ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
32,419 Commits 589 Branches 805 Tags
f8ef33db6df2462238457ea261a3ee540021635c
Commit Graph

32419 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Witold Kręcicki
f8ef33db6d post-merge-fixes 2020-08-31 11:12:41 -07:00
Witold Kręcicki
f43af328b6 tls connect: checkpoint 2020-08-31 11:12:41 -07:00
Witold Kręcicki
090161e1fc CHANGES note 2020-08-31 11:12:41 -07:00
Witold Kręcicki
1d32b9799e netmgr tcpdns: add support for DoT 
Add an optional SSL_CTX argument to isc_nm_listentcpdns - if not NULL,
use isc_nm_listentls instead of isc_nm_listentcp to listen on a TLS
socket for DoT.
 2020-08-31 10:58:37 -07:00
Witold Kręcicki
d7b441a1d5 netmgr: server-side TLS support 
Add server-side TLS support to netmgr - that includes moving some of the isc_nm_
functions from tcp.c to a wrapper in netmgr.c calling a proper tcp or tls
function, and a new isc_nm_listentls function.
 2020-08-31 10:58:37 -07:00
Witold Kręcicki
dc6811101a Add -lssl to OPENSSL_LIBS 2020-08-31 10:58:37 -07:00
Evan Hunt
5c52feb442 add more logging to the shutdown system test 2020-08-31 10:58:37 -07:00
Evan Hunt
7aa9bbb8ac clear sock->statichandle if it goes to 0 references 2020-08-31 10:58:37 -07:00
Evan Hunt
4c8f28f087 experiment: add cancelread support for UDP, tweak lookup locking 2020-08-31 10:58:37 -07:00
Evan Hunt
1817dadf5d limit the time we wait for netmgr to be destroyed 
if more than 10 seconds pass while we wait for netmgr
events to finish running on shutdown, something is almost
certainly wrong and we should assert and crash.
 2020-08-31 10:58:37 -07:00
Evan Hunt
34b0bb84ca fixup! checkpoint: convert dig to use netmgr for TCP 2020-08-31 10:58:37 -07:00
Evan Hunt
eea946e741 fixup! checkpoint: convert dig to use netmgr for TCP 2020-08-31 10:58:37 -07:00
Evan Hunt
d0f3d3f421 fixup! checkpoint: convert dig to use netmgr for UDP 2020-08-31 10:58:37 -07:00
Evan Hunt
9cefc63b4c fixup! checkpoint: convert dig to use netmgr for UDP 2020-08-31 10:58:37 -07:00
Evan Hunt
1cea2ede55 fixup! checkpoint: isc_nm_tcpdnsconnect 2020-08-31 10:58:37 -07:00
Evan Hunt
5316b99628 fixup! checkpoint: implement isc_nm_udpconnect() 2020-08-31 10:58:37 -07:00
Evan Hunt
77bedef71e checkpoint: convert dig to use netmgr for UDP 2020-08-31 10:58:37 -07:00
Evan Hunt
db354895e7 checkpoint: implement isc_nm_read() for UDP 
isc_nm_read() on a UDP socket will now read a single datagram and
stop until next time.
 2020-08-31 10:58:37 -07:00
Evan Hunt
03009e7159 checkpoint: implement isc_nm_udpconnect() 
this function sets up a UDP socket, connected to a specified peer
address, then immediately calls a callback with a handle so that
the caller can begin sending.
 2020-08-31 10:58:37 -07:00
Evan Hunt
c2adc2ac27 checkpoint: convert dig to use netmgr for TCP 2020-08-31 10:58:37 -07:00
Witold Kręcicki
cac6b52672 checkpoint: isc_nm_tcpdnsconnect 
add a function to establish outgoing TCPDNS connections.
 2020-08-31 10:58:37 -07:00
Witold Kręcicki
9748d9f4d0 Rename isc_nmsocket_t->tcphandle to statichandle 2020-08-31 10:58:37 -07:00
Ondřej Surý
96c4010fe5 Merge branch '1996-deferred-system-test' into 'main' 
[CVE-2020-8620] Fix TCP DNS buffer sizes [TEST]

See merge request isc-projects/bind9!4038
 2020-08-31 10:04:42 +00:00
Ondřej Surý
2c796bb9c8 Add PoC for assertion failure on large TCP DNS messages 2020-08-31 12:04:01 +02:00
Ondřej Surý
bd3d9f33dc Merge branch '1997-deferred-system-test' into 'main' 
[CVE-2020-8621] Ensure QNAME minimization is permanently disabled when forwarding [TEST]

See merge request isc-projects/bind9!4039
 2020-08-31 09:59:01 +00:00
Evan Hunt
dd8db89525 test whether DS chasing works correctly when forwarding 2020-08-31 11:21:22 +02:00
Ondřej Surý
ed98f65479 Merge branch '2037-deferred-system-test' into 'main' 
Resolve "[CVE-2020-8623] A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c"

See merge request isc-projects/bind9!4037
 2020-08-31 08:58:03 +00:00
Ondřej Surý
a69433ba40 Add PoC system test for pk11_numbits() assertion 2020-08-31 09:18:13 +02:00
Michał Kępień
a7b78f3a40 Fix relative path to conf.sh in cleanpkcs11.sh 2020-08-31 09:18:13 +02:00
Ondřej Surý
c3a351275b Merge branch '2028-deferred-system-test' into 'main' 
[CVE-2020-8622] Properly handle malformed truncated responses to TSIG queries [TEST]

See merge request isc-projects/bind9!4034
 2020-08-31 06:24:41 +00:00
Mark Andrews
8bbf3eb5f3 check that a malformed truncated response to a TSIG query is handled 2020-08-31 08:19:13 +02:00
Ondřej Surý
9af47af0f7 Merge branch '1928-handle-EPROTO' into 'main' 
Resolve "error: socket.c:1540: unexpected error:"

Closes #1928

See merge request isc-projects/bind9!4023
 2020-08-28 18:47:43 +00:00
Ondřej Surý
4722196b13 Add CHANGES and release note for GL #1928 2020-08-28 20:46:34 +02:00
Ondřej Surý
e0380d437d Handle EPROTO errno from recvmsg 
It was discovered, that some systems might set EPROTO instead of EACCESS
on recvmsg() call causing spurious syslog messages from the socket
code.  This commit returns soft handling of EPROTO errno code to the
socket code. [GL #1928]
 2020-08-28 20:45:52 +02:00
Ondřej Surý
f59067807e Merge branch '2104-fix-off-by-one-error-in-rehash_bits' into 'main' 
Resolve "Bind 9.16.6 due to assertion failure"

Closes #2104

See merge request isc-projects/bind9!4030
 2020-08-28 15:42:13 +00:00
Ondřej Surý
d47d2b3fe0 Add CHANGES and release notes for GL #2104 2020-08-28 16:21:56 +02:00
Ondřej Surý
78543ad5a7 Fix off-by-one error when calculating new hashtable size 
When calculating the new hashtable bitsize, there was an off-by-one
error that would allow the new bitsize to be larger than maximum allowed
causing assertion failure in the rehash() function.
 2020-08-28 16:21:21 +02:00
Michal Nowak
25d35029eb Merge branch 'mnowak/fix-tarball-test-suite.log-print' into 'main' 
Print test-suite.log correctly in tarball system test job

See merge request isc-projects/bind9!3990
 2020-08-28 12:38:32 +00:00
Michal Nowak
0c9c755952 Print test-suite.log correctly in tarball system test job 
Printing test-suite.log on system test failure does not work for system
test run from tarball because the "after_script" step does not honour
directory change from the "before_script" step and fails with:

    Running after script...
    $ cat bin/tests/system/test-suite.log
    cat: bin/tests/system/test-suite.log: No such file or directory
 2020-08-28 14:00:10 +02:00
Ondřej Surý
56ee60e130 Merge branch '2074-bind-allows-an-empty-cm-value-for-optional-loc-rdata-fields' into 'main' 
Resolve "BIND allows an empty 'cm' value for optional LOC RDATA fields"

Closes #2074

See merge request isc-projects/bind9!3988
 2020-08-26 14:28:17 +00:00
Mark Andrews
d9594cffab Add CHANGES note 2020-08-26 15:31:51 +02:00
Mark Andrews
2ca4d35037 Refactor totext_loc 2020-08-26 15:31:31 +02:00
Mark Andrews
337cc878fa Correctly encode LOC records with non integer negative altitudes. 2020-08-26 15:31:31 +02:00
Mark Andrews
888dfd78c7 Check LOC's altitude field is properly parsed and encoded. 2020-08-26 15:31:31 +02:00
Mark Andrews
9225c67835 Tighten LOC parsing to reject period and/or m as a value. 2020-08-26 15:31:31 +02:00
Mark Andrews
daca5e8912 Merge branch '2080-data-race-in-rdataset_addglue' into 'main' 
Resolve "data race in rdataset_addglue"

Closes #2080

See merge request isc-projects/bind9!3987
 2020-08-26 11:32:57 +00:00
Mark Andrews
48973c3ec6 Add CHANGES note 2020-08-26 21:16:04 +10:00
Ondřej Surý
01684cc219 Use the Fibonacci Hashing for the RBTDB glue table 
The rbtdb version glue_table has been refactored similarly to rbt.c hash
table, so it does use 32-bit hash function return values and apply
Fibonacci Hashing to lookup the index to the hash table instead of
modulo.  For more details, see the lib/dns/rbt.c commit log.
 2020-08-26 21:16:04 +10:00
Mark Andrews
33d0e8d168 rbtversion->glue_table_size must be read when holding a lock 2020-08-26 21:16:04 +10:00
Michal Nowak
0ede73b9f1 Merge branch 'mnowak/tumbleweed-fix-krb5-config-location' into 'main' 
Tumbleweed changed location of krb5-config

See merge request isc-projects/bind9!4016
 2020-08-26 08:57:20 +00:00