| author | Ben Chang <Benjamin.Chang@Oracle.COM> |
| Mon, 23 Jan 2017 11:25:04 -0800 | |
| branch | s11u3-sru |
| changeset 7592 | 12dea84f307b |
| permissions | -rw-r--r-- |
|
7592
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
1 |
This patch was derived from a source code patch provided by ISC to |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
2 |
resolve ISC ticket RT #43548. [9.6-ESV-R11-S10] |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
3 |
|
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
4 |
--- old/./CHANGES Wed Jan 11 23:22:41 2017 |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
5 |
+++ new/./CHANGES Wed Jan 11 23:22:41 2017 |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
6 |
@@ -1,5 +1,10 @@ |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
7 |
--- 9.6-ESV-R11-S10 released --- |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
8 |
|
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
9 |
+4510. [security] Named mishandled some responses where covering RRSIG |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
10 |
+ records are returned without the requested data |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
11 |
+ resulting in a assertion failure. (CVE-2016-9147) |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
12 |
+ [RT #43548] |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
13 |
+ |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
14 |
4508. [security] Named incorrectly tried to cache TKEY records which |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
15 |
could trigger a assertion failure when there was |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
16 |
a class mismatch. (CVE-2016-9131) [RT #43522] |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
17 |
--- old/lib/dns/resolver.c Wed Jan 11 23:22:41 2017 |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
18 |
+++ new/lib/dns/resolver.c Wed Jan 11 23:22:41 2017 |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
19 |
@@ -5958,15 +5958,19 @@ |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
20 |
* a CNAME or DNAME). |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
21 |
*/ |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
22 |
INSIST(!external); |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
23 |
- if ((rdataset->type != |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
24 |
- dns_rdatatype_cname) || |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
25 |
- !found_dname || |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
26 |
- (aflag == |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
27 |
- DNS_RDATASETATTR_ANSWER)) |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
28 |
+ /* |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
29 |
+ * Don't use found_cname here |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
30 |
+ * as we have just set it |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
31 |
+ * above. |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
32 |
+ */ |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
33 |
+ if (cname == NULL && |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
34 |
+ !found_dname && |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
35 |
+ aflag == |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
36 |
+ DNS_RDATASETATTR_ANSWER) |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
37 |
{
|
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
38 |
have_answer = ISC_TRUE; |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
39 |
- if (rdataset->type == |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
40 |
- dns_rdatatype_cname) |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
41 |
+ if (found_cname && |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
42 |
+ cname == NULL) |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
43 |
cname = name; |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
44 |
name->attributes |= |
|
12dea84f307b
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
Ben Chang <Benjamin.Chang@Oracle.COM>
parents:
diff
changeset
|
45 |
DNS_NAMEATTR_ANSWER; |