[src/netbsd-1-6]: src/dist/bind/bin/named Pull up revision 1.5 (requested by ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-6]: src/dist/bind/bin/named Pull up revision 1.5 (requested by ...
From: lukem <lukem%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 11:08:26 +0000
details:   https://anonhg.NetBSD.org/src/rev/72215df56f91
branches:  netbsd-1-6
changeset: 528153:72215df56f91
user:      lukem <lukem%NetBSD.org@localhost>
date:      Fri Jun 28 11:35:33 2002 +0000

description:
Pull up revision 1.5 (requested by itojun in ticket #387):
Update to BIND 8.3.3.  Fixes buffer overrun in resolver code.

diffstat:

 dist/bind/bin/named/ns_update.c |  177 ++++++++++++++++++++++-----------------
 1 files changed, 101 insertions(+), 76 deletions(-)

diffs (truncated from 490 to 300 lines):

diff -r 83d4db57ccc4 -r 72215df56f91 dist/bind/bin/named/ns_update.c
--- a/dist/bind/bin/named/ns_update.c   Fri Jun 28 11:35:11 2002 +0000
+++ b/dist/bind/bin/named/ns_update.c   Fri Jun 28 11:35:33 2002 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: ns_update.c,v 1.4 2001/05/17 22:59:40 itojun Exp $     */
+/*     $NetBSD: ns_update.c,v 1.4.2.1 2002/06/28 11:35:33 lukem Exp $  */
 
 #if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "Id: ns_update.c,v 8.91.2.2 2001/04/30 03:20:46 marka Exp";
+static const char rcsid[] = "Id: ns_update.c,v 8.104 2002/05/18 01:02:59 marka Exp";
 #endif /* not lint */
 
 /*
@@ -107,7 +107,7 @@
 #define M_CLASS_CNT m_class_cnt
 #define M_TYPE_CNT m_type_cnt
 
-static char *opcodes[] = {
+static const char *opcodes[] = {
        "delete",
        "add",
        "",
@@ -736,53 +736,59 @@
        u_int16_t type = ur->r_type;
        char *cp = (char *)ur->r_dp->d_data;
        enum context context;
+       enum transport transport;
 
        /* We don't care about deletes */
        if (ur->r_class != zclass)
                return (1);
 
-       context = ns_ownercontext(type, primary_trans);
-       if (!ns_nameok(NULL, owner, class, zp, primary_trans, context, owner,
+       if (zp->z_type == Z_PRIMARY)
+               transport = primary_trans;
+       else
+               transport = secondary_trans;
+
+       context = ns_ownercontext(type, transport);
+       if (!ns_nameok(NULL, owner, class, zp, transport, context, owner,
                       inaddr_any))
                goto refused;
 
        switch (type) {
        case ns_t_soa:
                context = hostname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                cp += strlen(cp) + 1;
                context = mailname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
        case ns_t_rp:
                context = mailname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                cp += strlen(cp) + 1;
                context = domain_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
        case ns_t_minfo:
                context = mailname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                cp += strlen(cp) + 1;
                context = mailname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
        case ns_t_ns:
                context = hostname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
@@ -791,13 +797,13 @@
        case ns_t_mg:
        case ns_t_mr:
                context = domain_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
        case ns_t_ptr:
                context = ns_ptrcontext(owner);
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
@@ -814,7 +820,7 @@
                /* Pattern (txt) */
                cp += (*cp&0xff) + 1;
                context = domain_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans,
+               if (!ns_nameok(NULL, cp, class, zp, transport,
                               context, owner, inaddr_any))
                        goto refused;
                break;
@@ -827,18 +833,18 @@
        case ns_t_kx:
                cp += 2;
                context = hostname_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
        case ns_t_px:
                cp += 2;
                context = domain_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                cp += strlen(cp) + 1;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
@@ -854,13 +860,13 @@
                 */
                cp += 18;
                context = domain_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
        case ns_t_nxt:
                context = domain_ctx;
-               if (!ns_nameok(NULL, cp, class, zp, primary_trans, context, owner,
+               if (!ns_nameok(NULL, cp, class, zp, transport, context, owner,
                               inaddr_any))
                        goto refused;
                break;
@@ -1050,7 +1056,8 @@
                                         n);
                        } else {
                                ns_debug(ns_log_update, 3,
-                                     "process_updates: added databuf %p", dp);
+                                     "process_updates: added databuf %p",
+                                        dp);
                                dp->d_mark = D_MARK_ADDED;
                                numupdated++;
                                if (dp->d_type == T_SOA)
@@ -1136,8 +1143,8 @@
 
 static enum req_action
 req_update_private(HEADER *hp, u_char *cp, u_char *eom, u_char *msg, 
-                  struct qstream *qsp, int dfd, struct sockaddr_in from,
-                  struct tsig_record *in_tsig, ns_updque *curupd)
+                  struct sockaddr_in from, struct tsig_record *in_tsig,
+                  ns_updque *curupd)
 {
        char dnbuf[MAXDNAME], *dname;
        u_int zocount, prcount, upcount, adcount, class, type, dlen;
@@ -1341,7 +1348,6 @@
                dp->d_secure = DB_S_INSECURE; /* should be UNCHECKED */
                dp->d_clev = nlabels(zp->z_origin);
                /* XXX - also record in dp->d_ns, which host this came from */
-               DRCNTINC(dp);
                rrecp->r_dp = dp;
                /* Append the current record to the end of list of records. */
                APPEND(*curupd, rrecp, r_link);
@@ -1381,7 +1387,8 @@
 free_rrecp(ns_updque *updlist, int rcode, struct sockaddr_in from) {
        ns_updrec *rrecp, *first_rrecp, *next_rrecp;
        struct databuf *dp, *tmpdp;
-       char *dname, *msg;
+       char *dname;
+       const char *msg;
 
        if (rcode == NOERROR) {
                first_rrecp = HEAD(*updlist);
@@ -1398,12 +1405,8 @@
                        next_rrecp = PREV(rrecp, r_link);
                UNLINK(*updlist, rrecp, r_link);
                if (rrecp->r_section != S_UPDATE) {
-                       if (rrecp->r_dp) {
-                               DRCNTDEC(rrecp->r_dp);
-                               if (rrecp->r_dp->d_rcnt == 0)
-                                       db_freedata(rrecp->r_dp);
-                               rrecp->r_dp = NULL;
-                       }
+                       if (rrecp->r_dp)
+                               db_detach(&rrecp->r_dp);
                        INSIST(rrecp->r_deldp == NULL);
                        res_freeupdrec(rrecp);
                        continue;
@@ -1431,22 +1434,10 @@
                                        ns_debug(ns_log_update, 3,
                                         "free_rrecp: deleted databuf %p",
                                                 dp);
-                                       /* 
-                                        * XXXRTH 
-                                        *
-                                        * We used to db_freedata() here,
-                                        * but I removed it because 'dp' was
-                                        * part of a hashtab before we called
-                                        * db_update(), and since our delete
-                                        * has succeeded, it should have been
-                                        * freed.
-                                        */
                                }
                        }
                }
-               DRCNTDEC(dp);
-               if (dp->d_rcnt == 0)
-                       db_freedata(dp);
+               db_detach(&dp);
 
                /* Process deleted databuf's. */
                dp = rrecp->r_deldp;
@@ -1469,9 +1460,7 @@
                                                 tmpdp);
                                }
                        }
-                       DRCNTDEC(tmpdp);
-                       if (tmpdp->d_rcnt == 0)
-                               db_freedata(tmpdp);
+                       db_detach(&tmpdp);
                }
                res_freeupdrec(rrecp);
        }
@@ -1479,15 +1468,13 @@
 
 enum req_action
 req_update(HEADER *hp, u_char *cp, u_char *eom, u_char *msg, 
-          struct qstream *qsp, int dfd, struct sockaddr_in from,
-          struct tsig_record *in_tsig)
+          struct sockaddr_in from, struct tsig_record *in_tsig)
 {
        enum req_action ret;
        ns_updque curupd;
 
        INIT_LIST(curupd);
-       ret = req_update_private(hp, cp, eom, msg, qsp, dfd, from,
-                                in_tsig, &curupd);
+       ret = req_update_private(hp, cp, eom, msg, from, in_tsig, &curupd);
        free_rrecp(&curupd, ret == Refuse ? ns_r_refused : hp->rcode, from);
        if (ret == Finish) {
                hp->qdcount = hp->ancount = hp->nscount = hp->arcount = 0;
@@ -1629,13 +1616,13 @@
                cp += SIG_HDR_SIZE;
                cp1 += SIG_HDR_SIZE;
                n = dn_expand(msg, eom, cp, (char *)cp1, size);
-               if (n < 0 || n + SIG_HDR_SIZE > dlen)
+               if (n < 0 || n + SIG_HDR_SIZE > (int)dlen)
                        return (0);
                cp += n;
                n1 = dlen - n - SIG_HDR_SIZE;
                n = strlen((char *)cp1) + 1;
                cp1 += n;
-               if (size < n1)
+               if ((int)size < n1)
                        return (0);
                memcpy(cp1, cp, n1);
                cp1 += n1;
@@ -1666,14 +1653,16 @@
                        if (n1 < 4 || n1 > 16)
                                return (0);
                }
-               if (n1 > size)
+               if (n1 > (int)size)
                        return (0);
                memcpy(cp1, cp, n1);
                cp1 += n1;
                return (cp1 - cp1init);
        default:
-               ns_debug(ns_log_update, 3, "unknown type %d", type);
-               return (0);
+               if (size < dlen)
+                       return (0);
+               memcpy(cp1, cp, dlen);
+               return (dlen);
        }
 }
 
@@ -1918,7 +1907,13 @@
                break;
        }
Prev by Date: [src/netbsd-1-6]: src/dist/bind/bin/named Pull up revision 1.5 (requested by ...
Next by Date: [src/netbsd-1-6]: src/dist/bind/bin/named Pull up revisions 1.6-1.7 (requeste...
Previous by Thread: [src/netbsd-1-6]: src/dist/bind/bin/named Pull up revision 1.5 (requested by ...
Next by Thread: [src/netbsd-1-6]: src/dist/bind/bin/named Pull up revisions 1.6-1.7 (requeste...
Indexes:
Home | Main Index | Thread Index | Old Index