Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/dist/bind/bin/named Pull up revisions 1.6-1.7 (requeste...
details: https://anonhg.NetBSD.org/src/rev/38c90dcfad83
branches: netbsd-1-6
changeset: 528150:38c90dcfad83
user: lukem <lukem%NetBSD.org@localhost>
date: Fri Jun 28 11:34:48 2002 +0000
description:
Pull up revisions 1.6-1.7 (requested by itojun in ticket #387):
Update to BIND 8.3.3. Fixes buffer overrun in resolver code.
diffstat:
dist/bind/bin/named/ns_resp.c | 428 ++++++++++++++++++++++++++---------------
1 files changed, 272 insertions(+), 156 deletions(-)
diffs (truncated from 1082 to 300 lines):
diff -r 40728d4f6b12 -r 38c90dcfad83 dist/bind/bin/named/ns_resp.c
--- a/dist/bind/bin/named/ns_resp.c Fri Jun 28 11:34:35 2002 +0000
+++ b/dist/bind/bin/named/ns_resp.c Fri Jun 28 11:34:48 2002 +0000
@@ -1,8 +1,8 @@
-/* $NetBSD: ns_resp.c,v 1.5 2001/05/17 22:59:40 itojun Exp $ */
+/* $NetBSD: ns_resp.c,v 1.5.2.1 2002/06/28 11:34:48 lukem Exp $ */
#if !defined(lint) && !defined(SABER)
static const char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91";
-static const char rcsid[] = "Id: ns_resp.c,v 8.152 2001/02/13 23:28:31 marka Exp";
+static const char rcsid[] = "Id: ns_resp.c,v 8.178 2002/06/27 03:09:19 marka Exp";
#endif /* not lint */
/*
@@ -184,7 +184,10 @@
struct sockaddr_in, char **);
static void mark_bad(struct qinfo *qp, struct sockaddr_in from);
static void mark_lame(struct qinfo *qp, struct sockaddr_in from);
-static void fast_retry(struct qinfo *qp, struct sockaddr_in from);
+static int mark_noedns(struct qinfo *qp, struct sockaddr_in from,
+ int cache);
+static void fast_retry(struct qinfo *qp, struct sockaddr_in from,
+ int samehost);
static void add_related_additional(char *);
static void free_related_additional(void);
static int related_additional(char *);
@@ -200,11 +203,12 @@
static char *
learntFrom(struct qinfo *qp, struct sockaddr_in *server) {
static char *buf = NULL;
- char *a, *ns, *na;
+ const char *a, *ns, *na;
struct databuf *db;
int i;
char nsbuf[20];
char abuf[20];
+ static const char fmt[] = " '%s': learnt (A=%s,NS=%s)";
a = ns = na = "<Not Available>";
@@ -245,23 +249,11 @@
if (*na == '\0')
na = "\".\"";
- if (NS_OPTION_P(OPTION_HOSTSTATS)) {
- static const char fmt[] = " '%s': learnt (A=%s,NS=%s)";
-
- buf = newstr(sizeof fmt + strlen(na) + strlen(a) + strlen(ns),
- 0);
- if (buf == NULL)
- return (NULL);
- sprintf(buf, fmt, na, a, ns);
- } else {
- static const char fmt[] = " '%s'";
-
- buf = newstr(sizeof fmt + strlen(na), 0);
- if (buf == NULL)
- return (NULL);
- sprintf(buf, fmt, na);
- }
-
+
+ buf = newstr(sizeof fmt + strlen(na) + strlen(a) + strlen(ns), 0);
+ if (buf == NULL)
+ return (NULL);
+ sprintf(buf, fmt, na, a, ns);
return (buf);
}
@@ -291,23 +283,23 @@
char *dname, tmpdomain[MAXDNAME];
const char *fname;
const char *formerrmsg = "brain damage";
- u_char newmsg[PACKETSZ];
+ u_char newmsg[EDNS_MESSAGE_SZ];
u_char **dpp, *tp;
time_t rtrip;
struct hashbuf *htp;
struct namebuf *np;
struct fwdinfo *fwd;
struct databuf *dp;
- int forcecmsg = 0;
char *tname = NULL;
int sendto_errno = 0;
- int has_tsig, oldqlen;
- u_char *oldqbuf;
- u_char *smsg;
- int smsglen, smsgsize, siglen;
+ int has_tsig, oldqlen = 0;
+ u_char *oldqbuf = NULL;
+ u_char *smsg = NULL;
+ int smsglen, smsgsize = 0, siglen;
u_char sig[TSIG_SIG_SIZE];
time_t tsig_time;
DST_KEY *key;
+ int expect_cname;
nameserIncr(from.sin_addr, nssRcvdR);
nsp[0] = NULL;
@@ -421,25 +413,34 @@
&& hp->opcode != NS_NOTIFY_OP
#endif
)) {
+ int noedns = 1;
ns_debug(ns_log_default, 2,
"resp: error (ret %d, op %d), dropped",
hp->rcode, hp->opcode);
switch (hp->rcode) {
case SERVFAIL:
nameserIncr(from.sin_addr, nssRcvdFail);
+ noedns = mark_noedns(qp, from, 0);
break;
case FORMERR:
nameserIncr(from.sin_addr, nssRcvdFErr);
+ noedns = mark_noedns(qp, from, 1);
+ break;
+ case NOTIMP:
+ nameserIncr(from.sin_addr, nssRcvdErr);
+ noedns = mark_noedns(qp, from, 1);
break;
default:
nameserIncr(from.sin_addr, nssRcvdErr);
break;
}
if (ns_samename(qp->q_name, qp->q_domain) == 1 &&
- hp->rcode == SERVFAIL && hp->opcode == QUERY)
+ hp->rcode == SERVFAIL && hp->opcode == QUERY &&
+ noedns)
mark_lame(qp, from);
- mark_bad(qp, from);
- fast_retry(qp, from);
+ if (noedns)
+ mark_bad(qp, from);
+ fast_retry(qp, from, noedns ? 0 : 1);
return;
}
@@ -542,6 +543,8 @@
(1 - ALPHA) * rtrip;
if (t > 65535)
t = 65535;
+ else if (t == 0)
+ t = 1;
ns->d_nstime = (u_int16_t)t;
}
@@ -582,15 +585,17 @@
continue;
if (qs->stime.tv_sec) {
if (ns2->d_nstime == 0)
- t = (rtrip * BETA);
+ t = (rtrip * BETA) + 1;
else
t = ns2->d_nstime * BETA
+
- (1 - ALPHA) * rtrip;
+ (1 - ALPHA) * rtrip + 1;
} else
t = ns2->d_nstime * GAMMA;
if (t > 65535)
t = 65535;
+ else if (t == 0)
+ t = 1;
ns2->d_nstime = (u_int16_t)t;
if (ns_wouldlog(ns_log_default, 2)) {
ns_debug(ns_log_default, 2,
@@ -690,7 +695,7 @@
}
qs->serial = serial;
}
- retry(qp);
+ retry(qp, 0);
return;
}
@@ -704,7 +709,7 @@
#endif
) {
u_char *tp;
- int type, class, dlen;
+ int type, class = 0, dlen;
int foundns, foundsoa;
#ifdef DEBUG
if (debug > 0)
@@ -780,7 +785,7 @@
(learnt_from == NULL) ? "" :
learnt_from);
if (learnt_from != NULL)
- freestr(learnt_from);
+ learnt_from = freestr(learnt_from);
} else if (fwd != NULL) {
if (!haveComplained(ina_ulong(from.sin_addr),
(u_long)nonRecursiveForwarder))
@@ -789,7 +794,7 @@
sin_ntoa(from));
}
- fast_retry(qp, from);
+ fast_retry(qp, from, 0);
return;
}
}
@@ -835,7 +840,10 @@
nsa = Q_NEXTADDR(qp, 0);
- key = tsig_key_from_addr(nsa->sin_addr);
+ key = qp->q_keys[0];
+ if (key != NULL)
+ key = qp->q_keys[0] =
+ tsig_key_from_addr(nsa->sin_addr);
if (key != NULL) {
smsgsize = qp->q_msglen + TSIG_BUF_SIZE;
smsg = memget(smsgsize);
@@ -851,17 +859,16 @@
qp->q_msglen = smsglen;
qp->q_msg = smsg;
has_tsig = 1;
+ free_tsig(qp->q_nstsig);
qp->q_nstsig = new_tsig(key, sig,
siglen);
- }
- else {
+ } else {
has_tsig = 0;
free_tsig(qp->q_nstsig);
qp->q_nstsig = NULL;
INSIST(0);
}
- }
- else {
+ } else {
has_tsig = 0;
free_tsig(qp->q_nstsig);
qp->q_nstsig = NULL;
@@ -873,7 +880,7 @@
* failed, but we'll try to press on because
* there isn't anything else to do.
*/
- retry(qp);
+ retry(qp, 0);
if (has_tsig == 1) {
memput(qp->q_msg, smsgsize);
@@ -894,14 +901,14 @@
/* mark this server as bad */
mark_bad(qp, from);
/* try another server, it may have a bigger write buffer */
- retry(qp);
+ retry(qp, 0);
return;
}
tp = cp;
restart = 0;
- validanswer = 0;
+ validanswer = -1;
nscount = 0;
soacount = 0;
cname = 0;
@@ -919,6 +926,7 @@
} else
flushset = NULL;
+ expect_cname = 1;
for (i = 0; i < count; i++) {
struct databuf *dp;
int type;
@@ -950,6 +958,19 @@
type = dp->d_type;
if (i < ancount) {
/* Answer section. */
+ /*
+ * Check for attempts to overflow the buffer in
+ * getnameanswer.
+ */
+ if (type == ns_t_cname && !expect_cname) {
+ ns_warning(ns_log_security,
+ "late CNAME in answer section for %s %s from %s",
+ *qname ? qname : ".", p_type(qtype),
+ sin_ntoa(from));
+
+ } else if (type != ns_t_cname && type != ns_t_dname &&
+ type != ns_t_sig)
+ expect_cname = 0;
if (externalcname || ns_samename(name, aname) != 1) {
if (!externalcname)
ns_info(ns_log_resp_checks,
@@ -960,7 +981,8 @@
ns_debug(ns_log_resp_checks, 3,
"ignoring answer '%s' after external cname",
name);
- db_freedata(dp);
+ db_detach(&dp);
+ validanswer = 0;
continue;
}
if (type == T_CNAME &&
@@ -971,7 +993,8 @@
Home |
Main Index |
Thread Index |
Old Index