6145 Commits

Author SHA1 Message Date
Mark Andrews
c43edd377b 4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]

(cherry picked from commit 638c7c635d)
2017-03-14 15:17:32 +11:00
Mark Andrews
b99d097cc4 Reimplement:
4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]

(cherry picked from commit f240f4a5de)
2017-03-01 12:07:56 +11:00
Evan Hunt
fcf1874867 [v9_9] remove unnecessary INSIST and prep 9.11.1rc2
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

(cherry picked from commit a1365a0042)
(cherry picked from commit 559cbe04e7)
2017-02-23 15:26:55 -08:00
Mark Andrews
039a1489c8 explicitly cast to (unsigned int) 2017-02-20 17:05:53 +11:00
Mark Andrews
31099ddd3c explictly cast to isc_stdtime_t
(cherry picked from commit 9998a15284)
2017-02-20 16:57:41 +11:00
Mark Andrews
4ebbb52b1b record ranges; account for -P's 2017-02-16 12:10:14 +11:00
Evan Hunt
b4a0711e17 [v9_9] prep 9.9.10rc1 2017-02-04 22:36:23 -08:00
Mark Andrews
182d657891 remove outdated cvs $Id strings 2017-02-03 18:44:36 +11:00
Tinderbox User
2444ab6b88 update copyright notice / whitespace 2017-02-02 23:48:58 +00:00
Evan Hunt
3e43702524 [v9_9] Squashed commit of the following:
4561.	[port]		Silence a warning in strict C99 compilers. [RT #44414]

(cherry picked from commit 6cb5e36ca3)
2017-02-01 17:31:37 -08:00
Tinderbox User
485b9c96c2 update copyright notice / whitespace 2017-01-31 23:48:07 +00:00
Evan Hunt
ad1ebb5b28 [v9_9] address portability issues
(cherry picked from commit a2bd99a959)
2017-01-30 16:52:42 -08:00
Mark Andrews
8da7fa7b52 add a REQUIRE to catch the NULL pointer dereference that triggered CVE-2017-3135
(cherry picked from commit 1d8995d226)
2017-01-31 11:21:25 +11:00
Evan Hunt
a6bae6d52c [v9_9] change 4558 was incomplete
(cherry picked from commit cd668ea57f)
2017-01-30 14:11:30 -08:00
Tinderbox User
9e04eb78f1 update copyright notice / whitespace 2017-01-24 23:47:30 +00:00
Mark Andrews
b15e927949 4560. [bug] mdig: add -m option to enable memory debugging rather
than have in on all the time. [RT #44509]

4559.   [bug]           Openssl_link.c didn't compile if ISC_MEM_TRACKLINES
                        was turned off.  [RT #44509]

(cherry picked from commit 25da687db7)
(cherry picked from commit f7903e4bcc)
2017-01-24 17:50:24 +11:00
Mark Andrews
0ce2803ae7 4558. [bug] Synthesised CNAME before matching DNAME was still
being cached when it should have been.  [RT #44318]

(cherry picked from commit 9f4bf43b79)
2017-01-24 17:41:27 +11:00
Tinderbox User
38e1c56c6d update copyright notice / whitespace 2017-01-14 23:47:28 +00:00
Mark Andrews
830f1c2f03 4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
[RT #44336]

(cherry picked from commit 5dfa5221d5)
2017-01-14 13:14:41 +11:00
Tinderbox User
eed41a2afc update copyright notice / whitespace 2017-01-13 23:47:32 +00:00
Mark Andrews
f837844b4f make e's declaration unconditional. [RT #44324]
(cherry picked from commit b8eee0f48d)
2017-01-13 16:10:50 +11:00
Tinderbox User
0ed649b6e5 update copyright notice / whitespace 2017-01-12 23:48:25 +00:00
Mark Andrews
ab9537f521 4553. [bug] Named could deadlock there were multiple changes to
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]

(cherry picked from commit d2e1b47d4f)
2017-01-12 14:26:17 +11:00
Tinderbox User
fd687693fd update copyright notice / whitespace 2017-01-11 23:47:22 +00:00
Evan Hunt
7d73d9aafb [v9_9] expand the flags field in dns_master_style
4550.	[cleanup]	Increased the number of available master file
			output style flags from 32 to 64. [RT #44043]
2017-01-11 12:05:54 -08:00
Mark Andrews
0faee78f98 9.9.10b1 2016-12-29 13:36:32 +11:00
Evan Hunt
3204e83716 [v9_9] silence warning
(cherry picked from commit b3aebb5890)
2016-12-28 17:54:52 -08:00
Mark Andrews
a14b7f0187 4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]

(cherry picked from commit 6adf421e7e)
2016-12-29 11:53:58 +11:00
Mark Andrews
d372472f60 4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]

(cherry picked from commit 2c1c4b99a1)
2016-12-29 11:35:54 +11:00
Tinderbox User
c38b1c7115 update copyright notice / whitespace 2016-12-28 23:58:02 +00:00
Mark Andrews
69cb8ebf15 4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
2016-12-29 10:46:44 +11:00
Mark Andrews
c161d54a65 4543. [bug] dns_client_startupdate now delays sending the update
request until isc_app_ctxrun has been called.
                        [RT #43976]

(cherry picked from commit 6f94747270)
2016-12-28 15:56:30 +11:00
Tinderbox User
7429284419 update copyright notice / whitespace 2016-12-26 23:51:09 +00:00
Mark Andrews
2af18c1396 4538. [bug] Call dns_client_startresolve from client->task.
[RT #43896]

(cherry picked from commit aceabacdb8)
2016-12-27 07:15:23 +11:00
Mark Andrews
0e43b24249 if gen fails remove the file [RT #43949]
(cherry picked from commit e17d2f98be)
2016-12-23 09:21:26 +11:00
Mark Andrews
3fe3359031 4535. [bug] Address race condition in setting / testing of
DNS_REQUEST_F_SENDING. [RT #43889]

(cherry picked from commit 37a8db0ba4)
2016-12-14 10:34:43 +11:00
Mark Andrews
bcdf316ca5 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
(cherry picked from commit def6b33bad)
2016-12-13 16:38:50 +11:00
Mark Andrews
0aa9619f9e 4533. [bug] dns_client_update should terminate on prerequiste
failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
                        and also on BADZONE.  [RT #43865]

(cherry picked from commit 8ca45ba01a)
2016-12-13 16:12:45 +11:00
Mark Andrews
2c74ad28ef 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
                        [RT #43779]

(cherry picked from commit 60cb462c56)
2016-12-09 12:51:40 +11:00
Mark Andrews
2b97639b9b use isc_mem_create2 2016-11-09 16:24:48 +11:00
Mark Andrews
01b507f4b4 missing semicolon 2016-11-09 15:49:33 +11:00
Tinderbox User
ff69a0423e update copyright notice / whitespace 2016-11-08 23:57:34 +00:00
Mark Andrews
193c1e2618 back port alway use a private memory pool with openssl 2016-11-09 10:22:35 +11:00
Mark Andrews
8176815e04 back port alway use a private memory pool with openssl 2016-11-09 10:17:28 +11:00
Mark Andrews
964e19cea8 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-11-09 09:59:32 +11:00
Mark Andrews
344911083f remove spurious newline [RT #43585]
(cherry picked from commit fed2f7e4c1)
2016-11-09 08:27:37 +11:00
Tinderbox User
fc6f778fd8 update copyright notice / whitespace 2016-11-03 23:51:28 +00:00
Tinderbox User
a06917d08f update copyright notice / whitespace 2016-11-02 23:51:39 +00:00
Mark Andrews
bd3a5fe9c1 add dns_db_getsize, dns_rdataslab_count, dns_zone_getmaxrecords, dns_zone_setmaxrecords
(cherry picked from commit aee76db9e3)
2016-11-03 10:48:33 +11:00
Mark Andrews
51fe40fd59 4504. [security] Allow the maximum number of records in a zone to
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

(cherry picked from commit 5f8412a4cb)
2016-11-03 10:46:37 +11:00