[Midnightbsd-cvs] src [6963] stable/0.5/contrib/bind98/lib/dns/zone.c: BIND servers which are configured to perform DNSSEC validation and which
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Feb 25 09:30:34 EST 2015
Revision: 6963
http://svnweb.midnightbsd.org/src/?rev=6963
Author: laffer1
Date: 2015-02-25 09:30:33 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
BIND servers which are configured to perform DNSSEC validation and which
are using managed keys (which occurs implicitly when using
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
unpredictable behavior due to the use of an improperly initialized
variable.
CVE-2015-1349
Modified Paths:
--------------
stable/0.5/contrib/bind98/lib/dns/zone.c
Modified: stable/0.5/contrib/bind98/lib/dns/zone.c
===================================================================
--- stable/0.5/contrib/bind98/lib/dns/zone.c 2015-02-06 13:57:11 UTC (rev 6962)
+++ stable/0.5/contrib/bind98/lib/dns/zone.c 2015-02-25 14:30:33 UTC (rev 6963)
@@ -7873,6 +7873,12 @@
namebuf, tag);
trustkey = ISC_TRUE;
}
+ } else {
+ /*
+ * No previously known key, and the key is not
+ * secure, so skip it.
+ */
+ continue;
}
/* Delete old version */
@@ -7921,7 +7927,7 @@
trust_key(zone, keyname, &dnskey, mctx);
}
- if (!deletekey)
+ if (secure && !deletekey)
set_refreshkeytimer(zone, &keydata, now);
}
More information about the Midnightbsd-cvs
mailing list