Sophie

Sophie

distrib > Mandriva > 2007.0 > i586 > by-pkgid > 9f02b6c9f3e77361860788510a3e932b > files > 12

bind-9.3.2-8.4mdv2007.0.src.rpm

--- bind-9.3.2/lib/dns/resolver.c.cve-2007-0493-0494	2007-01-29 13:35:48.000000000 -0700
+++ bind-9.3.2/lib/dns/resolver.c	2007-01-29 13:50:07.000000000 -0700
@@ -215,6 +215,11 @@
 	dns_name_t 			nsname; 
 	dns_fetch_t *			nsfetch;
 	dns_rdataset_t			nsrrset;
+
+	/*%
+	 * Number of queries that reference this context.
+	 */
+	unsigned int			nqueries;
 };
 
 #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
@@ -348,6 +353,7 @@
 				      dns_rdataset_t *ardataset,
 				      isc_result_t *eresultp);
 static void validated(isc_task_t *task, isc_event_t *event); 
+static void maybe_destroy(fetchctx_t *fctx);
 
 static isc_result_t
 valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
@@ -366,6 +372,9 @@
 	valarg->fctx = fctx;
 	valarg->addrinfo = addrinfo;
 
+	if (!ISC_LIST_EMPTY(fctx->validators))
+		INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
+
 	result = dns_validator_create(fctx->res->view, name, type, rdataset,
 				      sigrdataset, fctx->rmessage,
 				      valoptions, task, validated, valarg,
@@ -513,6 +522,9 @@
 
 	INSIST(query->tcpsocket == NULL);
 
+	query->fctx->nqueries--;
+	if (SHUTTINGDOWN(query->fctx))
+		maybe_destroy(query->fctx);	/* Locks bucket. */
 	query->magic = 0;
 	isc_mem_put(query->mctx, query, sizeof(*query));
 	*queryp = NULL;
@@ -971,6 +983,8 @@
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
+	INSIST(ISC_LIST_EMPTY(fctx->validators));
+
 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
 
 	query = isc_mem_get(res->mctx, sizeof(*query));
@@ -1084,6 +1098,7 @@
 	}
 
 	ISC_LIST_APPEND(fctx->queries, query, link);
+	query->fctx->nqueries++;
 
 	return (ISC_R_SUCCESS);
 
@@ -1530,7 +1545,7 @@
 			want_done = ISC_TRUE;
 		}
 	} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
-		   ISC_LIST_EMPTY(fctx->validators)) {
+		   fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
 		bucketnum = fctx->bucketnum;
 		LOCK(&res->buckets[bucketnum].lock);
 		/*
@@ -2384,8 +2399,8 @@
 	REQUIRE(ISC_LIST_EMPTY(fctx->finds));
 	REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
 	REQUIRE(fctx->pending == 0);
-	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
 	REQUIRE(fctx->references == 0);
+	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
 
 	FCTXTRACE("destroy");
 
@@ -2559,7 +2574,7 @@
 	}
 
 	if (fctx->references == 0 && fctx->pending == 0 &&
-	    ISC_LIST_EMPTY(fctx->validators))
+	    fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
 		bucket_empty = fctx_destroy(fctx);
 
 	UNLOCK(&res->buckets[bucketnum].lock);
@@ -2600,6 +2615,7 @@
 		 * pending ADB finds and no pending validations.
 		 */
 		INSIST(fctx->pending == 0);
+		INSIST(fctx->nqueries == 0);
 		INSIST(ISC_LIST_EMPTY(fctx->validators));
 		if (fctx->references == 0) {
 			/*
@@ -2761,6 +2777,7 @@
 	fctx->restarts = 0;
 	fctx->timeouts = 0;
 	fctx->attributes = 0;
+	fctx->nqueries = 0;
 
 	dns_name_init(&fctx->nsname, NULL);
 	fctx->nsfetch = NULL;
@@ -3083,12 +3100,21 @@
 	unsigned int bucketnum;
 	isc_boolean_t bucket_empty = ISC_FALSE;
 	dns_resolver_t *res = fctx->res;
+	dns_validator_t *validator;
 
 	REQUIRE(SHUTTINGDOWN(fctx));
 
-	if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
+	if (fctx->pending != 0 || fctx->nqueries != 0)
 		return;
 
+	for (validator = ISC_LIST_HEAD(fctx->validators);
+	     validator != NULL;
+	     validator = ISC_LIST_HEAD(fctx->validators)) {
+		ISC_LIST_UNLINK(fctx->validators, validator, link);
+		dns_validator_cancel(validator);
+		dns_validator_destroy(&validator);
+	}
+
 	bucketnum = fctx->bucketnum;
 	LOCK(&res->buckets[bucketnum].lock);
 	if (fctx->references == 0)
@@ -3219,7 +3245,9 @@
 		result = vevent->result;
 		add_bad(fctx, &addrinfo->sockaddr, result);
 		isc_event_free(&event);
-		if (sentresponse)
+		if (!ISC_LIST_EMPTY(fctx->validators))
+			dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+		else if (sentresponse)
 			fctx_done(fctx, result);
 		else
 			fctx_try(fctx);
@@ -3315,6 +3343,7 @@
 		 * more rdatasets that still need to
 		 * be validated.
 		 */
+		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
 		goto cleanup_event;
 	}
 
@@ -3623,6 +3652,13 @@
 							   rdataset,
 							   sigrdataset,
 							   valoptions, task);
+					/*
+					 * Defer any further validations.
+					 * This prevents multiple validators
+					 * from manipulating fctx->rmessage
+					 * simultaniously.
+					 */
+					valoptions |= DNS_VALIDATOR_DEFER;
 				}
 			} else if (CHAINING(rdataset)) {
 				if (rdataset->type == dns_rdatatype_cname)
@@ -6346,7 +6382,8 @@
 		/*
 		 * No one cares about the result of this fetch anymore.
 		 */
-		if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
+		if (fctx->pending == 0 && fctx->nqueries == 0 &&
+		    ISC_LIST_EMPTY(fctx->validators) &&
 		    SHUTTINGDOWN(fctx)) {
 			/*
 			 * This fctx is already shutdown; we were just
--- bind-9.3.2/lib/dns/validator.c.cve-2007-0493-0494	2007-01-29 13:35:48.000000000 -0700
+++ bind-9.3.2/lib/dns/validator.c	2007-01-29 13:38:03.000000000 -0700
@@ -2632,7 +2632,8 @@
 	ISC_LINK_INIT(val, link);
 	val->magic = VALIDATOR_MAGIC;
 
-	isc_task_send(task, ISC_EVENT_PTR(&event));
+	if ((options & DNS_VALIDATOR_DEFER) == 0)
+		isc_task_send(task, ISC_EVENT_PTR(&event));
 
 	*validatorp = val;
 
@@ -2650,6 +2651,21 @@
 }
 
 void
+dns_validator_send(dns_validator_t *validator) {
+	isc_event_t *event;
+	REQUIRE(VALID_VALIDATOR(validator));
+
+	LOCK(&validator->lock);
+
+	INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
+	event = (isc_event_t *)validator->event;
+	validator->options &= ~DNS_VALIDATOR_DEFER;
+	UNLOCK(&validator->lock);
+
+	isc_task_send(validator->task, ISC_EVENT_PTR(&event));
+}
+
+void
 dns_validator_cancel(dns_validator_t *validator) {
 	REQUIRE(VALID_VALIDATOR(validator));
 
@@ -2663,6 +2679,12 @@
 
 		if (validator->subvalidator != NULL)
 			dns_validator_cancel(validator->subvalidator);
+		if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
+			isc_task_t *task = validator->event->ev_sender;
+			validator->options &= ~DNS_VALIDATOR_DEFER;
+			isc_event_free((isc_event_t **)&validator->event);
+			isc_task_detach(&task);
+		}
 	}
 	UNLOCK(&validator->lock);
 }
--- bind-9.3.2/lib/dns/include/dns/validator.h.cve-2007-0493-0494	2007-01-29 13:35:48.000000000 -0700
+++ bind-9.3.2/lib/dns/include/dns/validator.h	2007-01-29 13:41:06.000000000 -0700
@@ -128,7 +128,11 @@
 	unsigned int			depth;
 };
 
+/*
+ * dns_validator_create() options.
+ */
 #define DNS_VALIDATOR_DLV 1
+#define DNS_VALIDATOR_DEFER 2U
 
 ISC_LANG_BEGINDECLS
 
@@ -173,6 +177,15 @@
  */
 
 void
+dns_validator_send(dns_validator_t *validator);
+/*%<
+ * Send a deferred validation request
+ *
+ * Requires:
+ *	'validator' to points to a valid DNSSEC validator.
+ */
+
+void
 dns_validator_cancel(dns_validator_t *validator);
 /*
  * Cancel a DNSSEC validation in progress.

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional