Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src/external/bsd/bind/dist Pull up following revision(s) (req...
details: https://anonhg.NetBSD.org/src/rev/38646858c92c
branches: netbsd-6
changeset: 774352:38646858c92c
user: martin <martin%NetBSD.org@localhost>
date: Wed Jul 25 09:00:16 2012 +0000
description:
Pull up following revision(s) (requested by spz in ticket #442):
external/bsd/bind/dist/lib/dns/zone.c: revision 1.6
external/bsd/bind/dist/version: revision 1.2
external/bsd/bind/dist/CHANGES: revision 1.4
external/bsd/bind/dist/CHANGES: revision 1.5
external/bsd/bind/dist/lib/isc/include/isc/queue.h: revision 1.2
external/bsd/bind/dist/lib/isc/include/isc/queue.h: revision 1.3
external/bsd/bind/dist/bin/tests/system/stub/tests.sh: revision 1.2
external/bsd/bind/dist/lib/dns/resolver.c: revision 1.13
external/bsd/bind/dist/lib/dns/resolver.c: revision 1.14
Fixes for CVE-2012-3817 and CVE-2012-3868 from ISC:
--- 9.9.1-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
diffstat:
external/bsd/bind/dist/CHANGES | 15 ++
external/bsd/bind/dist/bin/tests/system/stub/tests.sh | 27 +++-
external/bsd/bind/dist/lib/dns/resolver.c | 7 +-
external/bsd/bind/dist/lib/dns/zone.c | 26 +++-
external/bsd/bind/dist/lib/isc/include/isc/queue.h | 105 ++++++++++++-----
external/bsd/bind/dist/version | 2 +-
6 files changed, 138 insertions(+), 44 deletions(-)
diffs (truncated from 347 to 300 lines):
diff -r 2bf08073022b -r 38646858c92c external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Sat Jul 21 00:05:42 2012 +0000
+++ b/external/bsd/bind/dist/CHANGES Wed Jul 25 09:00:16 2012 +0000
@@ -1,3 +1,18 @@
+ --- 9.9.1-P2 released ---
+
+3349. [bug] Change #3345 was incomplete. [RT #30233]
+
+3346. [security] Bad-cache data could be used before it was
+ initialized, causing an assert. [RT #30025]
+
+3345. [bug] Addressed race condition when removing the last item
+ or inserting the first item in an ISC_QUEUE.
+ [RT #29539]
+
+3342. [bug] Change #3314 broke saving of stub zones to disk
+ resulting in excessive cpu usage in some cases.
+ [RT #29952]
+
--- 9.9.1-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
diff -r 2bf08073022b -r 38646858c92c external/bsd/bind/dist/bin/tests/system/stub/tests.sh
--- a/external/bsd/bind/dist/bin/tests/system/stub/tests.sh Sat Jul 21 00:05:42 2012 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/stub/tests.sh Wed Jul 25 09:00:16 2012 +0000
@@ -21,14 +21,24 @@
. $SYSTEMTESTTOP/conf.sh
status=0
+echo "I:check that the stub zone has been saved to disk"
+for i in 1 2 3 4 5 6 7 8 9 20
+do
+ [ -f ns3/child.example.st ] && break
+ sleep 1
+done
+[ -f ns3/child.example.st ] || { status=1; echo "I:failed"; }
-echo "I:trying an axfr that should be denied (NOTAUTH)"
+for pass in 1 2
+do
+
+echo "I:trying an axfr that should be denied (NOTAUTH) (pass=$pass)"
ret=0
-$DIG +tcp data.child.example. @10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
+$DIG +tcp child.example. @10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
grep "; Transfer failed." dig.out.ns3 > /dev/null || ret=1
[ $ret = 0 ] || { status=1; echo "I:failed"; }
-echo "I:look for stub zone data without recursion (should not be found)"
+echo "I:look for stub zone data without recursion (should not be found) (pass=$pass)"
for i in 1 2 3 4 5 6 7 8 9
do
ret=0
@@ -41,11 +51,20 @@
$PERL ../digcomp.pl knowngood.dig.out.norec dig.out.ns3 || ret=1
[ $ret = 0 ] || { status=1; echo "I:failed"; }
-echo "I:look for stub zone data with recursion (should be found)"
+echo "I:look for stub zone data with recursion (should be found) (pass=$pass)"
ret=0
$DIG +tcp data.child.example. @10.53.0.3 txt -p 5300 > dig.out.ns3 || ret=1
$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns3 || ret=1
[ $ret = 0 ] || { status=1; echo "I:failed"; }
+[ $pass = 1 ] && {
+ echo "I:stopping stub server"
+ $PERL $SYSTEMTESTTOP/stop.pl . ns3
+
+ echo "I:re-starting stub server"
+ $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns3
+}
+done
+
echo "I:exit status: $status"
exit $status
diff -r 2bf08073022b -r 38646858c92c external/bsd/bind/dist/lib/dns/resolver.c
--- a/external/bsd/bind/dist/lib/dns/resolver.c Sat Jul 21 00:05:42 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/resolver.c Wed Jul 25 09:00:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.11.4.1 2012/06/05 21:15:04 bouyer Exp $ */
+/* $NetBSD: resolver.c,v 1.11.4.2 2012/07/25 09:00:17 martin Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
@@ -8452,6 +8452,7 @@
goto cleanup;
bad->type = type;
bad->hashval = hashval;
+ bad->expire = *expire;
isc_buffer_init(&buffer, bad + 1, name->length);
dns_name_init(&bad->name, NULL);
dns_name_copy(name, &bad->name, &buffer);
@@ -8463,8 +8464,8 @@
if (resolver->badcount < resolver->badhash * 2 &&
resolver->badhash > DNS_BADCACHE_SIZE)
resizehash(resolver, &now, ISC_FALSE);
- }
- bad->expire = *expire;
+ } else
+ bad->expire = *expire;
cleanup:
UNLOCK(&resolver->lock);
}
diff -r 2bf08073022b -r 38646858c92c external/bsd/bind/dist/lib/dns/zone.c
--- a/external/bsd/bind/dist/lib/dns/zone.c Sat Jul 21 00:05:42 2012 +0000
+++ b/external/bsd/bind/dist/lib/dns/zone.c Wed Jul 25 09:00:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: zone.c,v 1.4.4.1 2012/06/05 21:14:58 bouyer Exp $ */
+/* $NetBSD: zone.c,v 1.4.4.2 2012/07/25 09:00:16 martin Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
@@ -8527,6 +8527,7 @@
case dns_zone_slave:
case dns_zone_key:
case dns_zone_redirect:
+ case dns_zone_stub:
LOCK_ZONE(zone);
if (zone->masterfile != NULL &&
isc_time_compare(&now, &zone->dumptime) >= 0 &&
@@ -8920,7 +8921,7 @@
goto fail;
}
- if (compact) {
+ if (compact && zone->type != dns_zone_stub) {
dns_zone_t *dummy = NULL;
LOCK_ZONE(zone);
zone_iattach(zone, &dummy);
@@ -9826,7 +9827,7 @@
dns_zone_t *zone = NULL;
char master[ISC_SOCKADDR_FORMATSIZE];
char source[ISC_SOCKADDR_FORMATSIZE];
- isc_uint32_t nscnt, cnamecnt;
+ isc_uint32_t nscnt, cnamecnt, refresh, retry, expire;
isc_result_t result;
isc_time_t now;
isc_boolean_t exiting = ISC_FALSE;
@@ -9974,19 +9975,32 @@
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
if (zone->db == NULL)
zone_attachdb(zone, stub->db);
+ result = zone_get_from_db(zone, zone->db, NULL, NULL, NULL, &refresh,
+ &retry, &expire, NULL, NULL);
+ if (result == ISC_R_SUCCESS) {
+ zone->refresh = RANGE(refresh, zone->minrefresh,
+ zone->maxrefresh);
+ zone->retry = RANGE(retry, zone->minretry, zone->maxretry);
+ zone->expire = RANGE(expire, zone->refresh + zone->retry,
+ DNS_MAX_EXPIRE);
+ DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
dns_db_detach(&stub->db);
- if (zone->masterfile != NULL)
- zone_needdump(zone, 0);
-
dns_message_destroy(&msg);
isc_event_free(&event);
dns_request_destroy(&zone->request);
+
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
+ DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
isc_interval_set(&i, zone->expire, 0);
DNS_ZONE_TIME_ADD(&now, zone->expire, &zone->expiretime);
+
+ if (zone->masterfile != NULL)
+ zone_needdump(zone, 0);
+
zone_settimer(zone, &now);
goto free_stub;
diff -r 2bf08073022b -r 38646858c92c external/bsd/bind/dist/lib/isc/include/isc/queue.h
--- a/external/bsd/bind/dist/lib/isc/include/isc/queue.h Sat Jul 21 00:05:42 2012 +0000
+++ b/external/bsd/bind/dist/lib/isc/include/isc/queue.h Wed Jul 25 09:00:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: queue.h,v 1.1.1.1.2.2 2012/06/06 18:18:25 bouyer Exp $ */
+/* $NetBSD: queue.h,v 1.1.1.1.2.3 2012/07/25 09:00:18 martin Exp $ */
/*
* Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
@@ -16,12 +16,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id */
-
/*
* This is a generic implementation of a two-lock concurrent queue.
* There are built-in mutex locks for the head and tail of the queue,
* allowing elements to be safely added and removed at the same time.
+ *
+ * NULL is "end of list"
+ * -1 is "not linked"
*/
#ifndef ISC_QUEUE_H
@@ -36,67 +37,111 @@
#define ISC_QLINK_INSIST(x) (void)0
#endif
-#define ISC_QLINK(type) struct { void *next; isc_boolean_t linked; }
+#define ISC_QLINK(type) struct { void *prev, *next; }
+
#define ISC_QLINK_INIT(elt, link) \
do { \
- (elt)->link.next = (void *)(-1); \
- (elt)->link.linked = ISC_FALSE; \
+ (elt)->link.next = (elt)->link.prev = (void *)(-1); \
} while (0)
-#define ISC_QLINK_LINKED(elt, link) ((elt)->link.linked)
+
+#define ISC_QLINK_LINKED(elt, link) ((void*)(elt)->link.next != (void*)(-1))
#define ISC_QUEUE(type) struct { \
- type headnode; \
type *head, *tail; \
isc_mutex_t headlock, taillock; \
}
#define ISC_QUEUE_INIT(queue, link) \
do { \
+ isc_mutex_init(&(queue).taillock); \
isc_mutex_init(&(queue).headlock); \
- isc_mutex_init(&(queue).taillock); \
- (queue).head = (void *) &((queue).headnode); \
- (queue).tail = (void *) &((queue).headnode); \
- ISC_QLINK_INIT((queue).head, link); \
+ (queue).tail = (queue).head = NULL; \
} while (0)
-#define ISC_QUEUE_EMPTY(queue) ISC_TF((queue).head == (queue).tail)
+#define ISC_QUEUE_EMPTY(queue) ISC_TF((queue).head == NULL)
#define ISC_QUEUE_DESTROY(queue) \
do { \
ISC_QLINK_INSIST(ISC_QUEUE_EMPTY(queue)); \
+ isc_mutex_destroy(&(queue).taillock); \
isc_mutex_destroy(&(queue).headlock); \
- isc_mutex_destroy(&(queue).taillock); \
} while (0)
+/*
+ * queues are meant to separate the locks at either end. For best effect, that
+ * means keeping the ends separate - i.e. non-empty queues work best.
+ *
+ * a push to an empty queue has to take the pop lock to update
+ * the pop side of the queue.
+ * Popping the last entry has to take the push lock to update
+ * the push side of the queue.
+ *
+ * The order is (pop, push), because a pop is presumably in the
+ * latency path and a push is when we're done.
+ *
+ * We do an MT hot test in push to see if we need both locks, so we can
+ * acquire them in order. Hopefully that makes the case where we get
+ * the push lock and find we need the pop lock (and have to release it) rare.
+ *
+ * > 1 entry - no collision, push works on one end, pop on the other
+ * 0 entry - headlock race
+ * pop wins - return(NULL), push adds new as both head/tail
+ * push wins - updates head/tail, becomes 1 entry case.
+ * 1 entry - taillock race
+ * pop wins - return(pop) sets head/tail NULL, becomes 0 entry case
+ * push wins - updates {head,tail}->link.next, pop updates head
+ * with new ->link.next and doesn't update tail
+ *
+ */
#define ISC_QUEUE_PUSH(queue, elt, link) \
do { \
+ isc_boolean_t headlocked = ISC_FALSE; \
ISC_QLINK_INSIST(!ISC_QLINK_LINKED(elt, link)); \
- (elt)->link.next = (void *)(-1); \
+ if ((queue).head == NULL) { \
+ LOCK(&(queue).headlock); \
+ headlocked = ISC_TRUE; \
+ } \
LOCK(&(queue).taillock); \
- (queue).tail->link.next = elt; \
- (queue).tail = elt; \
+ if ((queue).tail == NULL && !headlocked) { \
+ UNLOCK(&(queue).taillock); \
+ LOCK(&(queue).headlock); \
+ LOCK(&(queue).taillock); \
+ headlocked = ISC_TRUE; \
+ } \
+ (elt)->link.prev = (queue).tail; \
+ (elt)->link.next = NULL; \
+ if ((queue).tail != NULL) \
+ (queue).tail->link.next = (elt); \
+ (queue).tail = (elt); \
UNLOCK(&(queue).taillock); \
- (elt)->link.linked = ISC_TRUE; \
+ if (headlocked) { \
+ if ((queue).head == NULL) \
+ (queue).head = (elt); \
+ UNLOCK(&(queue).headlock); \
+ } \
Home |
Main Index |
Thread Index |
Old Index