From 631478b138fcf25eb0e6b45b6a273fb824d8c4ff Mon Sep 17 00:00:00 2001 From: simon Date: Mon, 6 Aug 2012 21:33:11 +0000 Subject: [PATCH] Fix named(8) DNSSEC validation Denial of Service. Security: FreeBSD-SA-12:05.bind Security: CVE-2012-3817 Obtained from: ISC Approved by: so (simon) git-svn-id: svn://svn.freebsd.org/base/releng/8.1@239108 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 3 +++ contrib/bind9/lib/dns/resolver.c | 5 +++-- sys/conf/newvers.sh | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/UPDATING b/UPDATING index b40e9bcc..82f1854f 100644 --- a/UPDATING +++ b/UPDATING @@ -16,6 +16,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V: sun4v support still needs work to become production ready. +20120806: p13 FreeBSD-SA-12:05.bind + Fix named(8) DNSSEC validation Denial of Service. + 20120618: p12 FreeBSD-SA-12:04.sysret Correct patch for FreeBSD-SA-12:04.sysret. diff --git a/contrib/bind9/lib/dns/resolver.c b/contrib/bind9/lib/dns/resolver.c index 244718fb..41171e58 100644 --- a/contrib/bind9/lib/dns/resolver.c +++ b/contrib/bind9/lib/dns/resolver.c @@ -7929,6 +7929,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, } bad->type = type; bad->hashval = hashval; + bad->expire = *expire; isc_buffer_init(&buffer, bad + 1, name->length); dns_name_init(&bad->name, NULL); dns_name_copy(name, &bad->name, &buffer); @@ -7940,8 +7941,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, if (resolver->badcount < resolver->badhash * 2 && resolver->badhash > DNS_BADCACHE_SIZE) resizehash(resolver, &now, ISC_FALSE); - } - bad->expire = *expire; + } else + bad->expire = *expire; cleanup: UNLOCK(&resolver->lock); } diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 50bd18b7..68d784fc 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.1" -BRANCH="RELEASE-p12" +BRANCH="RELEASE-p13" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0