diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-11-27 16:54:01 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-11-27 16:54:01 +0000 |
| commit | 976135f9e49f70296d381b0b282939b0444a7dd1 (patch) | |
| tree | c625efa7bd287edfbe3c776fe6654c637478e269 /contrib/bind | |
| parent | bcb617c7568cc96ba4ae29b0ae902bf6b9ea3921 (diff) | |
| download | src-976135f9e49f70296d381b0b282939b0444a7dd1.tar.gz src-976135f9e49f70296d381b0b282939b0444a7dd1.zip | |
Correct a remote denial-of-service attack in named(8).
Notes
Notes:
svn path=/releng/5.0/; revision=123009
Diffstat (limited to 'contrib/bind')
| -rw-r--r-- | contrib/bind/Version | 2 | ||||
| -rw-r--r-- | contrib/bind/bin/named/ns_resp.c | 12 |
2 files changed, 10 insertions, 4 deletions
diff --git a/contrib/bind/Version b/contrib/bind/Version index e99a6add5fbb..b4a709b025d3 100644 --- a/contrib/bind/Version +++ b/contrib/bind/Version @@ -1 +1 @@ -8.3.3-REL +8.3.3-REL-p1 diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c index c371fba842af..21c4095b2048 100644 --- a/contrib/bind/bin/named/ns_resp.c +++ b/contrib/bind/bin/named/ns_resp.c @@ -272,7 +272,7 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) u_int qtype, qclass; int restart; /* flag for processing cname response */ int validanswer, dbflags; - int cname, lastwascname, externalcname; + int cname, lastwascname, externalcname, cachenegative; int count, founddata, foundname; int buflen; int newmsglen; @@ -912,6 +912,7 @@ tcp_retry: cname = 0; lastwascname = 0; externalcname = 0; + cachenegative = 1; strcpy(aname, qname); if (count) { @@ -981,6 +982,7 @@ tcp_retry: name); db_detach(&dp); validanswer = 0; + cachenegative = 0; continue; } if (type == T_CNAME && @@ -1011,6 +1013,7 @@ tcp_retry: "last was cname, ignoring auth. and add."); db_detach(&dp); validanswer = 0; + cachenegative = 0; break; } if (i < arfirst) { @@ -1026,6 +1029,7 @@ tcp_retry: sin_ntoa(from)); db_detach(&dp); validanswer = 0; + cachenegative = 0; continue; } else if (!ns_samedomain(name, qp->q_domain)) { @@ -1039,6 +1043,7 @@ tcp_retry: sin_ntoa(from)); db_detach(&dp); validanswer = 0; + cachenegative = 0; continue; } if (type == T_NS) { @@ -1231,8 +1236,9 @@ tcp_retry: ) ) { - cache_n_resp(msg, msglen, from, qp->q_name, - qp->q_class, qp->q_type); + if (cachenegative) + cache_n_resp(msg, msglen, from, qp->q_name, + qp->q_class, qp->q_type); if (!qp->q_cmsglen && validanswer) { ns_debug(ns_log_default, 3, |