From 42d4b40f74dfe11050a3deec8e984ac8b8caf291 Mon Sep 17 00:00:00 2001 From: simon Date: Sat, 28 May 2011 08:44:39 +0000 Subject: [PATCH] Fix an off by one which can result in a assertion failure in BIND related to large RRSIG RRsets and Negative Caching. This can cause named to crash. Security: FreeBSD-SA-11:02.bind Security: CVE-2011-1910 Security: https://www.isc.org/software/bind/advisories/cve-2011-1910 Obtained from: ISC Approved by: so (simon) git-svn-id: svn://svn.freebsd.org/base/releng/8.1@222416 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 4 ++++ contrib/bind9/lib/dns/ncache.c | 2 +- sys/conf/newvers.sh | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/UPDATING b/UPDATING index 69164870..21d55fe0 100644 --- a/UPDATING +++ b/UPDATING @@ -15,6 +15,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V: debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20110528: p4 FreeBSD-SA-11:02.bind + Fix BIND remote DoS with large RRSIG RRsets and negative + caching. + 20110420: p3 FreeBSD-SA-11:01.mountd Fix CIDR parsing bug in mountd ACLs. diff --git a/contrib/bind9/lib/dns/ncache.c b/contrib/bind9/lib/dns/ncache.c index 733d138d..944f939d 100644 --- a/contrib/bind9/lib/dns/ncache.c +++ b/contrib/bind9/lib/dns/ncache.c @@ -185,7 +185,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 0618c8f3..045e1d06 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.1" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0