[v9_6_ESV_R9_patch] [v9_6_ESV_R9_patch] [v9_6_ESV_R9_patch] assertion failure in resolver.c

3584. [security] Caching data from an incompletely signed zone could trigger an assertion failure in resolver.c [RT #33690] (cherry picked from commit 276457f7a3)
Merge branch 'v9_6' into v9_6_ESV_R9_patch
2013-06-04 11:30:48 -07:00 · 2013-05-17 14:20:19 +10:00 · 2013-04-05 13:38:06 +11:00 · 2013-03-07 14:10:38 +11:00 · 2013-01-17 23:28:17 +11:00 · 2013-01-17 21:46:50 +11:00
3 changed files with 29 additions and 7 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
+	--- 9.6-ESV-R9-P1 released ---
+
+3584.	[security]	Caching data from an incompletely signed zone could
+			trigger an assertion failure in resolver.c [RT #33690]
+
 	--- 9.6-ESV-R9 released ---

 3568.	[cleanup]	Add a product description line to the version file,
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -4372,7 +4372,7 @@ fctx_log(void *arg, int level, const char *fmt, ...) {

 static inline isc_result_t
 findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
-	    dns_name_t **noqname)
+	    dns_name_t **noqnamep)
 {
 	dns_rdataset_t *nrdataset, *next, *sigrdataset;
 	dns_rdata_rrsig_t rrsig;
@@ -4385,10 +4385,12 @@ findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
 	dns_fixedname_t fclosest;
 	dns_name_t *nearest;
 	dns_fixedname_t fnearest;
+	dns_rdatatype_t found = dns_rdatatype_none;
+	dns_name_t *noqname = NULL;

 	FCTXTRACE("findnoqname");

-	REQUIRE(noqname != NULL && *noqname == NULL);
+	REQUIRE(noqnamep != NULL && *noqnamep == NULL);

 	/*
 	 * Find the SIG for this rdataset, if we have it.
@@ -4457,8 +4459,10 @@ findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
 							&data, NULL, fctx_log,
 							fctx)))
 			{
-				if (!exists)
-					*noqname = nsec;
+				if (!exists) {
+					noqname = nsec;
+					found = dns_rdatatype_nsec;
+				}
 			}

 			if (nrdataset->type == dns_rdatatype_nsec3 &&
@@ -4471,13 +4475,26 @@ findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
 							 closest, nearest,
 							 fctx_log, fctx)))
 			{
-				if (!exists && setnearest)
-					*noqname = nsec;
+				if (!exists && setnearest) {
+					noqname = nsec;
+					found = dns_rdatatype_nsec3;
+				}
 			}
 		}
 	}
 	if (result == ISC_R_NOMORE)
 		result = ISC_R_SUCCESS;
+	if (noqname != NULL) {
+		for (sigrdataset = ISC_LIST_HEAD(noqname->list);
+		     sigrdataset != NULL;
+		     sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
+			if (sigrdataset->type == dns_rdatatype_rrsig &&
+			    sigrdataset->covers == found)
+				break;
+		}
+		if (sigrdataset != NULL)
+			*noqnamep = noqname;
+	}
 	return (result);
 }

--- a/2
+++ b/2
@@ -9,4 +9,4 @@ MAJORVER=9
 MINORVER=6
 PATCHVER=
 RELEASETYPE=-ESV
-RELEASEVER=-R9
+RELEASEVER=-R9-P1
Author	SHA1	Message	Date
Evan Hunt	a058f20157	[v9_6_ESV_R9_patch] [v9_6_ESV_R9_patch] [v9_6_ESV_R9_patch] assertion failure in resolver.c 3584. [security] Caching data from an incompletely signed zone could trigger an assertion failure in resolver.c [RT #33690] (cherry picked from commit `276457f7a3`)	2013-06-04 11:30:48 -07:00
Mark Andrews	26f80ec074	Merge branch 'v9_6' into v9_6_ESV_R9_patch	2013-05-17 14:20:19 +10:00
Mark Andrews	221938eb13	Merge branch 'v9_6' into v9_6_ESV_R9_patch	2013-04-05 13:38:06 +11:00
Mark Andrews	76e3c29589	Merge branch 'v9_6' into v9_6_ESV_R9_patch	2013-03-07 14:10:38 +11:00
Mark Andrews	e94ac892c2	add POST's	2013-01-17 23:28:17 +11:00
Mark Andrews	a780d59dc0	s/head/tail/	2013-01-17 21:46:50 +11:00
Mark Andrews	de2b276072	Silence "Access to field 'type' results in a dereference of a null pointer" by adding appropriate assertions.	2013-01-17 14:46:30 +11:00
Mark Andrews	4102127022	Silence "Use of memory after it is freed" by asserting the head and tail of list are not the element after it is unlinked from the list.	2013-01-17 14:23:10 +11:00
Mark Andrews	f0f37e9e96	silence compiler warning: Value stored to '?' is never used	2013-01-16 07:14:55 +11:00
Mark Andrews	547fb9915c	fix typo	2013-01-11 17:53:28 +11:00
Mark Andrews	eb915aa4f5	add dns_zone_clearqueryaoncl, dns_zone_getqueryaoncl	2013-01-11 16:55:13 +11:00
Mark Andrews	aaa146f137	windows snprint support	2013-01-11 16:28:01 +11:00