upstream/oracle/userland-gate: components/bind/patches/011-RT43522.patch@12dea84f307b (annotated)

7592 12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	1	This patch was derived from a source code patch provided by ISC to
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	2	resolve ISC ticket RT #43522. [9.6-ESV-R11-S10]
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	3
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	4	--- old/./CHANGES Wed Jan 11 23:20:20 2017
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	5	+++ new/./CHANGES Wed Jan 11 23:20:20 2017
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	6	@@ -1,3 +1,9 @@
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	7	+ --- 9.6-ESV-R11-S10 released ---
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	8	+
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	9	+4508. [security] Named incorrectly tried to cache TKEY records which
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	10	+ could trigger a assertion failure when there was
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	11	+ a class mismatch. (CVE-2016-9131) [RT #43522]
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	12	+
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	13	--- 9.6-ESV-R11-S9 released ---
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	14
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	15	4489. [security] It was possible to trigger assertions when processing
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	16	--- old/lib/dns/resolver.c Wed Jan 11 23:20:20 2017
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	17	+++ new/lib/dns/resolver.c Wed Jan 11 23:20:20 2017
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	18	@@ -1,5 +1,5 @@
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	19	/*
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	20	- * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	21	+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	22	* Copyright (C) 1999-2003 Internet Software Consortium.
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	23	*
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	24	* Permission to use, copy, modify, and/or distribute this software for any
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	25	@@ -5848,6 +5848,25 @@
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	26	ISC_LOG_NOTICE, "NSEC3 in answer");
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	27	return (DNS_R_FORMERR);
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	28	}
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	29	+ if (rdataset->type == dns_rdatatype_tkey) {
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	30	+ /*
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	31	+ * TKEY is not a valid record in a
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	32	+ * response to any query we can make.
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	33	+ */
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	34	+ isc_log_write(dns_lctx,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	35	+ DNS_LOGCATEGORY_RESOLVER,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	36	+ DNS_LOGMODULE_RESOLVER,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	37	+ ISC_LOG_NOTICE, "TKEY in answer");
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	38	+ return (DNS_R_FORMERR);
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	39	+ }
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	40	+ if (rdataset->rdclass != fctx->res->rdclass) {
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	41	+ isc_log_write(dns_lctx,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	42	+ DNS_LOGCATEGORY_RESOLVER,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	43	+ DNS_LOGMODULE_RESOLVER,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	44	+ ISC_LOG_NOTICE, "Mismatched class "
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	45	+ "in answer");
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	46	+ return (DNS_R_FORMERR);
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	47	+ }
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	48	if (rdataset->type == type && !found_cname) {
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	49	/*
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	50	* We've found an ordinary answer.
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	51	@@ -6017,6 +6036,15 @@
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	52	rdataset != NULL;
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	53	rdataset = ISC_LIST_NEXT(rdataset, link))
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	54	{
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	55	+ if (rdataset->rdclass != fctx->res->rdclass) {
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	56	+ isc_log_write(dns_lctx,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	57	+ DNS_LOGCATEGORY_RESOLVER,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	58	+ DNS_LOGMODULE_RESOLVER,
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	59	+ ISC_LOG_NOTICE, "Mismatched class "
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	60	+ "in answer");
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	61	+ return (DNS_R_FORMERR);
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	62	+ }
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	63	+
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	64	/*
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	65	* Only pass DNAME or RRSIG(DNAME).
12dea84f307b 25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	66	*/

author	Ben Chang <Benjamin.Chang@Oracle.COM>
	Mon, 23 Jan 2017 11:25:04 -0800
branch	s11u3-sru
changeset 7592	12dea84f307b
permissions	-rw-r--r--