mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-26 12:08:05 +00:00
Code Issues Releases Wiki Activity
36,567 Commits 660 Branches 820 Tags
Commit Graph

229 Commits

Author SHA1 Message Date
Evan Hunt
e90926bb9e [master] refactor tsig.c 
4701.	[cleanup]	Refactored lib/dns/tsig.c to reduce code
			duplication and simplify the disabling of MD5.
			[RT #45490]
 2017-09-06 10:57:40 -07:00
Evan Hunt
0ad72b96d2 [master] ensure verified_sig 
4670.	[cleanup]	Ensure that a request MAC is never sent back
			in an XFR response unless the signature was
                        verified. [RT #45494]
 2017-08-07 18:54:05 -07:00
Mark Andrews
58f0fb325b 4647. [bug] Change 4643 broke verification of TSIG signed TCP 
message sequences where not all the messages contain
                        TSIG records.  These may be used in AXFR and IXFR
                        responses.  [RT #45509]
 2017-07-07 23:19:05 +10:00
Evan Hunt
b2018b7cff [master] complete change #4643 2017-06-28 09:11:49 -07:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Tinderbox User
9748633ce6 update copyright notice / whitespace 2017-01-06 23:45:26 +00:00
Mark Andrews
ea7d5332a6 address memory leak [RT #44072] 2017-01-06 18:48:37 +11:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
61463ab7a4 4482. [bug] Address use before require check and remove extraneous 
dns_message_gettsigkey call in dns_tsig_sign.
                        [RT #43374]
 2016-10-11 14:40:29 +11:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mukund Sivaraman
f5a62d97e3 Fix -Wshadow warnings (#38762) 
These happen due to ntohs()/htons() macro expansion in glibc.
 2015-03-09 09:23:46 +05:30
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Mark Andrews
c2f8108123 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]
 2014-10-31 11:44:09 +11:00
Evan Hunt
6896fdd3b2 [master] spelling 2014-09-15 18:18:12 -07:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Mark Andrews
3c7df84b20 3488. [bug] Use after free error with DH generated keys. [RT #32649] 2013-02-18 20:26:26 +11:00
Tinderbox User
32dc577940 update copyright notice 2013-02-16 23:46:02 +00:00
Evan Hunt
0b8bd3a4ae [master] address TKEY bugs 
3486.	[bug]		named could crash when using TKEY-negotiated keys
			that had been deleted and then recreated. [RT #32506]

commit 6a48b9999766d26cddc7cef275cd984b7d53c014
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 14:59:46 2013 -0800

    [rt32506] don't dump key if dump is unimplemented

commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 14:42:25 2013 -0800

    [rt32506] make sure LRU needs adjusting before adjusting it

commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 12:28:28 2013 -0800

    [rt32506] demonstrate bugs in tkey test
 2013-02-15 10:19:50 -08:00
Mark Andrews
c6f03e7903 treat clang 3.x and 4.x as independent release streams 2012-12-03 09:10:43 +11:00
Mark Andrews
85a873f000 conditionally silence false positives from clang --analyze 2012-11-30 16:19:00 +11:00
Evan Hunt
0e37e9e3d7 [master] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
 2012-10-24 12:58:16 -07:00
Tinderbox User
5fa46bc916 update copyright notice 2012-03-10 23:45:53 +00:00
Mark Andrews
28a8f5b0de set $Id$ 2012-03-08 00:21:15 +11:00
Evan Hunt
7a30c8f783 edited a comment for clarity. 2011-11-02 19:41:02 +00:00
Mark Andrews
106561b398 INSIST(response); 2011-08-29 04:02:54 +00:00
Mark Andrews
f67bcc9dc6 save the result of is_response(msg) so it can be treated as a invariant by clang 2011-08-25 06:20:07 +00:00
Evan Hunt
0994d3a21b 3087. [bug] DDNS updates using SIG(0) with update-policy match 
type "external" could cause a crash. [RT #23735]
 2011-03-21 19:54:03 +00:00
Automatic Updater
135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews
adccda3b4c &dstkey -> dstkey 2011-01-10 07:38:22 +00:00
Mark Andrews
433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved 
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
 2011-01-10 05:32:04 +00:00
Evan Hunt
d9ad0a55bb 3000. [bug] More TKEY/GSS fixes: 
- nsupdate can now get the default realm from
			   the user's Kerberos principal
			 - corrected gsstest compilation flags
			 - improved documentation
			 - fixed some NULL dereferences
			[RT #22795]
 2010-12-24 02:20:47 +00:00
Mark Andrews
9f9b7f0e8d 2982. [bug] Reference count dst keys. dst_key_attach() can be used 
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
 2010-12-09 00:54:34 +00:00
Mark Andrews
c87f15dac8 2976. [bug] named die on exit after negotiating a GSS-TSIG key. [RT #3415] 2010-12-02 23:22:42 +00:00
Evan Hunt
bf9b852c3e 2929. [bug] Improved handling of GSS security contexts: 
- added LRU expiration for generated TSIGs
			 - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
			 - limited lifetime of generated keys to 1 hour
			   or the lifetime of the context (whichever is
			   smaller)
			[RT #19737]
 2010-07-09 05:13:15 +00:00
Automatic Updater
230987e819 update copyright notice 2010-03-12 23:51:11 +00:00
Mark Andrews
c19f322914 2866. [bug] Windows does not like the TSIG name being compressed. 
[RT #20986]
 2010-03-12 03:34:56 +00:00
Automatic Updater
754cb8a2b3 update copyright notice 2009-06-11 23:47:56 +00:00
Evan Hunt
351b62535d 2609. [func] Simplify the configuration of dynamic zones: 
- add ddns-confgen command to generate
			  configuration text for named.conf
			- add zone option "ddns-autoconf yes;", which
			  causes named to generate a TSIG session key
			  and allow updates to the zone using that key
			- add '-l' (localhost) option to nsupdate, which
			  causes nsupdate to connect to a locally-running
			  named process using the session key generated
			  by named
			[RT #19284]
 2009-06-10 00:27:22 +00:00
Mark Andrews
09416abf2d remove debugging log that was accidently left in 2008-11-04 21:23:14 +00:00
Mark Andrews
3f42cf2f3e 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]

back out incorrect branch rt1091 and apply correct branch rt1091a.
 2008-04-02 02:37:42 +00:00
Mark Andrews
a76b380643 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]
 2008-04-01 01:37:25 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
1da14e066c update copyright notice 2008-01-02 23:47:02 +00:00
Mark Andrews
dc19dcbc23 2283. [bug] TSIG keys were not attaching to the memory 
context.  TSIG keys should use the rings
                        memory context rather than the clients memory
                        context. [RT #17377]
 2008-01-02 04:24:59 +00:00
Evan Hunt
8327cdb88f Fixes for several errors found by Coverity. [rt17160] 2007-09-24 17:18:25 +00:00