Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist apply fix for CVE-2012-4244 from upst...
details: https://anonhg.NetBSD.org/src/rev/5f7401968ac9
branches: trunk
changeset: 781531:5f7401968ac9
user: spz <spz%NetBSD.org@localhost>
date: Thu Sep 13 05:32:07 2012 +0000
description:
apply fix for CVE-2012-4244 from upstream
upstream changelog:
--- 9.9.1-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
diffstat:
external/bsd/bind/dist/CHANGES | 5 +
external/bsd/bind/dist/lib/dns/include/dns/rdata.h | 13 +-
external/bsd/bind/dist/lib/dns/master.c | 4 +-
external/bsd/bind/dist/lib/dns/rdata.c | 30 +-
external/bsd/bind/dist/lib/dns/rdataslab.c | 3 +-
external/bsd/bind/dist/lib/dns/tests/Makefile.in | 8 +-
external/bsd/bind/dist/lib/dns/tests/master_test.c | 49 +-
external/bsd/bind/dist/lib/dns/tests/rdata_test.c | 87 +
external/bsd/bind/dist/lib/dns/tests/testdata/master/master15.data | 1609 ++++++++++
external/bsd/bind/dist/lib/dns/tests/testdata/master/master16.data | 1609 ++++++++++
external/bsd/bind/dist/version | 2 +-
11 files changed, 3403 insertions(+), 16 deletions(-)
diffs (truncated from 3597 to 300 lines):
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/CHANGES Thu Sep 13 05:32:07 2012 +0000
@@ -1,3 +1,8 @@
+ --- 9.9.1-P3 released ---
+
+3364. [security] Named could die on specially crafted record.
+ [RT #30416]
+
--- 9.9.1-P2 released ---
3349. [bug] Change #3345 was incomplete. [RT #30233]
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/include/dns/rdata.h
--- a/external/bsd/bind/dist/lib/dns/include/dns/rdata.h Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/include/dns/rdata.h Thu Sep 13 05:32:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rdata.h,v 1.4 2012/06/05 00:41:51 christos Exp $ */
+/* $NetBSD: rdata.h,v 1.5 2012/09/13 05:32:08 spz Exp $ */
/*
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
@@ -149,6 +149,17 @@
(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
/*
+ * The maximum length of a RDATA that can be sent on the wire.
+ * Max packet size (65535) less header (12), less name (1), type (2),
+ * class (2), ttl(4), length (2).
+ *
+ * None of the defined types that support name compression can exceed
+ * this and all new types are to be sent uncompressed.
+ */
+
+#define DNS_RDATA_MAXLENGTH 65512U
+
+/*
* Flags affecting rdata formatting style. Flags 0xFFFF0000
* are used by masterfile-level formatting and defined elsewhere.
* See additional comments at dns_rdata_tofmttext().
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/master.c
--- a/external/bsd/bind/dist/lib/dns/master.c Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/master.c Thu Sep 13 05:32:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: master.c,v 1.6 2012/06/05 00:41:34 christos Exp $ */
+/* $NetBSD: master.c,v 1.7 2012/09/13 05:32:08 spz Exp $ */
/*
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
@@ -77,7 +77,7 @@
/*%
* max message size - header - root - type - class - ttl - rdlen
*/
-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
+#define MINTSIZ DNS_RDATA_MAXLENGTH
/*%
* Size for tokens in the presentation format,
* The largest tokens are the base64 blocks in KEY and CERT records,
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/rdata.c
--- a/external/bsd/bind/dist/lib/dns/rdata.c Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/rdata.c Thu Sep 13 05:32:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rdata.c,v 1.4 2012/06/05 00:41:38 christos Exp $ */
+/* $NetBSD: rdata.c,v 1.5 2012/09/13 05:32:08 spz Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
@@ -440,6 +440,7 @@
isc_buffer_t st;
isc_boolean_t use_default = ISC_FALSE;
isc_uint32_t activelength;
+ size_t length;
REQUIRE(dctx != NULL);
if (rdata != NULL) {
@@ -470,6 +471,14 @@
}
/*
+ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
+ * as we cannot transmit it.
+ */
+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+ result = DNS_R_FORMERR;
+
+ /*
* We should have consumed all of our buffer.
*/
if (result == ISC_R_SUCCESS && !buffer_empty(source))
@@ -477,8 +486,7 @@
if (rdata != NULL && result == ISC_R_SUCCESS) {
region.base = isc_buffer_used(&st);
- region.length = isc_buffer_usedlength(target) -
- isc_buffer_usedlength(&st);
+ region.length = length;
dns_rdata_fromregion(rdata, rdclass, type, ®ion);
}
@@ -613,6 +621,7 @@
unsigned long line;
void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
isc_result_t tresult;
+ size_t length;
REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
if (rdata != NULL) {
@@ -684,10 +693,13 @@
}
} while (1);
+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+ result = ISC_R_NOSPACE;
+
if (rdata != NULL && result == ISC_R_SUCCESS) {
region.base = isc_buffer_used(&st);
- region.length = isc_buffer_usedlength(target) -
- isc_buffer_usedlength(&st);
+ region.length = length;
dns_rdata_fromregion(rdata, rdclass, type, ®ion);
}
if (result != ISC_R_SUCCESS) {
@@ -821,6 +833,7 @@
isc_buffer_t st;
isc_region_t region;
isc_boolean_t use_default = ISC_FALSE;
+ size_t length;
REQUIRE(source != NULL);
if (rdata != NULL) {
@@ -835,10 +848,13 @@
if (use_default)
(void)NULL;
+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+ result = ISC_R_NOSPACE;
+
if (rdata != NULL && result == ISC_R_SUCCESS) {
region.base = isc_buffer_used(&st);
- region.length = isc_buffer_usedlength(target) -
- isc_buffer_usedlength(&st);
+ region.length = length;
dns_rdata_fromregion(rdata, rdclass, type, ®ion);
}
if (result != ISC_R_SUCCESS)
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/rdataslab.c
--- a/external/bsd/bind/dist/lib/dns/rdataslab.c Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/rdataslab.c Thu Sep 13 05:32:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rdataslab.c,v 1.5 2012/06/05 00:41:39 christos Exp $ */
+/* $NetBSD: rdataslab.c,v 1.6 2012/09/13 05:32:08 spz Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
@@ -307,6 +307,7 @@
length = x[i].rdata.length;
if (rdataset->type == dns_rdatatype_rrsig)
length++;
+ INSIST(length <= 0xffff);
*rawbuf++ = (length & 0xff00) >> 8;
*rawbuf++ = (length & 0x00ff);
#if DNS_RDATASET_FIXED
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/tests/Makefile.in
--- a/external/bsd/bind/dist/lib/dns/tests/Makefile.in Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/tests/Makefile.in Thu Sep 13 05:32:07 2012 +0000
@@ -39,13 +39,13 @@
OBJS = dnstest.@O@
SRCS = dnstest.c master_test.c dbiterator_test.c time_test.c \
private_test.c update_test.c zonemgr_test.c zt_test.c \
- dbdiff_test.c nsec3_test.c
+ dbdiff_test.c nsec3_test.c rdata_test.c
SUBDIRS =
TARGETS = master_test@EXEEXT@ dbiterator_test@EXEEXT@ time_test@EXEEXT@ \
private_test@EXEEXT@ update_test@EXEEXT@ zonemgr_test@EXEEXT@ \
zt_test@EXEEXT@ dbversion_test@EXEEXT@ dbdiff_test@EXEEXT@ \
- nsec3_test@EXEEXT@
+ nsec3_test@EXEEXT@ rdata_test@EXEEXT@
@BIND9_MAKE_RULES@
@@ -105,6 +105,10 @@
nsec3_test.@O@ dnstest.@O@ ${DNSLIBS} \
${ISCLIBS} ${LIBS}
+rdata_test@EXEEXT@: rdata_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ rdata_test.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
unit::
sh ${top_srcdir}/unit/unittest.sh
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/tests/master_test.c
--- a/external/bsd/bind/dist/lib/dns/tests/master_test.c Thu Sep 13 02:09:00 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/tests/master_test.c Thu Sep 13 05:32:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: master_test.c,v 1.1.1.2 2012/06/04 17:56:39 christos Exp $ */
+/* $NetBSD: master_test.c,v 1.2 2012/09/13 05:32:08 spz Exp $ */
/*
* Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
@@ -43,7 +43,7 @@
*/
#define BUFLEN 255
-#define BIGBUFLEN (64 * 1024)
+#define BIGBUFLEN (70 * 1024)
#define TEST_ORIGIN "test"
static dns_masterrawheader_t header;
@@ -230,6 +230,49 @@
dns_test_end();
}
+/* Too big rdata test */
+ATF_TC(toobig);
+ATF_TC_HEAD(toobig, tc) {
+ atf_tc_set_md_var(tc, "descr", "dns_master_loadfile() returns "
+ "ISC_R_NOSPACE when record is too big");
+}
+ATF_TC_BODY(toobig, tc) {
+ isc_result_t result;
+
+ UNUSED(tc);
+
+ result = dns_test_begin(NULL, ISC_FALSE);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = test_master("testdata/master/master15.data",
+ dns_masterformat_text);
+ ATF_REQUIRE_EQ(result, ISC_R_NOSPACE);
+
+ dns_test_end();
+}
+
+/* Maximum rdata test */
+ATF_TC(maxrdata);
+ATF_TC_HEAD(maxrdata, tc) {
+ atf_tc_set_md_var(tc, "descr", "dns_master_loadfile() returns "
+ "ISC_R_SUCCESS when record is maximum "
+ "size");
+}
+ATF_TC_BODY(maxrdata, tc) {
+ isc_result_t result;
+
+ UNUSED(tc);
+
+ result = dns_test_begin(NULL, ISC_FALSE);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = test_master("testdata/master/master16.data",
+ dns_masterformat_text);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ dns_test_end();
+}
+
/* DNSKEY test */
ATF_TC(dnskey);
ATF_TC_HEAD(dnskey, tc) {
@@ -532,6 +575,8 @@
ATF_TP_ADD_TC(tp, totext);
ATF_TP_ADD_TC(tp, loadraw);
ATF_TP_ADD_TC(tp, dumpraw);
+ ATF_TP_ADD_TC(tp, toobig);
+ ATF_TP_ADD_TC(tp, maxrdata);
return (atf_no_error());
}
diff -r a6552a1d4a6c -r 5f7401968ac9 external/bsd/bind/dist/lib/dns/tests/rdata_test.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/bind/dist/lib/dns/tests/rdata_test.c Thu Sep 13 05:32:07 2012 +0000
@@ -0,0 +1,87 @@
+/* $NetBSD: rdata_test.c,v 1.1 2012/09/13 05:32:08 spz Exp $ */
+/*
+ * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Id */
+
+/*! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
Home |
Main Index |
Thread Index |
Old Index