mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-24 09:25:01 +00:00
Upgrade to version 8.3.4, which simply cleans up and slightly
improves the security patches released for 8.3.3.
This commit is contained in:
parent
4b2c1407f9
commit
5664d0b5e1
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=70293
@ -11,8 +11,7 @@
|
||||
# you can generally build it cleanly from the source. - Doug
|
||||
|
||||
PORTNAME= bind
|
||||
PORTVERSION= 8.3.3
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 8.3.4
|
||||
CATEGORIES?= net
|
||||
MASTER_SITES= ${MASTER_SITE_ISC}
|
||||
MASTER_SITE_SUBDIR= bind/src/${PORTVERSION}
|
||||
|
@ -1,2 +1,2 @@
|
||||
MD5 (bind-8.3.3/bind-src.tar.gz) = 4e904fdc3d908294147054276eba4064
|
||||
MD5 (bind-8.3.3/bind-doc.tar.gz) = b5b09e7c00709ee4cd550aff3a21e958
|
||||
MD5 (bind-8.3.4/bind-src.tar.gz) = 214a5116782f439534b9d47cba88d44b
|
||||
MD5 (bind-8.3.4/bind-doc.tar.gz) = d1c7b87c2575e14e76223d1e89c5568a
|
||||
|
@ -1,234 +0,0 @@
|
||||
diff -ur src-patched/CHANGES src/CHANGES
|
||||
--- src-patched/CHANGES Wed Jun 26 21:25:08 2002
|
||||
+++ src/CHANGES Wed Nov 13 22:11:17 2002
|
||||
@@ -1,3 +1,23 @@
|
||||
+1469. [bug] buffer length calculation for PX was wrong.
|
||||
+
|
||||
+1468. [bug] ns_name_ntol() could overwite a zero length buffer.
|
||||
+
|
||||
+1467. [bug] off by one bug in ns_makecannon().
|
||||
+
|
||||
+1466. [bug] large ENDS UDP buffer size could trigger a assertion.
|
||||
+
|
||||
+1465. [bug] possible NULL pointer dereference in db_sec.c
|
||||
+
|
||||
+1464. [bug] the buffer used to construct the -ve record was not
|
||||
+ big enough for all possible SOA records. use pointer
|
||||
+ arithmetic to calculate the remaining size in this
|
||||
+ buffer.
|
||||
+
|
||||
+1463. [bug] use serial space arithmetic to determine if a SIG is
|
||||
+ too old, in the future or has internally constistant
|
||||
+ times.
|
||||
+
|
||||
+1462. [bug] write buffer overflow in make_rr().
|
||||
|
||||
--- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002)
|
||||
|
||||
diff -ur src-patched/bin/named/db_defs.h src/bin/named/db_defs.h
|
||||
--- src-patched/bin/named/db_defs.h Fri May 17 18:02:53 2002
|
||||
+++ src/bin/named/db_defs.h Wed Nov 13 22:11:17 2002
|
||||
@@ -78,7 +78,7 @@
|
||||
*/
|
||||
|
||||
/* max length of data in RR data field */
|
||||
-#define MAXDATA (2*MAXDNAME + 5*INT32SZ)
|
||||
+#define MAXDATA (3*MAXDNAME + 5*INT32SZ)
|
||||
|
||||
/* max length of data in a TXT RR segment */
|
||||
#define MAXCHARSTRING 255
|
||||
diff -ur src-patched/bin/named/db_sec.c src/bin/named/db_sec.c
|
||||
--- src-patched/bin/named/db_sec.c Mon Jun 18 07:42:57 2001
|
||||
+++ src/bin/named/db_sec.c Wed Nov 13 22:11:17 2002
|
||||
@@ -479,7 +479,9 @@
|
||||
struct sig_record *sigdata;
|
||||
struct dnode *sigdn;
|
||||
struct databuf *sigdp;
|
||||
- time_t now;
|
||||
+ u_int32_t now;
|
||||
+ u_int32_t exptime;
|
||||
+ u_int32_t signtime;
|
||||
char *signer;
|
||||
u_char name_n[MAXDNAME];
|
||||
u_char *sig, *eom;
|
||||
@@ -492,6 +494,7 @@
|
||||
int dnssec_failed = 0, dnssec_succeeded = 0;
|
||||
int return_value;
|
||||
int i;
|
||||
+ int expired = 0;
|
||||
|
||||
if (rrset == NULL || rrset->rr_name == NULL) {
|
||||
ns_warning (ns_log_default, "verify_set: missing rrset/name");
|
||||
@@ -527,11 +530,14 @@
|
||||
* Don't verify a set if the SIG inception time is in
|
||||
* the future. This should be fixed before 2038 (BEW)
|
||||
*/
|
||||
- if ((time_t)ntohl(sigdata->sig_time_n) > now)
|
||||
+ signtime = ntohl(sigdata->sig_time_n);
|
||||
+ if (SEQ_GT(signtime, now))
|
||||
continue;
|
||||
|
||||
/* An expired set is dropped, but the data is not. */
|
||||
- if ((time_t)ntohl(sigdata->sig_exp_n) < now) {
|
||||
+ exptime = ntohl(sigdata->sig_exp_n);
|
||||
+ if (SEQ_GT(now, exptime)) {
|
||||
+ expired++;
|
||||
db_detach(&sigdn->dp);
|
||||
sigdp = NULL;
|
||||
continue;
|
||||
@@ -723,7 +729,7 @@
|
||||
}
|
||||
|
||||
end:
|
||||
- if (dnssec_failed > 0)
|
||||
+ if (dnssec_failed > 0 || expired > 0)
|
||||
rrset_trim_sigs(rrset);
|
||||
if (trustedkey == 0 && key != NULL)
|
||||
dst_free_key(key);
|
||||
diff -ur src-patched/bin/named/ns_defs.h src/bin/named/ns_defs.h
|
||||
--- src-patched/bin/named/ns_defs.h Tue Jun 25 20:27:19 2002
|
||||
+++ src/bin/named/ns_defs.h Wed Nov 13 22:11:17 2002
|
||||
@@ -469,7 +469,7 @@
|
||||
q_cmsglen, /* len of cname message */
|
||||
q_cmsgsize; /* allocated size of cname message */
|
||||
int16_t q_dfd; /* UDP file descriptor */
|
||||
- int16_t q_udpsize; /* UDP message size */
|
||||
+ u_int16_t q_udpsize; /* UDP message size */
|
||||
int q_distance; /* distance this query is from the
|
||||
* original query that the server
|
||||
* received. */
|
||||
diff -ur src-patched/bin/named/ns_ncache.c src/bin/named/ns_ncache.c
|
||||
--- src-patched/bin/named/ns_ncache.c Mon Jun 18 07:43:16 2001
|
||||
+++ src/bin/named/ns_ncache.c Wed Nov 13 22:11:17 2002
|
||||
@@ -66,7 +66,7 @@
|
||||
u_int16_t atype;
|
||||
u_char *sp, *cp1;
|
||||
u_char data[MAXDATA];
|
||||
- size_t len = sizeof data;
|
||||
+ u_char *eod = data + sizeof(data);
|
||||
#endif
|
||||
|
||||
nameserIncr(from.sin_addr, nssRcvdNXD);
|
||||
@@ -186,7 +186,7 @@
|
||||
rdatap = cp;
|
||||
|
||||
/* origin */
|
||||
- n = dn_expand(msg, msg + msglen, cp, (char*)data, len);
|
||||
+ n = dn_expand(msg, msg + msglen, cp, (char*)data, eod - data);
|
||||
if (n < 0) {
|
||||
ns_debug(ns_log_ncache, 3,
|
||||
"ncache: origin form error");
|
||||
@@ -195,9 +195,8 @@
|
||||
cp += n;
|
||||
n = strlen((char*)data) + 1;
|
||||
cp1 = data + n;
|
||||
- len -= n;
|
||||
/* mail */
|
||||
- n = dn_expand(msg, msg + msglen, cp, (char*)cp1, len);
|
||||
+ n = dn_expand(msg, msg + msglen, cp, (char*)cp1, eod - cp1);
|
||||
if (n < 0) {
|
||||
ns_debug(ns_log_ncache, 3, "ncache: mail form error");
|
||||
return;
|
||||
@@ -205,20 +204,20 @@
|
||||
cp += n;
|
||||
n = strlen((char*)cp1) + 1;
|
||||
cp1 += n;
|
||||
- len -= n;
|
||||
n = 5 * INT32SZ;
|
||||
+ if (n > (eod - cp1)) /* Can't happen. See MAXDATA. */
|
||||
+ return;
|
||||
BOUNDS_CHECK(cp, n);
|
||||
memcpy(cp1, cp, n);
|
||||
/* serial, refresh, retry, expire, min */
|
||||
cp1 += n;
|
||||
- len -= n;
|
||||
cp += n;
|
||||
if (cp != rdatap + dlen) {
|
||||
ns_debug(ns_log_ncache, 3, "ncache: form error");
|
||||
return;
|
||||
}
|
||||
/* store the zone of the soa record */
|
||||
- n = dn_expand(msg, msg + msglen, sp, (char*)cp1, len);
|
||||
+ n = dn_expand(msg, msg + msglen, sp, (char*)cp1, eod - cp1);
|
||||
if (n < 0) {
|
||||
ns_debug(ns_log_ncache, 3, "ncache: form error 2");
|
||||
return;
|
||||
diff -ur src-patched/bin/named/ns_req.c src/bin/named/ns_req.c
|
||||
--- src-patched/bin/named/ns_req.c Sun May 12 16:41:52 2002
|
||||
+++ src/bin/named/ns_req.c Wed Nov 13 22:11:17 2002
|
||||
@@ -2195,7 +2195,7 @@
|
||||
|
||||
/* first just copy over the type_covered, algorithm, */
|
||||
/* labels, orig ttl, two timestamps, and the footprint */
|
||||
- if ((dp->d_size - 18) > buflen)
|
||||
+ if (buflen < 18)
|
||||
goto cleanup; /* out of room! */
|
||||
memcpy(cp, cp1, 18);
|
||||
cp += 18;
|
||||
diff -ur src-patched/bin/named/ns_resp.c src/bin/named/ns_resp.c
|
||||
--- src-patched/bin/named/ns_resp.c Wed Jun 26 20:09:19 2002
|
||||
+++ src/bin/named/ns_resp.c Wed Nov 13 22:11:17 2002
|
||||
@@ -2001,7 +2001,7 @@
|
||||
* to BOUNDS_CHECK() here.
|
||||
*/
|
||||
cp1 += (n = strlen((char *)cp1) + 1);
|
||||
- n1 = sizeof(data) - n;
|
||||
+ n1 = sizeof(data) - n - INT16SZ;
|
||||
n = dn_expand(msg, eom, cp, (char *)cp1, n1);
|
||||
if (n < 0) {
|
||||
hp->rcode = FORMERR;
|
||||
@@ -2043,8 +2043,18 @@
|
||||
ttl = origTTL;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Check that expire and signature times are internally
|
||||
+ * consistant.
|
||||
+ */
|
||||
+ if (!SEQ_GT(exptime, signtime) && exptime != signtime) {
|
||||
+ ns_debug(ns_log_default, 3,
|
||||
+ "ignoring SIG: signature expires before it was signed");
|
||||
+ return ((cp - rrp) + dlen);
|
||||
+ }
|
||||
+
|
||||
/* Don't let bogus signers "sign" in the future. */
|
||||
- if (signtime > now) {
|
||||
+ if (SEQ_GT(signtime, now)) {
|
||||
ns_debug(ns_log_default, 3,
|
||||
"ignoring SIG: signature date %s is in the future",
|
||||
p_secstodate (signtime));
|
||||
@@ -2052,7 +2062,7 @@
|
||||
}
|
||||
|
||||
/* Ignore received SIG RR's that are already expired. */
|
||||
- if (exptime <= now) {
|
||||
+ if (SEQ_GT(now, exptime)) {
|
||||
ns_debug(ns_log_default, 3,
|
||||
"ignoring SIG: expiration %s is in the past",
|
||||
p_secstodate (exptime));
|
||||
diff -ur src-patched/lib/nameser/ns_name.c src/lib/nameser/ns_name.c
|
||||
--- src-patched/lib/nameser/ns_name.c Thu May 23 22:10:40 2002
|
||||
+++ src/lib/nameser/ns_name.c Wed Nov 13 22:11:17 2002
|
||||
@@ -341,6 +341,10 @@
|
||||
dn = dst;
|
||||
eom = dst + dstsiz;
|
||||
|
||||
+ if (dn >= eom) {
|
||||
+ errno = EMSGSIZE;
|
||||
+ return (-1);
|
||||
+ }
|
||||
while ((n = *cp++) != 0) {
|
||||
if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
|
||||
/* Some kind of compression pointer. */
|
||||
diff -ur src-patched/lib/nameser/ns_samedomain.c src/lib/nameser/ns_samedomain.c
|
||||
--- src-patched/lib/nameser/ns_samedomain.c Fri Oct 15 14:06:51 1999
|
||||
+++ src/lib/nameser/ns_samedomain.c Wed Nov 13 22:11:17 2002
|
||||
@@ -166,7 +166,7 @@
|
||||
ns_makecanon(const char *src, char *dst, size_t dstsize) {
|
||||
size_t n = strlen(src);
|
||||
|
||||
- if (n + sizeof "." > dstsize) {
|
||||
+ if (n + sizeof "." + 1 > dstsize) {
|
||||
errno = EMSGSIZE;
|
||||
return (-1);
|
||||
}
|
@ -11,8 +11,7 @@
|
||||
# you can generally build it cleanly from the source. - Doug
|
||||
|
||||
PORTNAME= bind
|
||||
PORTVERSION= 8.3.3
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 8.3.4
|
||||
CATEGORIES?= net
|
||||
MASTER_SITES= ${MASTER_SITE_ISC}
|
||||
MASTER_SITE_SUBDIR= bind/src/${PORTVERSION}
|
||||
|
@ -1,2 +1,2 @@
|
||||
MD5 (bind-8.3.3/bind-src.tar.gz) = 4e904fdc3d908294147054276eba4064
|
||||
MD5 (bind-8.3.3/bind-doc.tar.gz) = b5b09e7c00709ee4cd550aff3a21e958
|
||||
MD5 (bind-8.3.4/bind-src.tar.gz) = 214a5116782f439534b9d47cba88d44b
|
||||
MD5 (bind-8.3.4/bind-doc.tar.gz) = d1c7b87c2575e14e76223d1e89c5568a
|
||||
|
@ -1,234 +0,0 @@
|
||||
diff -ur src-patched/CHANGES src/CHANGES
|
||||
--- src-patched/CHANGES Wed Jun 26 21:25:08 2002
|
||||
+++ src/CHANGES Wed Nov 13 22:11:17 2002
|
||||
@@ -1,3 +1,23 @@
|
||||
+1469. [bug] buffer length calculation for PX was wrong.
|
||||
+
|
||||
+1468. [bug] ns_name_ntol() could overwite a zero length buffer.
|
||||
+
|
||||
+1467. [bug] off by one bug in ns_makecannon().
|
||||
+
|
||||
+1466. [bug] large ENDS UDP buffer size could trigger a assertion.
|
||||
+
|
||||
+1465. [bug] possible NULL pointer dereference in db_sec.c
|
||||
+
|
||||
+1464. [bug] the buffer used to construct the -ve record was not
|
||||
+ big enough for all possible SOA records. use pointer
|
||||
+ arithmetic to calculate the remaining size in this
|
||||
+ buffer.
|
||||
+
|
||||
+1463. [bug] use serial space arithmetic to determine if a SIG is
|
||||
+ too old, in the future or has internally constistant
|
||||
+ times.
|
||||
+
|
||||
+1462. [bug] write buffer overflow in make_rr().
|
||||
|
||||
--- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002)
|
||||
|
||||
diff -ur src-patched/bin/named/db_defs.h src/bin/named/db_defs.h
|
||||
--- src-patched/bin/named/db_defs.h Fri May 17 18:02:53 2002
|
||||
+++ src/bin/named/db_defs.h Wed Nov 13 22:11:17 2002
|
||||
@@ -78,7 +78,7 @@
|
||||
*/
|
||||
|
||||
/* max length of data in RR data field */
|
||||
-#define MAXDATA (2*MAXDNAME + 5*INT32SZ)
|
||||
+#define MAXDATA (3*MAXDNAME + 5*INT32SZ)
|
||||
|
||||
/* max length of data in a TXT RR segment */
|
||||
#define MAXCHARSTRING 255
|
||||
diff -ur src-patched/bin/named/db_sec.c src/bin/named/db_sec.c
|
||||
--- src-patched/bin/named/db_sec.c Mon Jun 18 07:42:57 2001
|
||||
+++ src/bin/named/db_sec.c Wed Nov 13 22:11:17 2002
|
||||
@@ -479,7 +479,9 @@
|
||||
struct sig_record *sigdata;
|
||||
struct dnode *sigdn;
|
||||
struct databuf *sigdp;
|
||||
- time_t now;
|
||||
+ u_int32_t now;
|
||||
+ u_int32_t exptime;
|
||||
+ u_int32_t signtime;
|
||||
char *signer;
|
||||
u_char name_n[MAXDNAME];
|
||||
u_char *sig, *eom;
|
||||
@@ -492,6 +494,7 @@
|
||||
int dnssec_failed = 0, dnssec_succeeded = 0;
|
||||
int return_value;
|
||||
int i;
|
||||
+ int expired = 0;
|
||||
|
||||
if (rrset == NULL || rrset->rr_name == NULL) {
|
||||
ns_warning (ns_log_default, "verify_set: missing rrset/name");
|
||||
@@ -527,11 +530,14 @@
|
||||
* Don't verify a set if the SIG inception time is in
|
||||
* the future. This should be fixed before 2038 (BEW)
|
||||
*/
|
||||
- if ((time_t)ntohl(sigdata->sig_time_n) > now)
|
||||
+ signtime = ntohl(sigdata->sig_time_n);
|
||||
+ if (SEQ_GT(signtime, now))
|
||||
continue;
|
||||
|
||||
/* An expired set is dropped, but the data is not. */
|
||||
- if ((time_t)ntohl(sigdata->sig_exp_n) < now) {
|
||||
+ exptime = ntohl(sigdata->sig_exp_n);
|
||||
+ if (SEQ_GT(now, exptime)) {
|
||||
+ expired++;
|
||||
db_detach(&sigdn->dp);
|
||||
sigdp = NULL;
|
||||
continue;
|
||||
@@ -723,7 +729,7 @@
|
||||
}
|
||||
|
||||
end:
|
||||
- if (dnssec_failed > 0)
|
||||
+ if (dnssec_failed > 0 || expired > 0)
|
||||
rrset_trim_sigs(rrset);
|
||||
if (trustedkey == 0 && key != NULL)
|
||||
dst_free_key(key);
|
||||
diff -ur src-patched/bin/named/ns_defs.h src/bin/named/ns_defs.h
|
||||
--- src-patched/bin/named/ns_defs.h Tue Jun 25 20:27:19 2002
|
||||
+++ src/bin/named/ns_defs.h Wed Nov 13 22:11:17 2002
|
||||
@@ -469,7 +469,7 @@
|
||||
q_cmsglen, /* len of cname message */
|
||||
q_cmsgsize; /* allocated size of cname message */
|
||||
int16_t q_dfd; /* UDP file descriptor */
|
||||
- int16_t q_udpsize; /* UDP message size */
|
||||
+ u_int16_t q_udpsize; /* UDP message size */
|
||||
int q_distance; /* distance this query is from the
|
||||
* original query that the server
|
||||
* received. */
|
||||
diff -ur src-patched/bin/named/ns_ncache.c src/bin/named/ns_ncache.c
|
||||
--- src-patched/bin/named/ns_ncache.c Mon Jun 18 07:43:16 2001
|
||||
+++ src/bin/named/ns_ncache.c Wed Nov 13 22:11:17 2002
|
||||
@@ -66,7 +66,7 @@
|
||||
u_int16_t atype;
|
||||
u_char *sp, *cp1;
|
||||
u_char data[MAXDATA];
|
||||
- size_t len = sizeof data;
|
||||
+ u_char *eod = data + sizeof(data);
|
||||
#endif
|
||||
|
||||
nameserIncr(from.sin_addr, nssRcvdNXD);
|
||||
@@ -186,7 +186,7 @@
|
||||
rdatap = cp;
|
||||
|
||||
/* origin */
|
||||
- n = dn_expand(msg, msg + msglen, cp, (char*)data, len);
|
||||
+ n = dn_expand(msg, msg + msglen, cp, (char*)data, eod - data);
|
||||
if (n < 0) {
|
||||
ns_debug(ns_log_ncache, 3,
|
||||
"ncache: origin form error");
|
||||
@@ -195,9 +195,8 @@
|
||||
cp += n;
|
||||
n = strlen((char*)data) + 1;
|
||||
cp1 = data + n;
|
||||
- len -= n;
|
||||
/* mail */
|
||||
- n = dn_expand(msg, msg + msglen, cp, (char*)cp1, len);
|
||||
+ n = dn_expand(msg, msg + msglen, cp, (char*)cp1, eod - cp1);
|
||||
if (n < 0) {
|
||||
ns_debug(ns_log_ncache, 3, "ncache: mail form error");
|
||||
return;
|
||||
@@ -205,20 +204,20 @@
|
||||
cp += n;
|
||||
n = strlen((char*)cp1) + 1;
|
||||
cp1 += n;
|
||||
- len -= n;
|
||||
n = 5 * INT32SZ;
|
||||
+ if (n > (eod - cp1)) /* Can't happen. See MAXDATA. */
|
||||
+ return;
|
||||
BOUNDS_CHECK(cp, n);
|
||||
memcpy(cp1, cp, n);
|
||||
/* serial, refresh, retry, expire, min */
|
||||
cp1 += n;
|
||||
- len -= n;
|
||||
cp += n;
|
||||
if (cp != rdatap + dlen) {
|
||||
ns_debug(ns_log_ncache, 3, "ncache: form error");
|
||||
return;
|
||||
}
|
||||
/* store the zone of the soa record */
|
||||
- n = dn_expand(msg, msg + msglen, sp, (char*)cp1, len);
|
||||
+ n = dn_expand(msg, msg + msglen, sp, (char*)cp1, eod - cp1);
|
||||
if (n < 0) {
|
||||
ns_debug(ns_log_ncache, 3, "ncache: form error 2");
|
||||
return;
|
||||
diff -ur src-patched/bin/named/ns_req.c src/bin/named/ns_req.c
|
||||
--- src-patched/bin/named/ns_req.c Sun May 12 16:41:52 2002
|
||||
+++ src/bin/named/ns_req.c Wed Nov 13 22:11:17 2002
|
||||
@@ -2195,7 +2195,7 @@
|
||||
|
||||
/* first just copy over the type_covered, algorithm, */
|
||||
/* labels, orig ttl, two timestamps, and the footprint */
|
||||
- if ((dp->d_size - 18) > buflen)
|
||||
+ if (buflen < 18)
|
||||
goto cleanup; /* out of room! */
|
||||
memcpy(cp, cp1, 18);
|
||||
cp += 18;
|
||||
diff -ur src-patched/bin/named/ns_resp.c src/bin/named/ns_resp.c
|
||||
--- src-patched/bin/named/ns_resp.c Wed Jun 26 20:09:19 2002
|
||||
+++ src/bin/named/ns_resp.c Wed Nov 13 22:11:17 2002
|
||||
@@ -2001,7 +2001,7 @@
|
||||
* to BOUNDS_CHECK() here.
|
||||
*/
|
||||
cp1 += (n = strlen((char *)cp1) + 1);
|
||||
- n1 = sizeof(data) - n;
|
||||
+ n1 = sizeof(data) - n - INT16SZ;
|
||||
n = dn_expand(msg, eom, cp, (char *)cp1, n1);
|
||||
if (n < 0) {
|
||||
hp->rcode = FORMERR;
|
||||
@@ -2043,8 +2043,18 @@
|
||||
ttl = origTTL;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Check that expire and signature times are internally
|
||||
+ * consistant.
|
||||
+ */
|
||||
+ if (!SEQ_GT(exptime, signtime) && exptime != signtime) {
|
||||
+ ns_debug(ns_log_default, 3,
|
||||
+ "ignoring SIG: signature expires before it was signed");
|
||||
+ return ((cp - rrp) + dlen);
|
||||
+ }
|
||||
+
|
||||
/* Don't let bogus signers "sign" in the future. */
|
||||
- if (signtime > now) {
|
||||
+ if (SEQ_GT(signtime, now)) {
|
||||
ns_debug(ns_log_default, 3,
|
||||
"ignoring SIG: signature date %s is in the future",
|
||||
p_secstodate (signtime));
|
||||
@@ -2052,7 +2062,7 @@
|
||||
}
|
||||
|
||||
/* Ignore received SIG RR's that are already expired. */
|
||||
- if (exptime <= now) {
|
||||
+ if (SEQ_GT(now, exptime)) {
|
||||
ns_debug(ns_log_default, 3,
|
||||
"ignoring SIG: expiration %s is in the past",
|
||||
p_secstodate (exptime));
|
||||
diff -ur src-patched/lib/nameser/ns_name.c src/lib/nameser/ns_name.c
|
||||
--- src-patched/lib/nameser/ns_name.c Thu May 23 22:10:40 2002
|
||||
+++ src/lib/nameser/ns_name.c Wed Nov 13 22:11:17 2002
|
||||
@@ -341,6 +341,10 @@
|
||||
dn = dst;
|
||||
eom = dst + dstsiz;
|
||||
|
||||
+ if (dn >= eom) {
|
||||
+ errno = EMSGSIZE;
|
||||
+ return (-1);
|
||||
+ }
|
||||
while ((n = *cp++) != 0) {
|
||||
if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
|
||||
/* Some kind of compression pointer. */
|
||||
diff -ur src-patched/lib/nameser/ns_samedomain.c src/lib/nameser/ns_samedomain.c
|
||||
--- src-patched/lib/nameser/ns_samedomain.c Fri Oct 15 14:06:51 1999
|
||||
+++ src/lib/nameser/ns_samedomain.c Wed Nov 13 22:11:17 2002
|
||||
@@ -166,7 +166,7 @@
|
||||
ns_makecanon(const char *src, char *dst, size_t dstsize) {
|
||||
size_t n = strlen(src);
|
||||
|
||||
- if (n + sizeof "." > dstsize) {
|
||||
+ if (n + sizeof "." + 1 > dstsize) {
|
||||
errno = EMSGSIZE;
|
||||
return (-1);
|
||||
}
|
Loading…
Reference in New Issue
Block a user