mirror of
https://github.com/opnsense/src.git
synced 2026-02-12 23:36:07 -05:00
37bb75f740
1. Very large RRSIG RRsets included in a negative cache can trigger an assertion failure that will crash named (BIND 9 DNS) due to an off-by-one error in a buffer size check. This bug affects all resolving name servers, whether DNSSEC validation is enabled or not, on all BIND versions prior to today. There is a possibility of malicious exploitation of this bug by remote users. 2. Named could fail to validate zones listed in a DLV that validated insecure without using DLV and had DS records in the parent zone. Add a patch provided by ru@ and confirmed by ISC to fix a crash at shutdown time when a SIG(0) key is being used.
64 lines
1.7 KiB
C
64 lines
1.7 KiB
C
/*
|
|
* Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
|
|
* Copyright (C) 1999-2001 Internet Software Consortium.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
* PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
|
|
/* $Id: bufferlist.c,v 1.17 2007-06-19 23:47:17 tbox Exp $ */
|
|
|
|
/*! \file */
|
|
|
|
#include <config.h>
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <isc/buffer.h>
|
|
#include <isc/bufferlist.h>
|
|
#include <isc/util.h>
|
|
|
|
unsigned int
|
|
isc_bufferlist_usedcount(isc_bufferlist_t *bl) {
|
|
isc_buffer_t *buffer;
|
|
unsigned int length;
|
|
|
|
REQUIRE(bl != NULL);
|
|
|
|
length = 0;
|
|
buffer = ISC_LIST_HEAD(*bl);
|
|
while (buffer != NULL) {
|
|
REQUIRE(ISC_BUFFER_VALID(buffer));
|
|
length += isc_buffer_usedlength(buffer);
|
|
buffer = ISC_LIST_NEXT(buffer, link);
|
|
}
|
|
|
|
return (length);
|
|
}
|
|
|
|
unsigned int
|
|
isc_bufferlist_availablecount(isc_bufferlist_t *bl) {
|
|
isc_buffer_t *buffer;
|
|
unsigned int length;
|
|
|
|
REQUIRE(bl != NULL);
|
|
|
|
length = 0;
|
|
buffer = ISC_LIST_HEAD(*bl);
|
|
while (buffer != NULL) {
|
|
REQUIRE(ISC_BUFFER_VALID(buffer));
|
|
length += isc_buffer_availablelength(buffer);
|
|
buffer = ISC_LIST_NEXT(buffer, link);
|
|
}
|
|
|
|
return (length);
|
|
}
|