upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-02 05:20:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

2376. [bug] Change #2144 was not complete.

Browse source
This commit is contained in:
Mark Andrews 2008-05-29 05:30:30 +00:00
parent f1e151afbb
commit 29b1ebf435
2 changed files with 45 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
CHANGES
View file

@ -1,7 +1,9 @@
2375. [security] Fully randomize UDP query ports to improve
2376. [bug] Change #2144 was not complete.
2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]
2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
2369. [bug] libbind: Array bounds overrun on read in bitncmp().
[RT #18054]
@ -51,12 +53,12 @@
2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
2335. [port] sunos: libbind and *printf() support for long long.
2335. [port] sunos: libbind and *printf() support for long long.
[RT #17513]
2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
bug in fromstruct_txt(). [RT #17609]
2333. [bug] Fix off by one error in isc_time_nowplusinterval().
[RT #17608]
@ -90,7 +92,7 @@
2322. [port] MacOS: work around the limitation of setrlimit()
for RLIMIT_NOFILE. [RT #17526]
2319. [bug] Silence Coverity warnings in
2319. [bug] Silence Coverity warnings in
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2318. [port] sunos fixes for libbind. [RT #17514]
@ -104,9 +106,9 @@
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
2311. [func] Update ACL regression test. [RT #17462]
2311. [func] Update ACL regression test. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
@ -130,7 +132,7 @@
2301. [bug] Remove resource leak and fix error messages in
bin/tests/system/lwresd/lwtest.c. [RT #17474]
2300. [bug] Fixed failure to close open file in
2300. [bug] Fixed failure to close open file in
bin/tests/names/t_names.c. [RT #17473]
2299. [bug] Remove unnecessary NULL check in
@ -153,7 +155,7 @@
2292. [bug] Log if the working directory is not writable.
[RT #17312]
2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
@ -172,7 +174,7 @@
memory context rather than the clients memory
context. [RT #17377]
2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
@ -248,10 +250,10 @@
reality. Note there is behaviour change for BIND 9.5.
[RT #17113]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
@ -266,8 +268,8 @@
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
@ -282,7 +284,7 @@
2227. [cleanup] Tidied up the FAQ. [RT #17121]
2225. [bug] More support for systems with no IPv4 addresses.
[RT #17111]
[RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
@ -296,7 +298,7 @@
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
@ -304,7 +306,7 @@
[RT #16976]
2216. [cleanup] Fix a number of errors reported by Coverity.
[RT #17094]
[RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
@ -347,13 +349,13 @@
localhost;) is used.
[RT #16987]
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
2202. [security] The default acls for allow-query-cache and
2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
2200. [bug] The search for cached NSEC records was stopping to
@ -446,7 +448,7 @@
a server address as a name to be looked up, causing
unexpected output. [RT #16743]
2164. [bug] The code to determine how named-checkzone /
2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
@ -629,14 +631,14 @@
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
2094. [contrib] Update named-bootconf. [RT# 16404]
2093. [bug] named-checkzone -s was broken.
2092. [bug] win32: dig, host, nslookup. Use registry config
if resolv.conf does not exist or no nameservers
listed. [RT #15877]
listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
@ -1044,7 +1046,7 @@
1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
1963. [port] Tru64 4.0E doesn't support send() and recv().
1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when it
@ -1087,7 +1089,7 @@
1951. [security] Drop queries from particular well known ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
@ -1109,7 +1111,7 @@
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
To generate a RSAMD5 key you must explicitly request
RSAMD5. [RT #13780]
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
@ -1231,7 +1233,7 @@
[RT #15034]
1905. [bug] Strings returned from cfg_obj_asstring() should be
treated as read-only. The prototype for
treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256]
@ -1361,10 +1363,10 @@
1863. [bug] rrset-order "fixed" error messages not complete.
1862. [func] Add additional zone data constancy checks.
named-checkzone has extended checking of NS, MX and
named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
New zone options: check-mx and integrity-check.
New zone options: check-mx and integrity-check.
[RT #4940]
1861. [bug] dig could trigger a INSIST on certain malformed
@ -1407,9 +1409,9 @@
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
dns_rbtdb_create()/dns_rbtdb64_create().
dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer@nic.fr>.
@ -1695,7 +1697,7 @@
[RT #12866]
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
@ -1713,7 +1715,7 @@
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
@ -1724,7 +1726,7 @@
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
@ -1739,7 +1741,7 @@
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
[RE #12688]
@ -1916,7 +1918,7 @@
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
1674. [port] linux: increase buffer size used to scan
/proc/net/if_inet6.
@ -1988,7 +1990,7 @@
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
implemented).
implemented).
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
@ -2018,7 +2020,7 @@
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
@ -2112,21 +2114,21 @@
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
1606. [bug] DLV insecurity proof was failing.
1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
1601. [bug] Silence spurious warning 'both "recursion no;" and
1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]

4
lib/dns/resolver.c
View file

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.c,v 1.284.18.72 2008/05/22 21:16:05 each Exp $ */
/* $Id: resolver.c,v 1.284.18.73 2008/05/29 05:30:30 marka Exp $ */
/*! \file */
@ -1928,7 +1928,7 @@ add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason) {
return;
if (reason == DNS_R_UNEXPECTEDRCODE &&
fctx->rmessage->opcode == dns_rcode_servfail &&
fctx->rmessage->rcode == dns_rcode_servfail &&
ISFORWARDER(addrinfo))
return;