From 49f5f89e437534bfcb1b624f3dc828a900ed1cb6 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Dec 03 2008 12:21:13 +0000 Subject: - fixed rare use-after-free problem in host utility (#452060) --- diff --git a/bind-95-rh452060.patch b/bind-95-rh452060.patch new file mode 100644 index 0000000..58808b0 --- /dev/null +++ b/bind-95-rh452060.patch @@ -0,0 +1,40 @@ +diff -up bind-9.5.0-P2/bin/dig/dighost.c.rh452060 bind-9.5.0-P2/bin/dig/dighost.c +--- bind-9.5.0-P2/bin/dig/dighost.c.rh452060 2008-12-01 22:30:01.000000000 +0100 ++++ bind-9.5.0-P2/bin/dig/dighost.c 2008-12-01 22:30:07.000000000 +0100 +@@ -1280,6 +1280,12 @@ clear_query(dig_query_t *query) { + + debug("clear_query(%p)", query); + ++ if (query->waiting_senddone) { ++ debug("send_done not yet called"); ++ query->pending_free = ISC_TRUE; ++ return; ++ } ++ + lookup = query->lookup; + + if (lookup->current_query == query) +@@ -1301,10 +1307,7 @@ clear_query(dig_query_t *query) { + isc_mempool_put(commctx, query->recvspace); + isc_buffer_invalidate(&query->recvbuf); + isc_buffer_invalidate(&query->lengthbuf); +- if (query->waiting_senddone) +- query->pending_free = ISC_TRUE; +- else +- isc_mem_free(mctx, query); ++ isc_mem_free(mctx, query); + } + + /*% +@@ -2175,9 +2178,9 @@ send_done(isc_task_t *_task, isc_event_t + isc_event_free(&event); + + if (query->pending_free) +- isc_mem_free(mctx, query); ++ clear_query(query); + +- check_if_done(); ++ check_next_lookup(l); + UNLOCK_LOOKUP; + } + diff --git a/bind.spec b/bind.spec index 1679efe..b2e8404 100644 --- a/bind.spec +++ b/bind.spec @@ -20,7 +20,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 35.%{PATCHVER}%{?dist} +Release: 35.1.%{PATCHVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -63,6 +63,7 @@ Patch91: bind-9.5-recv-race.patch Patch92: bind-9.5-edns.patch Patch94: bind95-rh457175.patch Patch95: bind95-rh454783.patch +Patch96: bind-95-rh452060.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -245,6 +246,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %patch91 -p1 -b .recv-race %patch92 -p1 -b .edns %patch94 -p1 -b .rh457175 +%patch96 -p1 -b .rh452060 # Sparc and s390 arches need to use -fPIE %ifarch sparcv9 sparc64 s390 s390x @@ -406,7 +408,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; done -/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.269 2008/08/06 09:59:26 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ +/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.270 2008/12/03 12:21:13 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ *\ * NOTE: you only need to create this file if it is to\ * differ from the following default contents: @@ -657,6 +659,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Tue Dec 02 2008 Adam Tkac 32:9.5.0-35.1.P2 +- fixed rare use-after-free problem in host utility (#452060) + * Wed Aug 06 2008 Adam Tkac 32:9.5.0-35.P2 - 9.5.0-P2 release - bind95-rh450995.patch was merged