mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

2484. [bug] It was possible to trigger a REQUIRE failure when

Browse Source 
adding NSEC3 proofs to the response in
                        query_addwildcardproof().  [RT #18828]
This commit is contained in:
Mark Andrews
2008-11-03 23:57:22 +00:00
parent ce895d1f9b
commit a14aff6984
2 changed files with 25 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,3 +1,7 @@
2484. [bug] It was possible to trigger a REQUIRE failure when
adding NSEC3 proofs to the response in
query_addwildcardproof(). [RT #18828]
2483. [port] win32: chroot() is not supported. [RT #18805] 2483. [port] win32: chroot() is not supported. [RT #18805]
2482. [port] libxml2: support versions 2.7.* in addition 2482. [port] libxml2: support versions 2.7.* in addition

26
bin/named/query.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: query.c,v 1.312 2008/10/15 02:37:11 marka Exp $ */ /* $Id: query.c,v 1.313 2008/11/03 23:57:22 marka Exp $ */
/*! \file */ /*! \file */
@@ -2863,12 +2863,22 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
if (!dns_rdataset_isassociated(rdataset)) { if (!dns_rdataset_isassociated(rdataset)) {
/* /*
* fname contains the closest encloser. * No NSEC proof available, return NSEC3 proofs instead.
*/ */
dns_fixedname_init(&cfixed); dns_fixedname_init(&cfixed);
cname = dns_fixedname_name(&cfixed); cname = dns_fixedname_name(&cfixed);
dns_name_copy(fname, cname, NULL); /*
* Find the closest encloser.
*/
dns_name_copy(name, cname, NULL);
while (result == DNS_R_NXDOMAIN) {
labels = dns_name_countlabels(cname) - 1;
dns_name_split(cname, labels, NULL, cname);
result = dns_db_find(db, cname, version,
dns_rdatatype_nsec,
options, 0, NULL, fname,
NULL, NULL);
}
/* /*
* Add closest (provable) encloser NSEC3. * Add closest (provable) encloser NSEC3.
*/ */
@@ -2879,6 +2889,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
query_addrrset(client, &fname, &rdataset, &sigrdataset, query_addrrset(client, &fname, &rdataset, &sigrdataset,
dbuf, DNS_SECTION_AUTHORITY); dbuf, DNS_SECTION_AUTHORITY);
/*
* Replace resources which were consumed by query_addrrset.
*/
if (fname == NULL) { if (fname == NULL) {
dbuf = query_getnamebuf(client); dbuf = query_getnamebuf(client);
if (dbuf == NULL) if (dbuf == NULL)
@@ -2918,7 +2931,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
goto cleanup; goto cleanup;
/* /*
* Add the no wildcard proof. * Replace resources which were consumed by query_addrrset.
*/ */
if (fname == NULL) { if (fname == NULL) {
dbuf = query_getnamebuf(client); dbuf = query_getnamebuf(client);
@@ -2939,6 +2952,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
if (fname == NULL || rdataset == NULL || sigrdataset == NULL) if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
goto cleanup; goto cleanup;
/*
* Add the no wildcard proof.
*/
result = dns_name_concatenate(dns_wildcardname, result = dns_name_concatenate(dns_wildcardname,
cname, wname, NULL); cname, wname, NULL);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)