Overview

File bind-9.7.3-CVE-2011-4313.patch of Package bind

diff -up bin/named/query.c.orig-4313 bin/named/query.c
--- bin/named/query.c.orig-4313	2010-09-24 07:54:05.000000000 +0200
+++ bin/named/query.c	2011-11-22 08:21:13.690305241 +0100
@@ -1280,11 +1280,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			/*
-			 * Negative cache entries don't have sigrdatasets.
-			 */
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1325,8 +1323,9 @@ query_addadditional(void *arg, dns_name_
 			goto addname;
 		if (result == DNS_R_NCACHENXRRSET) {
 			dns_rdataset_disassociate(rdataset);
-			INSIST(sigrdataset == NULL ||
-			       ! dns_rdataset_isassociated(sigrdataset));
+			if (sigrdataset != NULL &&
+			    dns_rdataset_isassociated(sigrdataset))
+				dns_rdataset_disassociate(sigrdataset);
 		}
 		if (result == ISC_R_SUCCESS) {
 			mname = NULL;
@@ -1775,10 +1774,8 @@ query_addadditional2(void *arg, dns_name
 		goto setcache;
 	if (result == DNS_R_NCACHENXRRSET) {
 		dns_rdataset_disassociate(rdataset);
-		/*
-		 * Negative cache entries don't have sigrdatasets.
-		 */
-		INSIST(! dns_rdataset_isassociated(sigrdataset));
+		if (dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
 	}
 	if (result == ISC_R_SUCCESS) {
 		/* Remember the result as a cache */
diff -up lib/dns/rbtdb.c.orig-4313 lib/dns/rbtdb.c
--- lib/dns/rbtdb.c.orig-4313	2011-06-21 22:14:47.000000000 +0200
+++ lib/dns/rbtdb.c	2011-11-22 08:21:13.692305198 +0100
@@ -4822,7 +4822,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
 			      rdataset);
 		if (need_headerupdate(found, search.now))
 			update = found;
-		if (foundsig != NULL) {
+		if (!NEGATIVE(found) && foundsig != NULL) {
 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
 				      sigrdataset);
 			if (need_headerupdate(foundsig, search.now))
@@ -5451,7 +5451,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
 	}
 	if (found != NULL) {
 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-		if (foundsig != NULL)
+		if (!NEGATIVE(found) && foundsig != NULL)
 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
 				      sigrdataset);
 	}
openSUSE Build Service is sponsored by
Places