os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-07:02/bind62.patch
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

257 lines
7.4 KiB
Diff
Raw Blame History

Index: contrib/bind9/lib/dns/resolver.c
===================================================================
RCS file: /home/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
retrieving revision 1.1.1.2.2.5
diff -u -I__FBSDID -r1.1.1.2.2.5 resolver.c
--- contrib/bind9/lib/dns/resolver.c 13 Dec 2006 09:46:57 -0000 1.1.1.2.2.5
+++ contrib/bind9/lib/dns/resolver.c 6 Feb 2007 08:11:29 -0000
@@ -218,6 +218,11 @@
dns_name_t nsname;
dns_fetch_t * nsfetch;
dns_rdataset_t nsrrset;
+
+ /*%
+ * Number of queries that reference this context.
+ */
+ unsigned int nqueries;
};
#define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!')
@@ -351,6 +356,7 @@
dns_rdataset_t *ardataset,
isc_result_t *eresultp);
static void validated(isc_task_t *task, isc_event_t *event);
+static void maybe_destroy(fetchctx_t *fctx);
static isc_result_t
valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
@@ -369,6 +375,9 @@
valarg->fctx = fctx;
valarg->addrinfo = addrinfo;
+ if (!ISC_LIST_EMPTY(fctx->validators))
+ INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
+
result = dns_validator_create(fctx->res->view, name, type, rdataset,
sigrdataset, fctx->rmessage,
valoptions, task, validated, valarg,
@@ -515,6 +524,9 @@
INSIST(query->tcpsocket == NULL);
+ query->fctx->nqueries--;
+ if (SHUTTINGDOWN(query->fctx))
+ maybe_destroy(query->fctx); /* Locks bucket. */
query->magic = 0;
isc_mem_put(query->mctx, query, sizeof(*query));
*queryp = NULL;
@@ -973,6 +985,8 @@
if (result != ISC_R_SUCCESS)
return (result);
+ INSIST(ISC_LIST_EMPTY(fctx->validators));
+
dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
query = isc_mem_get(res->mctx, sizeof(*query));
@@ -1088,6 +1102,7 @@
}
ISC_LIST_APPEND(fctx->queries, query, link);
+ query->fctx->nqueries++;
return (ISC_R_SUCCESS);
@@ -1540,7 +1555,7 @@
want_done = ISC_TRUE;
}
} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
- ISC_LIST_EMPTY(fctx->validators)) {
+ fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
bucketnum = fctx->bucketnum;
LOCK(&res->buckets[bucketnum].lock);
/*
@@ -2394,8 +2409,8 @@
REQUIRE(ISC_LIST_EMPTY(fctx->finds));
REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
REQUIRE(fctx->pending == 0);
- REQUIRE(ISC_LIST_EMPTY(fctx->validators));
REQUIRE(fctx->references == 0);
+ REQUIRE(ISC_LIST_EMPTY(fctx->validators));
FCTXTRACE("destroy");
@@ -2569,7 +2584,7 @@
}
if (fctx->references == 0 && fctx->pending == 0 &&
- ISC_LIST_EMPTY(fctx->validators))
+ fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
bucket_empty = fctx_destroy(fctx);
UNLOCK(&res->buckets[bucketnum].lock);
@@ -2610,6 +2625,7 @@
* pending ADB finds and no pending validations.
*/
INSIST(fctx->pending == 0);
+ INSIST(fctx->nqueries == 0);
INSIST(ISC_LIST_EMPTY(fctx->validators));
if (fctx->references == 0) {
/*
@@ -2771,6 +2787,7 @@
fctx->restarts = 0;
fctx->timeouts = 0;
fctx->attributes = 0;
+ fctx->nqueries = 0;
dns_name_init(&fctx->nsname, NULL);
fctx->nsfetch = NULL;
@@ -3093,12 +3110,21 @@
unsigned int bucketnum;
isc_boolean_t bucket_empty = ISC_FALSE;
dns_resolver_t *res = fctx->res;
+ dns_validator_t *validator;
REQUIRE(SHUTTINGDOWN(fctx));
- if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
+ if (fctx->pending != 0 || fctx->nqueries != 0)
return;
+ for (validator = ISC_LIST_HEAD(fctx->validators);
+ validator != NULL;
+ validator = ISC_LIST_HEAD(fctx->validators)) {
+ ISC_LIST_UNLINK(fctx->validators, validator, link);
+ dns_validator_cancel(validator);
+ dns_validator_destroy(&validator);
+ }
+
bucketnum = fctx->bucketnum;
LOCK(&res->buckets[bucketnum].lock);
if (fctx->references == 0)
@@ -3232,7 +3258,9 @@
add_bad(fctx, &addrinfo->sockaddr, result);
isc_event_free(&event);
UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
- if (sentresponse)
+ if (!ISC_LIST_EMPTY(fctx->validators))
+ dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+ else if (sentresponse)
fctx_done(fctx, result); /* Locks bucket. */
else
fctx_try(fctx); /* Locks bucket. */
@@ -3330,6 +3358,7 @@
* be validated.
*/
UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
+ dns_validator_send(ISC_LIST_HEAD(fctx->validators));
goto cleanup_event;
}
@@ -3640,6 +3669,13 @@
rdataset,
sigrdataset,
valoptions, task);
+ /*
+ * Defer any further validations.
+ * This prevents multiple validators
+ * from manipulating fctx->rmessage
+ * simultaniously.
+ */
+ valoptions |= DNS_VALIDATOR_DEFER;
}
} else if (CHAINING(rdataset)) {
if (rdataset->type == dns_rdatatype_cname)
@@ -6371,7 +6407,8 @@
/*
* No one cares about the result of this fetch anymore.
*/
- if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
+ if (fctx->pending == 0 && fctx->nqueries == 0 &&
+ ISC_LIST_EMPTY(fctx->validators) &&
SHUTTINGDOWN(fctx)) {
/*
* This fctx is already shutdown; we were just
Index: contrib/bind9/lib/dns/validator.c
===================================================================
RCS file: /home/ncvs/src/contrib/bind9/lib/dns/validator.c,v
retrieving revision 1.1.1.2.2.2
diff -u -I__FBSDID -r1.1.1.2.2.2 validator.c
--- contrib/bind9/lib/dns/validator.c 13 Dec 2006 09:46:57 -0000 1.1.1.2.2.2
+++ contrib/bind9/lib/dns/validator.c 6 Feb 2007 08:11:31 -0000
@@ -2825,7 +2825,8 @@
ISC_LINK_INIT(val, link);
val->magic = VALIDATOR_MAGIC;
- isc_task_send(task, ISC_EVENT_PTR(&event));
+ if ((options & DNS_VALIDATOR_DEFER) == 0)
+ isc_task_send(task, ISC_EVENT_PTR(&event));
*validatorp = val;
@@ -2843,6 +2844,21 @@
}
void
+dns_validator_send(dns_validator_t *validator) {
+ isc_event_t *event;
+ REQUIRE(VALID_VALIDATOR(validator));
+
+ LOCK(&validator->lock);
+
+ INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
+ event = (isc_event_t *)validator->event;
+ validator->options &= ~DNS_VALIDATOR_DEFER;
+ UNLOCK(&validator->lock);
+
+ isc_task_send(validator->task, ISC_EVENT_PTR(&event));
+}
+
+void
dns_validator_cancel(dns_validator_t *validator) {
REQUIRE(VALID_VALIDATOR(validator));
@@ -2856,6 +2872,12 @@
if (validator->subvalidator != NULL)
dns_validator_cancel(validator->subvalidator);
+ if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
+ isc_task_t *task = validator->event->ev_sender;
+ validator->options &= ~DNS_VALIDATOR_DEFER;
+ isc_event_free((isc_event_t **)&validator->event);
+ isc_task_detach(&task);
+ }
}
UNLOCK(&validator->lock);
}
Index: contrib/bind9/lib/dns/include/dns/validator.h
===================================================================
RCS file: /home/ncvs/src/contrib/bind9/lib/dns/include/dns/validator.h,v
retrieving revision 1.1.1.1.4.2
diff -u -I__FBSDID -r1.1.1.1.4.2 validator.h
--- contrib/bind9/lib/dns/include/dns/validator.h 13 Dec 2006 09:46:58 -0000 1.1.1.1.4.2
+++ contrib/bind9/lib/dns/include/dns/validator.h 6 Feb 2007 08:11:31 -0000
@@ -144,6 +144,7 @@
* dns_validator_create() options.
*/
#define DNS_VALIDATOR_DLV 1U
+#define DNS_VALIDATOR_DEFER 2U
ISC_LANG_BEGINDECLS
@@ -192,6 +193,15 @@
*/
void
+dns_validator_send(dns_validator_t *validator);
+/*%<
+ * Send a deferred validation request
+ *
+ * Requires:
+ * 'validator' to points to a valid DNSSEC validator.
+ */
+
+void
dns_validator_cancel(dns_validator_t *validator);
/*%<
* Cancel a DNSSEC validation in progress.
Reference in a new issue View git blame Copy permalink