 +05:30
Tinderbox User
dc2a85bed7
update copyright notice / whitespace
2018-01-04 23:46:19 +00:00
Evan Hunt
7ff28f5bef
[v9_11] block validator deadlock and prevent use-after-free
...
4859. [bug] A loop was possible when attempting to validate
unsigned CNAME responses from secure zones;
this caused a delay in returning SERVFAIL and
also increased the chances of encountering
CVE-2017-3145. [RT #46839 ]
4858. [security] Addresses could be referenced after being freed
in resolver.c, causing an assertion failure.
(CVE-2017-3145) [RT #46839 ]
2018-01-03 19:19:46 -08:00
Michał Kępień
2d517e233f
[v9_11] Refactor reclimit system test
...
4823. [test] Refactor reclimit system test to improve its
reliability and speed. [RT #46632 ]
(cherry picked from commit 6035d557c4 )
2017-11-21 10:33:08 +01:00
Evan Hunt
5d7d67f82a
[v9_11] ignore cache when sending 5011 refresh queries
...
4771. [bug] When sending RFC 5011 refresh queries, disregard
cached DNSKEY rrsets. [RT #46251 ]
(cherry picked from commit b2597ce86b )
2017-10-11 14:24:52 -07:00
Evan Hunt
6216df5ccd
[v9_11] reduce unnecessary priming queries
...
4770. [bug] Cache additional data from priming queries as glue.
Previously they were ignored as unsigned
non-answer data from a secure zone, and never
actually got added to the cache, causing hints
to be used frequently for root-server
addresses, which triggered re-priming. [RT #45241 ]
(cherry picked from commit 5de02a075b )
2017-10-11 09:07:37 -07:00
Mark Andrews
62cce53589
tcp test got reversed
...
(cherry picked from commit b4c31c8795 )
2017-09-27 15:20:16 +10:00
Mark Andrews
d72952cf25
4739. [cleanup] Address clang static analysis warnings. [RT #45952 ]
...
(cherry picked from commit f9f3f20d2d )
2017-09-27 10:58:44 +10:00
Evan Hunt
7cd594b842
[master] cleanup strcat/strcpy
...
4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of
strlcpy() and strlcat() for safety. [RT #45981 ]
(cherry picked from commit 114f95089c )
2017-09-13 00:17:16 -07:00
Evan Hunt
a2a0100e0f
[v9_11] improve handling of qcount=0 replies
...
4717. [bug] Treat replies with QCOUNT=0 as truncated if TC=1,
FORMERR if TC=0, and log the error correctly.
[RT #45836 ]
(cherry picked from commit 25b33bede4 )
2017-09-12 15:27:06 -07:00
Mark Andrews
bf216589c1
4675. [cleanup] Don't use C++ keyword class. [RT #45726 ]
2017-08-10 08:44:23 +10:00
Evan Hunt
7dbeb5e7f0
[v9_11] silence gcc 7 warnings
...
4673. [port] Silence GCC 7 warnings. [RT #45592 ]
(cherry picked from commit cdacec1dcb )
2017-08-09 00:24:16 -07:00
Mark Andrews and Mukund Sivaraman
93049edb81
add comment
2017-08-09 10:48:33 +05:30
Evan Hunt and Mukund Sivaraman
72f91848ef
style
2017-08-09 10:48:29 +05:30
Mark Andrews
a5f6549534
style changes from [RT #45321 ]
...
(cherry picked from commit bcb2df226f )
2017-08-09 07:49:38 +10:00
Mukund Sivaraman
6e10f87913
Fix a race in resume_dslookup() ( #45168 )
...
(cherry picked from commit c88efb83b3 )
2017-08-08 13:11:11 +05:30
Mark Andrews
bfde61d519
4654. [cleanup] Don't use C++ keywords delete, new and namespace.
...
[RT #45538 ]
(cherry picked from commit 4bf32aa587 )
2017-07-21 12:28:58 +10:00
Mark Andrews
7fcbbd6fa9
4580. [bug] 4578 introduced a regression when handling CNAME to
...
referral below the current domain. [RT #44850 ]
(cherry picked from commit 638c7c635d )
2017-03-14 15:12:03 +11:00
Mark Andrews
c006cfc5a2
Reimplement:
...
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734 ]
(cherry picked from commit f240f4a5de )
2017-03-01 12:02:39 +11:00
Evan Hunt
559cbe04e7
[v9_11] remove unnecessary INSIST and prep 9.11.1rc2
...
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734 ]
(cherry picked from commit a1365a0042 )
2017-02-23 14:55:10 -08:00
Evan Hunt
07b7a3eade
[v9_11] store local and remote addresses in dnstap
...
4569. [func] Store both local and remote addresses in dnstap
logging, and modify dnstap-read output format to
print them. [RT #43595 ]
(cherry picked from commit 650b5e7592 )
2017-02-03 17:11:06 -08:00
Evan Hunt
05fce8cfff
[v9_11] address portability issues
...
(cherry picked from commit a2bd99a959 )
2017-01-30 16:52:32 -08:00
Evan Hunt
781f6daa74
[v9_11] change 4558 was incomplete
...
(cherry picked from commit cd668ea57f )
2017-01-30 14:11:17 -08:00
Tinderbox User
5688a47c15
update copyright notice / whitespace
2017-01-24 23:45:58 +00:00
Mark Andrews
4441328a1d
4558. [bug] Synthesised CNAME before matching DNAME was still
...
being cached when it should have been. [RT #44318 ]
(cherry picked from commit 9f4bf43b79 )
2017-01-24 17:41:17 +11:00
Mark Andrews
701aa95d96
4510. [security] Named mishandled some responses where covering RRSIG
...
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
[RT #43548 ]
(cherry picked from commit 6adf421e7e )
2016-12-29 11:49:06 +11:00
Mark Andrews
b243aa40f9
4508. [security] Named incorrectly tried to cache TKEY records which
...
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522 ]
(cherry picked from commit 2c1c4b99a1 )
2016-12-29 11:17:14 +11:00
Mark Andrews
2595d1da35
4517. [security] Named could mishandle authority sections that were
...
missing RRSIGs triggering an assertion failure.
(CVE-2016-9444) [RT # 43632]
(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
2016-12-29 10:41:06 +11:00
Mark Andrews
d77cab69bf
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
...
in responses resulting in SERVFAIL being returned.
[RT #43779 ]
(cherry picked from commit 60cb462c56 )
2016-12-09 12:51:09 +11:00
Mark Andrews
7c66fc9700
4489. [security] It was possible to trigger assertions when processing
...
a response. (CVE-2016-8864) [RT #43465 ]
(cherry picked from commit bd6f27f5c3 )
2016-10-21 14:56:20 +11:00
Mark Andrews
47f8b47b8d
9.11.0rc3
2016-09-20 21:19:46 +10:00
Mark Andrews
d1cacbb374
4453. [bug] Prefetching of DS records failed to update their
...
RRSIGs. [RT #42865 ]
(cherry picked from commit f431bf02a6 )
2016-08-25 09:53:50 +10:00
Mark Andrews
f8ef82e475
sync
2016-07-12 11:34:50 +10:00
Mark Andrews
35c014cb1d
4408. [func] Continue waiting for expected response when we the
...
response we get does not match the request. [RT #41026 ]
(cherry picked from commit ec5e01747a )
2016-07-12 11:33:49 +10:00
Mark Andrews
cccfafa311
4403. [bug] Rename variables and arguments that shadow: basename,
...
clone and gai_error.
(cherry picked from commit ecfa005085 )
2016-06-29 11:26:49 +10:00
Mark Andrews
0c27b3fe77
4401. [misc] Change LICENSE to MPL 2.0.
2016-06-27 14:56:38 +10:00
Witold Krecicki
19d80ce584
4358. [test] Added American Fuzzy Lop harness that allows
...
feeding fuzzed packets into BIND.
[RT #41723 ]
2016-05-05 11:49:38 +02:00