aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2011-05-28 08:44:39 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2011-05-28 08:44:39 +0000
commitfc06501193be7b6d20752a860adb93587c43fc7e (patch)
tree211478b62d0ba3549a71a0188828e36df1b43cb2
parentb2a8d7a809fac5f7bb7b7f9ae01816e78c989983 (diff)
downloadsrc-fc06501193be7b6d20752a860adb93587c43fc7e.tar.gz
src-fc06501193be7b6d20752a860adb93587c43fc7e.zip
Fix an off by one which can result in a assertion failure in BIND
related to large RRSIG RRsets and Negative Caching. This can cause named to crash. Security: FreeBSD-SA-11:02.bind Security: CVE-2011-1910 Security: https://www.isc.org/software/bind/advisories/cve-2011-1910 Obtained from: ISC Approved by: so (simon)
Notes
Notes: svn path=/releng/8.1/; revision=222416
-rw-r--r--UPDATING4
-rw-r--r--contrib/bind9/lib/dns/ncache.c2
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 6 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 691648700355..21d55fe0c6bd 100644
--- a/UPDATING
+++ b/UPDATING
@@ -15,6 +15,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V:
debugging tools present in HEAD were left in place because
sun4v support still needs work to become production ready.
+20110528: p4 FreeBSD-SA-11:02.bind
+ Fix BIND remote DoS with large RRSIG RRsets and negative
+ caching.
+
20110420: p3 FreeBSD-SA-11:01.mountd
Fix CIDR parsing bug in mountd ACLs.
diff --git a/contrib/bind9/lib/dns/ncache.c b/contrib/bind9/lib/dns/ncache.c
index 733d138dda24..944f939dd224 100644
--- a/contrib/bind9/lib/dns/ncache.c
+++ b/contrib/bind9/lib/dns/ncache.c
@@ -185,7 +185,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
*/
isc_buffer_availableregion(&buffer,
&r);
- if (r.length < 2)
+ if (r.length < 3)
return (ISC_R_NOSPACE);
isc_buffer_putuint16(&buffer,
rdataset->type);
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 0618c8f33132..045e1d06c376 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="8.1"
-BRANCH="RELEASE-p3"
+BRANCH="RELEASE-p4"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi