[bind/f20] Fix two issues
Tomas Hozza
thozza at fedoraproject.org
Wed Mar 5 13:55:33 UTC 2014
commit 608412023383863fc339df3c222025a1d6b90d15
Author: Tomas Hozza <thozza at redhat.com>
Date: Wed Mar 5 14:37:50 2014 +0100
Fix two issues
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
- Fix race condition when freeing fetch object (ISC-Bugs #35385)
Signed-off-by: Tomas Hozza <thozza at redhat.com>
bind-99-ISC-Bugs-35385.patch | 39 +++++++++++++++++++++++++++++++++++++++
bind-99-ISC-Bugs-35495.patch | 38 ++++++++++++++++++++++++++++++++++++++
bind.spec | 14 ++++++++++++--
3 files changed, 89 insertions(+), 2 deletions(-)
---
diff --git a/bind-99-ISC-Bugs-35385.patch b/bind-99-ISC-Bugs-35385.patch
new file mode 100644
index 0000000..a8795fb
--- /dev/null
+++ b/bind-99-ISC-Bugs-35385.patch
@@ -0,0 +1,39 @@
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 7023a82..d7f817c 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -351,6 +351,7 @@ typedef struct {
+
+ struct dns_fetch {
+ unsigned int magic;
++ isc_mem_t * mctx;
+ fetchctx_t * private;
+ };
+
+@@ -8416,6 +8417,8 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ fetch = isc_mem_get(res->mctx, sizeof(*fetch));
+ if (fetch == NULL)
+ return (ISC_R_NOMEMORY);
++ fetch->mctx = NULL;
++ isc_mem_attach(res->mctx, &fetch->mctx);
+
+ bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets;
+
+@@ -8506,7 +8509,7 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ FTRACE("created");
+ *fetchp = fetch;
+ } else
+- isc_mem_put(res->mctx, fetch, sizeof(*fetch));
++ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
+
+ return (result);
+ }
+@@ -8597,7 +8600,7 @@ dns_resolver_destroyfetch(dns_fetch_t **fetchp) {
+
+ UNLOCK(&res->buckets[bucketnum].lock);
+
+- isc_mem_put(res->mctx, fetch, sizeof(*fetch));
++ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
+ *fetchp = NULL;
+
+ if (bucket_empty)
diff --git a/bind-99-ISC-Bugs-35495.patch b/bind-99-ISC-Bugs-35495.patch
new file mode 100644
index 0000000..6b98e51
--- /dev/null
+++ b/bind-99-ISC-Bugs-35495.patch
@@ -0,0 +1,38 @@
+From 576f2f19067c0c974d1d39f92c51e5f3a08fc17f Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza at redhat.com>
+Date: Tue, 4 Mar 2014 16:34:21 +0100
+Subject: [PATCH] Return ISC_R_FAILURE if the API version check fails
+
+Signed-off-by: Tomas Hozza <thozza at redhat.com>
+---
+ bin/named/unix/dlz_dlopen_driver.c | 1 +
+ bin/named/win32/dlz_dlopen_driver.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c
+index 2ba8a02..62b6614 100644
+--- a/bin/named/unix/dlz_dlopen_driver.c
++++ b/bin/named/unix/dlz_dlopen_driver.c
+@@ -330,6 +330,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
+ "dlz_dlopen: incorrect version %d "
+ "should be %d in '%s'",
+ cd->version, DLZ_DLOPEN_VERSION, cd->dl_path);
++ result = ISC_R_FAILURE;
+ goto failed;
+ }
+
+diff --git a/bin/named/win32/dlz_dlopen_driver.c b/bin/named/win32/dlz_dlopen_driver.c
+index 0c192b4..62008c0 100644
+--- a/bin/named/win32/dlz_dlopen_driver.c
++++ b/bin/named/win32/dlz_dlopen_driver.c
+@@ -314,6 +314,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
+ "dlz_dlopen: incorrect version %d "
+ "should be %d in '%s'",
+ cd->version, DLZ_DLOPEN_VERSION, cd->dl_path);
++ result = ISC_R_FAILURE;
+ goto failed;
+ }
+
+--
+1.8.5.3
+
diff --git a/bind.spec b/bind.spec
index d7a8a05..49d3850 100644
--- a/bind.spec
+++ b/bind.spec
@@ -27,7 +27,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.4
-Release: 11.%{?PATCHVER}%{?PREVER}%{?dist}
+Release: 12.%{?PATCHVER}%{?PREVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -89,6 +89,10 @@ Patch140:bind99-ISC-Bugs-34870-v3.patch
# upstream applied patch for [ISC-Bugs #35073]
Patch141:bind99-ISC-Bugs-35073.patch
Patch142:bind99-ISC-Bugs-35080.patch
+# [ISC-Bugs #35495]
+Patch143:bind-99-ISC-Bugs-35495.patch
+# [ISC-Bugs #35385]
+Patch144:bind-99-ISC-Bugs-35385.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -291,6 +295,8 @@ popd
%patch140 -p1 -b .send_buffer
%patch141 -p1 -b .leak_35073
%patch142 -p1 -b .rbtdb_crash
+%patch143 -p1 -b .dlz_segfault
+%patch144 -p1 -b .fetch_race_cond
%if %{SDB}
%patch101 -p1 -b .old-api
@@ -581,7 +587,7 @@ if [ "$1" -gt 0 ]; then
fi
:;
-%triggerun -- bind < bind-9.9.0-0.6.rc1
+%triggerun -- bind < 32:9.9.0-0.6.rc1
/sbin/chkconfig --del named >/dev/null 2>&1 || :
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
@@ -809,6 +815,10 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Wed Mar 05 2014 Tomas Hozza <thozza at redhat.tom> 32:9.9.4-12.P2
+- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
+- Fix race condition when freeing fetch object (ISC-Bugs #35385)
+
* Tue Jan 14 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.4-11.P2
- Update to 9.9.4-P2 due to CVE-2014-0591
More information about the scm-commits
mailing list