pool/bind
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44c7103fc2
bind/bind-CVE-2017-3135.patch
Navin Kukreja 9e49836a48 Accepting request 457420 from home:nkukreja:branches:network 
- Fix assertion failure or a NULL pointer read for configurations using both DNS64 and RPZ
  * CVE-2017-3135, bsc#1024130
  * bind-CVE-2017-3135.patch

OBS-URL: https://build.opensuse.org/request/show/457420
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=203
2017-02-15 13:26:45 +00:00

646 lines
20 KiB
Diff
Raw Blame History

Index: bind-9.10.4-P5/bin/tests/system/dname/ans3/ans.pl
===================================================================
--- /dev/null
+++ bind-9.10.4-P5/bin/tests/system/dname/ans3/ans.pl
@@ -0,0 +1,95 @@
+#!/usr/bin/env perl
+#
+# Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+use strict;
+use warnings;
+
+use IO::File;
+use Getopt::Long;
+use Net::DNS::Nameserver;
+
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
+print $pidf "$$\n" or die "cannot write pid file: $!";
+$pidf->close or die "cannot close pid file: $!";
+sub rmpid { unlink "ans.pid"; exit 1; };
+
+$SIG{INT} = \&rmpid;
+$SIG{TERM} = \&rmpid;
+
+my $localaddr = "10.53.0.3";
+my $localport = 5300;
+my $verbose = 0;
+my $ttl = 60;
+my $zone = "example.broken";
+my $nsname = "ns3.$zone";
+my $synth = "synth-then-dname.$zone";
+my $synth2 = "synth2-then-dname.$zone";
+
+sub reply_handler {
+ my ($qname, $qclass, $qtype, $peerhost, $query, $conn) = @_;
+ my ($rcode, @ans, @auth, @add);
+
+ print ("request: $qname/$qtype\n");
+ STDOUT->flush();
+
+ if ($qname eq "example.broken") {
+ if ($qtype eq "SOA") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass SOA . . 0 0 0 0 0");
+ push @ans, $rr;
+ } elsif ($qtype eq "NS") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass NS $nsname");
+ push @ans, $rr;
+ $rr = new Net::DNS::RR("$nsname $ttl $qclass A $localaddr");
+ push @add, $rr;
+ }
+ $rcode = "NOERROR";
+ } elsif ($qname eq "cname-to-$synth2") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME name.$synth2");
+ push @ans, $rr;
+ $rr = new Net::DNS::RR("name.$synth2 $ttl $qclass CNAME name");
+ push @ans, $rr;
+ $rr = new Net::DNS::RR("$synth2 $ttl $qclass DNAME .");
+ push @ans, $rr;
+ $rcode = "NOERROR";
+ } elsif ($qname eq "$synth" || $qname eq "$synth2") {
+ if ($qtype eq "DNAME") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass DNAME .");
+ push @ans, $rr;
+ }
+ $rcode = "NOERROR";
+ } elsif ($qname eq "name.$synth") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME name.");
+ push @ans, $rr;
+ $rr = new Net::DNS::RR("$synth $ttl $qclass DNAME .");
+ push @ans, $rr;
+ $rcode = "NOERROR";
+ } elsif ($qname eq "name.$synth2") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME name.");
+ push @ans, $rr;
+ $rr = new Net::DNS::RR("$synth2 $ttl $qclass DNAME .");
+ push @ans, $rr;
+ $rcode = "NOERROR";
+ } else {
+ $rcode = "REFUSED";
+ }
+ return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
+}
+
+GetOptions(
+ 'port=i' => \$localport,
+ 'verbose!' => \$verbose,
+);
+
+my $ns = Net::DNS::Nameserver->new(
+ LocalAddr => $localaddr,
+ LocalPort => $localport,
+ ReplyHandler => \&reply_handler,
+ Verbose => $verbose,
+);
+
+$ns->main_loop;
Index: bind-9.10.4-P5/bin/tests/system/dname/ns1/root.db
===================================================================
--- bind-9.10.4-P5.orig/bin/tests/system/dname/ns1/root.db
+++ bind-9.10.4-P5/bin/tests/system/dname/ns1/root.db
@@ -12,8 +12,6 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: root.db,v 1.2 2011/03/18 21:14:19 fdupont Exp $
-
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
@@ -27,3 +25,6 @@ a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
+
+example.broken. NS ns3.example.broken.
+ns3.example.broken. A 10.53.0.3
Index: bind-9.10.4-P5/bin/tests/system/dname/tests.sh
===================================================================
--- bind-9.10.4-P5.orig/bin/tests/system/dname/tests.sh
+++ bind-9.10.4-P5/bin/tests/system/dname/tests.sh
@@ -20,6 +20,7 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
+n=0
echo "I:checking short dname from authoritative"
ret=0
@@ -81,6 +82,26 @@ grep '^a.target.example.' dig.out.ns4.cn
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
-echo "I:exit status: $status"
+n=`expr $n + 1`
+echo "I:checking dname is returned with synthesized cname before dname ($n)"
+ret=0
+$DIG @10.53.0.4 -p 5300 name.synth-then-dname.example.broken A > dig.out.test$n
+grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
+grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
+grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
-exit $status
+n=`expr $n + 1`
+echo "I:checking dname is returned with cname to synthesized cname before dname ($n)"
+ret=0
+$DIG @10.53.0.4 -p 5300 cname-to-synth2-then-dname.example.broken A > dig.out.test$n
+grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
+grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-dname\.example\.broken.$' dig.out.test$n > /dev/null || ret=1
+grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
+grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1
Index: bind-9.10.4-P5/lib/dns/resolver.c
===================================================================
--- bind-9.10.4-P5.orig/lib/dns/resolver.c
+++ bind-9.10.4-P5/lib/dns/resolver.c
@@ -6099,9 +6099,13 @@ cname_target(dns_rdataset_t *rdataset, d
return (ISC_R_SUCCESS);
}
+/*%
+ * Construct the synthesised CNAME from the existing QNAME and
+ * the DNAME RR and store it in 'target'.
+ */
static inline isc_result_t
dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
- unsigned int nlabels, dns_fixedname_t *fixeddname)
+ unsigned int nlabels, dns_name_t *target)
{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -6121,14 +6125,33 @@ dname_target(dns_rdataset_t *rdataset, d
dns_fixedname_init(&prefix);
dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
- dns_fixedname_init(fixeddname);
result = dns_name_concatenate(dns_fixedname_name(&prefix),
- &dname.dname,
- dns_fixedname_name(fixeddname), NULL);
+ &dname.dname, target, NULL);
dns_rdata_freestruct(&dname);
return (result);
}
+/*%
+ * Check if it was possible to construct 'qname' from 'lastcname'
+ * and 'rdataset'.
+ */
+static inline isc_result_t
+fromdname(dns_rdataset_t *rdataset, dns_name_t *lastcname,
+ unsigned int nlabels, const dns_name_t *qname)
+{
+ dns_fixedname_t fixed;
+ isc_result_t result;
+ dns_name_t *target;
+
+ dns_fixedname_init(&fixed);
+ target = dns_fixedname_name(&fixed);
+ result = dname_target(rdataset, lastcname, nlabels, target);
+ if (result != ISC_R_SUCCESS || !dns_name_equal(qname, target))
+ return (ISC_R_NOTFOUND);
+
+ return (ISC_R_SUCCESS);
+}
+
static isc_boolean_t
is_answeraddress_allowed(dns_view_t *view, dns_name_t *name,
dns_rdataset_t *rdataset)
@@ -6745,12 +6768,12 @@ answer_response(fetchctx_t *fctx) {
isc_result_t result;
dns_message_t *message;
dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
- dns_name_t *cname = NULL;
+ dns_name_t *cname = NULL, *lastcname = NULL;
dns_rdataset_t *rdataset, *ns_rdataset;
- isc_boolean_t done, external, chaining, aa, found, want_chaining;
+ isc_boolean_t done, external, aa, found, want_chaining;
isc_boolean_t have_answer, found_cname, found_dname, found_type;
isc_boolean_t wanted_chaining;
- unsigned int aflag;
+ unsigned int aflag, chaining;
dns_rdatatype_t type;
dns_fixedname_t fdname, fqname;
dns_view_t *view;
@@ -6768,9 +6791,9 @@ answer_response(fetchctx_t *fctx) {
found_cname = ISC_FALSE;
found_dname = ISC_FALSE;
found_type = ISC_FALSE;
- chaining = ISC_FALSE;
have_answer = ISC_FALSE;
want_chaining = ISC_FALSE;
+ chaining = 0;
POST(want_chaining);
if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
aa = ISC_TRUE;
@@ -6781,14 +6804,15 @@ answer_response(fetchctx_t *fctx) {
view = fctx->res->view;
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (!done && result == ISC_R_SUCCESS) {
- dns_namereln_t namereln;
- int order;
- unsigned int nlabels;
+ dns_namereln_t namereln, lastreln;
+ int order, lastorder;
+ unsigned int nlabels, lastnlabels;
name = NULL;
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
+
if (namereln == dns_namereln_equal) {
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
@@ -6894,6 +6918,7 @@ answer_response(fetchctx_t *fctx) {
&fctx->domain)) {
return (DNS_R_SERVFAIL);
}
+ lastcname = name;
} else if (rdataset->type == dns_rdatatype_rrsig
&& rdataset->covers ==
dns_rdatatype_cname
@@ -6917,7 +6942,7 @@ answer_response(fetchctx_t *fctx) {
rdataset->attributes |=
DNS_RDATASETATTR_CACHE;
rdataset->trust = dns_trust_answer;
- if (!chaining) {
+ if (chaining == 0) {
/*
* This data is "the" answer
* to our question only if
@@ -6994,10 +7019,21 @@ answer_response(fetchctx_t *fctx) {
* cause us to ignore the signatures of
* CNAMEs.
*/
- if (wanted_chaining)
- chaining = ISC_TRUE;
+ if (wanted_chaining && chaining < 2U)
+ chaining++;
} else {
dns_rdataset_t *dnameset = NULL;
+ isc_boolean_t synthcname = ISC_FALSE;
+
+ if (lastcname != NULL) {
+ lastreln = dns_name_fullcompare(lastcname,
+ name,
+ &lastorder,
+ &lastnlabels);
+ if (lastreln == dns_namereln_subdomain &&
+ lastnlabels == dns_name_countlabels(name))
+ synthcname = ISC_TRUE;
+ }
/*
* Look for a DNAME (or its SIG). Anything else is
@@ -7026,7 +7062,7 @@ answer_response(fetchctx_t *fctx) {
* If we're not chaining, then the DNAME and
* its signature should not be external.
*/
- if (!chaining && external) {
+ if (chaining == 0 && external) {
char qbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
@@ -7044,16 +7080,9 @@ answer_response(fetchctx_t *fctx) {
/*
* If DNAME + synthetic CNAME then the
* namereln is dns_namereln_subdomain.
- *
- * If synthetic CNAME + DNAME then the
- * namereln is dns_namereln_commonancestor
- * and the number of label must match the
- * DNAME. This order is not RFC compliant.
*/
-
if (namereln != dns_namereln_subdomain &&
- (namereln != dns_namereln_commonancestor ||
- nlabels != dns_name_countlabels(name)))
+ !synthcname)
{
char qbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
@@ -7073,8 +7102,19 @@ answer_response(fetchctx_t *fctx) {
want_chaining = ISC_TRUE;
POST(want_chaining);
aflag = DNS_RDATASETATTR_ANSWER;
- result = dname_target(rdataset, qname,
- nlabels, &fdname);
+ dns_fixedname_init(&fdname);
+ dname = dns_fixedname_name(&fdname);
+ if (synthcname) {
+ result = fromdname(rdataset,
+ lastcname,
+ lastnlabels,
+ qname);
+ } else {
+ result = dname_target(rdataset,
+ qname,
+ nlabels,
+ dname);
+ }
if (result == ISC_R_NOSPACE) {
/*
* We can't construct the
@@ -7088,8 +7128,8 @@ answer_response(fetchctx_t *fctx) {
else
dnameset = rdataset;
- dname = dns_fixedname_name(&fdname);
- if (!is_answertarget_allowed(view,
+ if (!synthcname &&
+ !is_answertarget_allowed(view,
qname, rdataset->type,
dname, &fctx->domain))
{
@@ -7110,7 +7150,13 @@ answer_response(fetchctx_t *fctx) {
name->attributes |= DNS_NAMEATTR_CACHE;
rdataset->attributes |= DNS_RDATASETATTR_CACHE;
rdataset->trust = dns_trust_answer;
- if (!chaining) {
+ /*
+ * If we are not chaining or the first CNAME
+ * is a synthesised CNAME before the DNAME.
+ */
+ if ((chaining == 0) ||
+ (chaining == 1U && synthcname))
+ {
/*
* This data is "the" answer to
* our question only if we're
@@ -7120,9 +7166,12 @@ answer_response(fetchctx_t *fctx) {
if (aflag == DNS_RDATASETATTR_ANSWER) {
have_answer = ISC_TRUE;
found_dname = ISC_TRUE;
- if (cname != NULL)
+ if (cname != NULL &&
+ synthcname)
+ {
cname->attributes &=
~DNS_NAMEATTR_ANSWER;
+ }
name->attributes |=
DNS_NAMEATTR_ANSWER;
}
@@ -7140,26 +7189,35 @@ answer_response(fetchctx_t *fctx) {
* DNAME chaining.
*/
if (dnameset != NULL) {
- /*
- * Copy the dname into the qname fixed name.
- *
- * Although we check for failure of the copy
- * operation, in practice it should never fail
- * since we already know that the result fits
- * in a fixedname.
- */
- dns_fixedname_init(&fqname);
- qname = dns_fixedname_name(&fqname);
- result = dns_name_copy(dname, qname, NULL);
- if (result != ISC_R_SUCCESS)
- return (result);
+ if (!synthcname) {
+ /*
+ * Copy the dname into the qname fixed
+ * name.
+ *
+ * Although we check for failure of the
+ * copy operation, in practice it
+ * should never fail since we already
+ * know that the result fits in a
+ * fixedname.
+ */
+ dns_fixedname_init(&fqname);
+ qname = dns_fixedname_name(&fqname);
+ result = dns_name_copy(dname, qname,
+ NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
wanted_chaining = ISC_TRUE;
name->attributes |= DNS_NAMEATTR_CHAINING;
dnameset->attributes |=
DNS_RDATASETATTR_CHAINING;
}
- if (wanted_chaining)
- chaining = ISC_TRUE;
+ /*
+ * Ensure that we can't ever get chaining == 1
+ * above if we have processed a DNAME.
+ */
+ if (wanted_chaining && chaining < 2U)
+ chaining += 2;
}
result = dns_message_nextname(message, DNS_SECTION_ANSWER);
}
@@ -7184,7 +7242,7 @@ answer_response(fetchctx_t *fctx) {
/*
* Did chaining end before we got the final answer?
*/
- if (chaining) {
+ if (chaining != 0) {
/*
* Yes. This may be a negative reply, so hand off
* authority section processing to the noanswer code.
@@ -7233,7 +7291,7 @@ answer_response(fetchctx_t *fctx) {
DNS_NAMEATTR_CACHE;
rdataset->attributes |=
DNS_RDATASETATTR_CACHE;
- if (aa && !chaining)
+ if (aa && chaining == 0)
rdataset->trust =
dns_trust_authauthority;
else
Index: bind-9.10.4-P5/bin/named/query.c
===================================================================
--- bind-9.10.4-P5.orig/bin/named/query.c
+++ bind-9.10.4-P5/bin/named/query.c
@@ -6237,7 +6237,7 @@ query_find(ns_client_t *client, dns_fetc
dns_rpz_st_t *rpz_st;
isc_boolean_t resuming;
int line = -1;
- isc_boolean_t dns64_exclude, dns64;
+ isc_boolean_t dns64_exclude, dns64, rpz;
isc_boolean_t nxrewrite = ISC_FALSE;
isc_boolean_t redirected = ISC_FALSE;
dns_clientinfomethods_t cm;
@@ -6250,6 +6250,7 @@ query_find(ns_client_t *client, dns_fetc
char mbuf[BUFSIZ];
char qbuf[DNS_NAME_FORMATSIZE];
#endif
+ dns_name_t *rpzqname;
CTRACE(ISC_LOG_DEBUG(3), "query_find");
@@ -6275,7 +6276,7 @@ query_find(ns_client_t *client, dns_fetc
zone = NULL;
need_wildcardproof = ISC_FALSE;
empty_wild = ISC_FALSE;
- dns64_exclude = dns64 = ISC_FALSE;
+ dns64_exclude = dns64 = rpz = ISC_FALSE;
options = 0;
resuming = ISC_FALSE;
is_zone = ISC_FALSE;
@@ -6465,6 +6466,7 @@ query_find(ns_client_t *client, dns_fetc
authoritative = ISC_FALSE;
version = NULL;
need_wildcardproof = ISC_FALSE;
+ rpz = ISC_FALSE;
if (client->view->checknames &&
!dns_rdata_checkowner(client->query.qname,
@@ -6606,11 +6608,29 @@ query_find(ns_client_t *client, dns_fetc
}
/*
- * Now look for an answer in the database.
+ * Now look for an answer in the database. If this is a dns64
+ * AAAA lookup on a rpz database adjust the qname.
*/
- result = dns_db_findext(db, client->query.qname, version, type,
+ if (dns64 && rpz)
+ rpzqname = client->query.rpz_st->p_name;
+ else
+ rpzqname = client->query.qname;
+
+ result = dns_db_findext(db, rpzqname, version, type,
client->query.dboptions, client->now,
&node, fname, &cm, &ci, rdataset, sigrdataset);
+ /*
+ * Fixup fname and sigrdataset.
+ */
+ if (dns64 && rpz) {
+ isc_result_t rresult;
+
+ rresult = dns_name_copy(client->query.qname, fname, NULL);
+ RUNTIME_CHECK(rresult == ISC_R_SUCCESS);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ }
if (!is_zone)
dns_cache_updatestats(client->view->cache, result);
@@ -6840,10 +6860,12 @@ query_find(ns_client_t *client, dns_fetc
case DNS_RPZ_POLICY_NXDOMAIN:
result = DNS_R_NXDOMAIN;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_NODATA:
result = DNS_R_NXRRSET;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_RECORD:
result = rpz_st->m.result;
@@ -6863,6 +6885,7 @@ query_find(ns_client_t *client, dns_fetc
rdataset->ttl = ISC_MIN(rdataset->ttl,
rpz_st->m.ttl);
}
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_WILDCNAME:
result = dns_rdataset_first(rdataset);
@@ -6905,7 +6928,6 @@ query_find(ns_client_t *client, dns_fetc
NS_CLIENTATTR_WANTAD);
client->message->flags &= ~DNS_MESSAGEFLAG_AD;
query_putrdataset(client, &sigrdataset);
- rpz_st->q.is_zone = is_zone;
is_zone = ISC_TRUE;
rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
rpz_st->m.type, zone, rpz_st->p_name);
@@ -7289,15 +7311,6 @@ query_find(ns_client_t *client, dns_fetc
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -7612,15 +7625,6 @@ query_find(ns_client_t *client, dns_fetc
sigrdataset = NULL;
fname = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -8154,15 +8158,6 @@ query_find(ns_client_t *client, dns_fetc
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64_exclude = dns64 = ISC_TRUE;
goto db_find;
}
Index: bind-9.10.4-P5/lib/dns/message.c
===================================================================
--- bind-9.10.4-P5.orig/lib/dns/message.c
+++ bind-9.10.4-P5/lib/dns/message.c
@@ -1219,8 +1219,8 @@ getsection(isc_buffer_t *source, dns_mes
{
isc_region_t r;
unsigned int count, rdatalen;
- dns_name_t *name;
- dns_name_t *name2;
+ dns_name_t *name = NULL;
+ dns_name_t *name2 = NULL;
dns_offsets_t *offsets;
dns_rdataset_t *rdataset;
dns_rdatalist_t *rdatalist;
@@ -1230,7 +1230,7 @@ getsection(isc_buffer_t *source, dns_mes
dns_rdata_t *rdata;
dns_ttl_t ttl;
dns_namelist_t *section;
- isc_boolean_t free_name, free_rdataset;
+ isc_boolean_t free_name = ISC_FALSE, free_rdataset = ISC_FALSE;
isc_boolean_t preserve_order, best_effort, seen_problem;
isc_boolean_t issigzero;
Index: bind-9.10.4-P5/lib/dns/rdataset.c
===================================================================
--- bind-9.10.4-P5.orig/lib/dns/rdataset.c
+++ bind-9.10.4-P5/lib/dns/rdataset.c
@@ -338,6 +338,7 @@ towiresorted(dns_rdataset_t *rdataset, c
*/
REQUIRE(DNS_RDATASET_VALID(rdataset));
+ REQUIRE(rdataset->methods != NULL);
REQUIRE(countp != NULL);
REQUIRE((order == NULL) == (order_arg == NULL));
REQUIRE(cctx != NULL && cctx->mctx != NULL);
Reference in New Issue View Git Blame Copy Permalink