Fix named(8) DNSSEC validation Denial of Service.

Security: FreeBSD-SA-12:05.bind Security: CVE-2012-3817 Obtained from: ISC Approved by: so (simon)
freebsd · Aug 6, 2012 · aa00f57 · aa00f57
1 parent 29398d1
commit aa00f57
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/UPDATING b/UPDATING
@@ -8,6 +8,9 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20120806:	p10	FreeBSD-SA-12:05.bind
+	Fix named(8) DNSSEC validation Denial of Service.
+
 20120612:	p9	FreeBSD-SA-12:03.bind
 			FreeBSD-SA-12:04.sysret
 	Fix a problem where zero-length RDATA fields can cause named to crash.

diff --git a/contrib/bind9/lib/dns/resolver.c b/contrib/bind9/lib/dns/resolver.c
@@ -7622,6 +7622,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 		}
 		bad->type = type;
 		bad->hashval = hashval;
+		bad->expire = *expire;
 		isc_buffer_init(&buffer, bad + 1, name->length);
 		dns_name_init(&bad->name, NULL);
 		dns_name_copy(name, &bad->name, &buffer);
@@ -7633,8 +7634,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 		if (resolver->badcount < resolver->badhash * 2 &&
 		    resolver->badhash > DNS_BADCACHE_SIZE)
 			resizehash(resolver, &now, ISC_FALSE);
-	}
-	bad->expire = *expire;
+	} else
+		bad->expire = *expire;
  cleanup:
 	UNLOCK(&resolver->lock);
 }

diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="7.4"
-BRANCH="RELEASE-p9"
+BRANCH="RELEASE-p10"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi