Commit Graph
620 Commits
Author SHA1 Message Date
Ondřej Surý 8ad12f613e Fix extra closing parenthesis in DNSTAP code 2018-08-12 16:12:14 +02:00
Ondřej Surý 1084b40b44 Replace custom isc_boolean_t with C standard bool type
(cherry picked from commit 994e656977)
(cherry picked from commit 884929400c)
2018-08-10 15:20:57 +02:00
Ondřej Surý aaa76dc654 Replace custom isc_u?intNN_t types with C99 u?intNN_t types
(cherry picked from commit cb6a185c69)
(cherry picked from commit d61e6a3111)
2018-08-10 15:20:57 +02:00
Ondřej Surý bfc6a25f2d Replace ISC_PRINT_QUADFORMAT with inttypes.h format constants
(cherry picked from commit 64fe6bbaf2)
(cherry picked from commit c863a076ae)
2018-08-10 15:20:57 +02:00
Evan Hunt ba162bd0d4 caclulate nlabels and set *chainingp correctly
(cherry picked from commit e78e55f435)
2018-08-08 14:27:44 -07:00
Evan Hunt 98b2377de3 explicit DNAME query could trigger a crash if deny-answer-aliases was set
(cherry picked from commit a21c3810d3453548cc05ae19995125dabea9ca9c)
(cherry picked from commit 6e187b8656)
2018-08-08 14:27:17 -07:00
Witold Kręcicki 9b17be187f Don't fetch DNSKEY when fuzzing resolver
(cherry picked from commit cb3208aa43)
2018-06-06 15:27:27 +02:00
Evan Hunt 920eb326a5 Merge branch '183-add-dns_fixedname_initname-v9_11' into 'v9_11'
Add and use dns_fixedname_initname()

Closes #183

See merge request isc-projects/bind9!161
2018-04-10 14:08:27 -07:00
Michał KępieńandEvan Hunt ecea678dac Use dns_fixedname_initname() where possible
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.

This patch was mostly prepared using Coccinelle and the following
semantic patch:

    @@
    expression fixedname, name;
    @@
    -	dns_fixedname_init(&fixedname);
    	...
    -	name = dns_fixedname_name(&fixedname);
    +	name = dns_fixedname_initname(&fixedname);

The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.

It is likely that more occurrences of this pattern can be refactored in
an identical way.  This commit only takes care of the low-hanging fruit.

(cherry picked from commit 4df4a8e731)
(cherry picked from commit 0041aeb751)
2018-04-10 13:26:23 -07:00
Evan Hunt 8b205089b7 update file headers to remove copyright years 2018-03-14 16:40:20 -07:00
Mark Andrews 82b109bf5d adjust goto target and conditional compilation so that cleanup_spillattimer and cleanup_alglock labels match the element to be cleanup and so that they are always used
(cherry picked from commit 7b27be54ee)
2018-02-26 10:40:09 +11:00
Petr MenšíkandEvan Hunt 6876501605 Reuse new function from rt46864 for similar block elsewhere.
(cherry picked from commit e7a93321f0)
(cherry picked from commit cb98ce8e67)
2018-02-23 13:52:43 -08:00
Mark Andrews 9cc1ea9566 use %u instead of %d 2018-02-16 14:32:24 +11:00
Mukund Sivaraman 929329d2d6 Fix various bugs reported by valgrind --tool=memcheck (#46978)
(cherry picked from commit f96133826e)
(cherry picked from commit 0374e1c3fd)
2018-01-13 11:47:46 +05:30
Tinderbox User dc2a85bed7 update copyright notice / whitespace 2018-01-04 23:46:19 +00:00
Evan Hunt 7ff28f5bef [v9_11] block validator deadlock and prevent use-after-free
4859.	[bug]		A loop was possible when attempting to validate
			unsigned CNAME responses from secure zones;
			this caused a delay in returning SERVFAIL and
			also increased the chances of encountering
			CVE-2017-3145. [RT #46839]

4858.	[security]	Addresses could be referenced after being freed
			in resolver.c, causing an assertion failure.
			(CVE-2017-3145) [RT #46839]
2018-01-03 19:19:46 -08:00
Michał Kępień 2d517e233f [v9_11] Refactor reclimit system test
4823.	[test]		Refactor reclimit system test to improve its
			reliability and speed. [RT #46632]

(cherry picked from commit 6035d557c4)
2017-11-21 10:33:08 +01:00
Evan Hunt 5d7d67f82a [v9_11] ignore cache when sending 5011 refresh queries
4771.	[bug]		When sending RFC 5011 refresh queries, disregard
			cached DNSKEY rrsets. [RT #46251]

(cherry picked from commit b2597ce86b)
2017-10-11 14:24:52 -07:00
Evan Hunt 6216df5ccd [v9_11] reduce unnecessary priming queries
4770.	[bug]		Cache additional data from priming queries as glue.
			Previously they were ignored as unsigned
			non-answer data from a secure zone, and never
			actually got added to the cache, causing hints
			to be used frequently for root-server
			addresses, which triggered re-priming. [RT #45241]

(cherry picked from commit 5de02a075b)
2017-10-11 09:07:37 -07:00
Mark Andrews 62cce53589 tcp test got reversed
(cherry picked from commit b4c31c8795)
2017-09-27 15:20:16 +10:00
Mark Andrews d72952cf25 4739. [cleanup] Address clang static analysis warnings. [RT #45952]
(cherry picked from commit f9f3f20d2d)
2017-09-27 10:58:44 +10:00
Evan Hunt 7cd594b842 [master] cleanup strcat/strcpy
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]

(cherry picked from commit 114f95089c)
2017-09-13 00:17:16 -07:00
Evan Hunt a2a0100e0f [v9_11] improve handling of qcount=0 replies
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]

(cherry picked from commit 25b33bede4)
2017-09-12 15:27:06 -07:00
Mark Andrews bf216589c1 4675. [cleanup] Don't use C++ keyword class. [RT #45726] 2017-08-10 08:44:23 +10:00
Evan Hunt 7dbeb5e7f0 [v9_11] silence gcc 7 warnings
4673.	[port]		Silence GCC 7 warnings. [RT #45592]

(cherry picked from commit cdacec1dcb)
2017-08-09 00:24:16 -07:00
Mark AndrewsandMukund Sivaraman 93049edb81 add comment 2017-08-09 10:48:33 +05:30
Evan HuntandMukund Sivaraman 72f91848ef style 2017-08-09 10:48:29 +05:30
Mark Andrews a5f6549534 style changes from [RT #45321]
(cherry picked from commit bcb2df226f)
2017-08-09 07:49:38 +10:00
Mukund Sivaraman 6e10f87913 Fix a race in resume_dslookup() (#45168)
(cherry picked from commit c88efb83b3)
2017-08-08 13:11:11 +05:30
Mark Andrews bfde61d519 4654. [cleanup] Don't use C++ keywords delete, new and namespace.
[RT #45538]

(cherry picked from commit 4bf32aa587)
2017-07-21 12:28:58 +10:00
Mark Andrews 7fcbbd6fa9 4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]

(cherry picked from commit 638c7c635d)
2017-03-14 15:12:03 +11:00
Mark Andrews c006cfc5a2 Reimplement:
4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]

(cherry picked from commit f240f4a5de)
2017-03-01 12:02:39 +11:00
Evan Hunt 559cbe04e7 [v9_11] remove unnecessary INSIST and prep 9.11.1rc2
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

(cherry picked from commit a1365a0042)
2017-02-23 14:55:10 -08:00
Evan Hunt 07b7a3eade [v9_11] store local and remote addresses in dnstap
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]

(cherry picked from commit 650b5e7592)
2017-02-03 17:11:06 -08:00
Evan Hunt 05fce8cfff [v9_11] address portability issues
(cherry picked from commit a2bd99a959)
2017-01-30 16:52:32 -08:00
Evan Hunt 781f6daa74 [v9_11] change 4558 was incomplete
(cherry picked from commit cd668ea57f)
2017-01-30 14:11:17 -08:00
Tinderbox User 5688a47c15 update copyright notice / whitespace 2017-01-24 23:45:58 +00:00
Mark Andrews 4441328a1d 4558. [bug] Synthesised CNAME before matching DNAME was still
being cached when it should have been.  [RT #44318]

(cherry picked from commit 9f4bf43b79)
2017-01-24 17:41:17 +11:00
Mark Andrews 701aa95d96 4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]

(cherry picked from commit 6adf421e7e)
2016-12-29 11:49:06 +11:00
Mark Andrews b243aa40f9 4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]

(cherry picked from commit 2c1c4b99a1)
2016-12-29 11:17:14 +11:00
Mark Andrews 2595d1da35 4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
2016-12-29 10:41:06 +11:00
Mark Andrews d77cab69bf 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
                        [RT #43779]

(cherry picked from commit 60cb462c56)
2016-12-09 12:51:09 +11:00
Mark Andrews 7c66fc9700 4489. [security] It was possible to trigger assertions when processing
a response. (CVE-2016-8864) [RT #43465]

(cherry picked from commit bd6f27f5c3)
2016-10-21 14:56:20 +11:00
Mark Andrews 47f8b47b8d 9.11.0rc3 2016-09-20 21:19:46 +10:00
Mark Andrews d1cacbb374 4453. [bug] Prefetching of DS records failed to update their
RRSIGs. [RT #42865]

(cherry picked from commit f431bf02a6)
2016-08-25 09:53:50 +10:00
Mark Andrews f8ef82e475 sync 2016-07-12 11:34:50 +10:00
Mark Andrews 35c014cb1d 4408. [func] Continue waiting for expected response when we the
response we get does not match the request. [RT #41026]

(cherry picked from commit ec5e01747a)
2016-07-12 11:33:49 +10:00
Mark Andrews cccfafa311 4403. [bug] Rename variables and arguments that shadow: basename,
clone and gai_error.

(cherry picked from commit ecfa005085)
2016-06-29 11:26:49 +10:00
Mark Andrews 0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Witold Krecicki 19d80ce584 4358. [test] Added American Fuzzy Lop harness that allows
feeding fuzzed packets into BIND.
			[RT #41723]
2016-05-05 11:49:38 +02:00