4183. [cleanup] Use timing-safe memory comparisons in cryptographic
code. Also, the timing-safe comparison functions have
been renamed to avoid possible confusion with
memcmp(). [RT #40148]
(cherry picked from commit 420a43c8d8)
3938. [func] Added quotas to be used in recursive resolvers
that are under high query load for names in zones
whose authoritative servers are nonresponsive or
are experiencing a denial of service attack.
- "fetches-per-server" limits the number of
simultaneous queries that can be sent to any
single authoritative server. The configured
value is a starting point; it is automatically
adjusted downward if the server is partially or
completely non-responsive. The algorithm used to
adjust the quota can be configured via the
"fetch-quota-params" option.
- "fetches-per-zone" limits the number of
simultaneous queries that can be sent for names
within a single domain. (Note: Unlike
"fetches-per-server", this value is not
self-tuning.)
- New stats counters have been added to count
queries spilled due to these quotas.
These options are not available by default;
use "configure --enable-fetchlimit" (or
--enable-developer) to include them in the build.
See the ARM for details of these options. [RT #37125]
4123. [port] Added %z (size_t) format options to the portable
internal printf/sprintf implementation. [RT #39586]
(cherry picked from commit cadf8d687b)
and do some other isc mem cleanups.
(cherry picked from commit 24f2cc7d06)
Conflicts:
CHANGES
(cherry picked from commit 26406f9997)
Conflicts:
lib/isc/mem.c
This triggers a Valgrind out-of-bounds read report. It was introduced by
commit 5d7849ad7f.
No CHANGES entry necessary as it doesn't have any user-visible or
behavioral change. It removes an out-of-bounds read issue that went
undetected when allocated through isc_mem as the memory was present.
The memory read was compared to itself, so it has no behavioral change.
(cherry picked from commit ffc393dd18)
4056. [bug] Fixed several small bugs in automatic trust anchor
management, including a memory leak and a possible
loss of key state information. [RT #38458]
