mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

3124. [bug] Use an rdataset attribute flag to indicate

Browse Source 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
This commit is contained in:
Evan Hunt
2011-06-08 22:13:51 +00:00
parent 46a8315efe
commit 6de9744cf9
12 changed files with 137 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/dns/masterdump.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: masterdump.c,v 1.107 2011/05/26 07:56:38 marka Exp $ */
/* $Id: masterdump.c,v 1.108 2011/06/08 22:13:50 each Exp $ */
/*! \file */
@@ -413,6 +413,7 @@ rdataset_totext(dns_rdataset_t *rdataset,
isc_uint32_t current_ttl;
isc_boolean_t current_ttl_valid;
dns_rdatatype_t type;
unsigned int type_start;
REQUIRE(DNS_RDATASET_VALID(rdataset));
@@ -494,29 +495,26 @@ rdataset_totext(dns_rdataset_t *rdataset,
* Type.
*/
if (rdataset->type == 0) {
if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
type = rdataset->covers;
} else {
type = rdataset->type;
}
{
unsigned int type_start;
INDENT_TO(type_column);
type_start = target->used;
if (rdataset->type == 0)
RETERR(str_totext("\\-", target));
result = dns_rdatatype_totext(type, target);
if (result != ISC_R_SUCCESS)
return (result);
column += (target->used - type_start);
}
INDENT_TO(type_column);
type_start = target->used;
if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
RETERR(str_totext("\\-", target));
result = dns_rdatatype_totext(type, target);
if (result != ISC_R_SUCCESS)
return (result);
column += (target->used - type_start);
/*
* Rdata.
*/
INDENT_TO(rdata_column);
if (rdataset->type == 0) {
if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
if (NXDOMAIN(rdataset))
RETERR(str_totext(";-$NXDOMAIN\n", target));
else
@@ -879,7 +877,7 @@ dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name,
dns_rdataset_t *rds = sorted[i];
if (ctx->style.flags & DNS_STYLEFLAG_TRUST)
fprintf(f, "; %s\n", dns_trust_totext(rds->trust));
if (rds->type == 0 &&
if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) &&
(ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
/* Omit negative cache entries */
} else {
@@ -1044,7 +1042,7 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name,
dns_rdataset_init(&rdataset);
dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type == 0 &&
if (((rdataset.attributes & DNS_RDATASETATTR_NEGATIVE) != 0) &&
(ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
/* Omit negative cache entries */
} else {