Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.
This patch was mostly prepared using Coccinelle and the following
semantic patch:
@@
expression fixedname, name;
@@
- dns_fixedname_init(&fixedname);
...
- name = dns_fixedname_name(&fixedname);
+ name = dns_fixedname_initname(&fixedname);
The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.
It is likely that more occurrences of this pattern can be refactored in
an identical way. This commit only takes care of the low-hanging fruit.
(cherry picked from commit 4df4a8e731)
(cherry picked from commit 0041aeb751)
4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of
strlcpy() and strlcat() for safety. [RT #45981]
(cherry picked from commit 114f95089c)
4670. [cleanup] Ensure that a request MAC is never sent back
in an XFR response unless the signature was
verified. [RT #45494]
(cherry picked from commit 0ad72b96d2)
4643. [security] An error in TSIG handling could permit unauthorized
zone transfers or zone updates. (CVE-2017-3142)
(CVE-2017-3143) [RT #45383]
(cherry picked from commit 581c1526ab)
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
3486. [bug] named could crash when using TKEY-negotiated keys
that had been deleted and then recreated. [RT #32506]
commit 6a48b9999766d26cddc7cef275cd984b7d53c014
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 14:59:46 2013 -0800
[rt32506] don't dump key if dump is unimplemented
commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 14:42:25 2013 -0800
[rt32506] make sure LRU needs adjusting before adjusting it
commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 12:28:28 2013 -0800
[rt32506] demonstrate bugs in tkey test
- nsupdate can now get the default realm from
the user's Kerberos principal
- corrected gsstest compilation flags
- improved documentation
- fixed some NULL dereferences
[RT #22795]
increment the reference count.
Note: dns_tsigkey_createfromkey() callers should now
always call dst_key_free() rather than setting it
to NULL on success. [RT #22672]
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
[RT #19737]
- add ddns-confgen command to generate
configuration text for named.conf
- add zone option "ddns-autoconf yes;", which
causes named to generate a TSIG session key
and allow updates to the zone using that key
- add '-l' (localhost) option to nsupdate, which
causes nsupdate to connect to a locally-running
named process using the session key generated
by named
[RT #19284]
