diff options
| author | Tomas Hozza <thozza@redhat.com> | 2013-12-18 13:03:52 +0100 |
|---|---|---|
| committer | Tomas Hozza <thozza@redhat.com> | 2013-12-18 13:03:52 +0100 |
| commit | cfca698d2bf821b950cfd21f4c835b35de03115d (patch) | |
| tree | f5998abd92b0b936c158cbb001930f8ef0935645 | |
| parent | 7eb562bbab26218331bc2cc99a405e6730992dbb (diff) | |
| download | bind-cfca698d2bf821b950cfd21f4c835b35de03115d.tar.gz bind-cfca698d2bf821b950cfd21f4c835b35de03115d.tar.xz bind-cfca698d2bf821b950cfd21f4c835b35de03115d.zip | |
Fix crash in rbtdb after two sucessive getoriginnode() calls
Signed-off-by: Tomas Hozza <thozza@redhat.com>
| -rw-r--r-- | bind.spec | 7 | ||||
| -rw-r--r-- | bind99-ISC-Bugs-35080.patch | 42 |
2 files changed, 48 insertions, 1 deletions
@@ -30,7 +30,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 10%{?PATCHVER}%{?PREVER}%{?dist} +Release: 11%{?PATCHVER}%{?PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -94,6 +94,7 @@ Patch139:bind99-ISC-Bugs-34738.patch Patch140:bind99-ISC-Bugs-34870-v3.patch # upstream applied patch for [ISC-Bugs #35073] Patch141:bind99-ISC-Bugs-35073.patch +Patch142:bind99-ISC-Bugs-35080.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -310,6 +311,7 @@ popd %patch139 -p1 -b .journal %patch140 -p1 -b .send_buffer %patch141 -p1 -b .leak_35073 +%patch142 -p1 -b .rbtdb_crash %if %{SDB} %patch101 -p1 -b .old-api @@ -922,6 +924,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Wed Dec 18 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-11 +- Fix crash in rbtdb after two sucessive getoriginnode() calls + * Tue Dec 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-10 - Split chroot package for named and named-sdb - Extract setting-up/destroying of chroot to a separate systemd service (#997030) diff --git a/bind99-ISC-Bugs-35080.patch b/bind99-ISC-Bugs-35080.patch new file mode 100644 index 0000000..14c383f --- /dev/null +++ b/bind99-ISC-Bugs-35080.patch @@ -0,0 +1,42 @@ +commit 3a2ea636103eaf40404fb82f228605d384c36434 +Author: Mark Andrews <marka@isc.org> +Date: Tue Dec 17 09:08:59 2013 +1100 + + 3692. [bug] Two calls to dns_db_getoriginnode were fatal if there + was no data at the node. [RT #35080] + + (cherry picked from commit 161e803a5608956271d8120be37a1b383d14b647) + +diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c +index 2dd4aa0..941b77e 100644 +--- a/lib/dns/rbtdb.c ++++ b/lib/dns/rbtdb.c +@@ -1638,8 +1638,11 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + + nodelock = &rbtdb->node_locks[bucket]; + ++#define KEEP_NODE(n, r) \ ++ ((n)->data != NULL || (n)->down != NULL || (n) == (r)->origin_node) ++ + /* Handle easy and typical case first. */ +- if (!node->dirty && (node->data != NULL || node->down != NULL)) { ++ if (!node->dirty && KEEP_NODE(node, rbtdb)) { + dns_rbtnode_refdecrement(node, &nrefs); + INSIST((int)nrefs >= 0); + if (nrefs == 0) { +@@ -1708,12 +1711,11 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + isc_refcount_decrement(&nodelock->references, &refs); + INSIST((int)refs >= 0); + +- /* +- * XXXDCL should this only be done for cache zones? +- */ +- if (node->data != NULL || node->down != NULL) ++ if (KEEP_NODE(node, rbtdb)) + goto restore_locks; + ++#undef KEEP_NODE ++ + if (write_locked) { + /* + * We can now delete the node. |