summaryrefslogtreecommitdiffstats
path: root/usr.sbin/bind/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@sthen2012-06-062-5/+10
| | | | | | | | | http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers.
* Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashessthen2011-11-171-2/+5
| | | | | | with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@
* fix an |= that should have been !=jsg2011-09-211-1/+1
| | | | | this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases
* fix some memset sizeofs, found by jsg. ok deraadt krwtedu2011-07-051-7/+7
|
* correct memsets of key contexts which were shorter than they needed to bederaadt2011-07-051-11/+5
| | | | | | due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream
* parse "nameserver [host]:port" syntax in /etc/resolv.confstsp2009-08-162-4/+38
| | | | ok deraadt@
* seperation -> separation; from Amarendra Godbolejmc2009-07-271-2/+2
|
* fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verificationdjm2009-01-141-1/+1
| | | | "please commit" miod@
* #if 0 a function which we have we do not use, and where the call to it is in #if 0 as wellderaadt2008-11-101-0/+2
|
* Update to BIND 9.4.2-P2 and adapt our dynamic select changes. OK deraadt@millert2008-08-0417-187/+487
|
* This log message is an excruiciating pain in the ass when it repeats 4000 times a second on a machine you need debug log on, and is actually used as a cacheing nameserver. remove just this one line of debug log to save people's sanitybeck2008-08-011-2/+1
| | | | ok djm@
* Dynamically allocate fd_sets so we are not limited to FD_SETSIZEmillert2008-07-163-53/+141
| | | | connections. With help from djm@. OK djm@
* retry port allocation on all errors, not just EADDRINUSE; ok jakob@djm2008-07-101-1/+1
|
* let the kernel choose the random port. code from djm@. ok markus@.jakob2008-07-091-0/+21
|
* reintroduce our own shuffle ID generator. ok djm@ millert@jakob2008-07-091-1/+4
|
* merge and resolve conflicts introduced by 9.4.2-P1jakob2008-07-094-497/+283
|
* remove an unused variable that is a leftover from the old alg.reyk2008-07-091-2/+1
| | | | ok deraadt@
* simplify math for arc4random_uniform() suggested bydjm2008-06-091-2/+2
| | | | | | Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound
* fix math screwup that reintroduced a bias for upper_bounds in rangedjm2008-06-041-1/+1
| | | | | | | (2^30,2^31). Nothing in the tree yet requests random numbers bounded by this range. report jakob!deraadt; ok deraadt@
* msg_controllen has to be CMSG_SPACE so that the kernel can account forderaadt2008-03-242-30/+18
| | | | | | | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
* CMSG_LEN and CMSG_SPACE are not neccessarily the same size. So if youderaadt2008-03-191-15/+27
| | | | | | are going to allocate/free a block of memory for the message contents, you have to calculate and track the sizes seperately. This change is just like all the other CMSG changes...
* Repair the simple cases for msg_controllen where it should just bederaadt2008-03-151-3/+3
| | | | | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
* Because the shuffle code initialisation is a specific case of shufflingdjm2008-03-151-8/+4
| | | | | | | | | a set of incrementing integers (and not an arbitrary set of values) it is possible to populate the array as we shuffle it in a single forward pass. Clever optimisation from didickman AT gmail.com; ok deraadt@ mcbride@ (same change as netinet/ip_id.c)
* Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toderaadt2008-03-131-7/+13
| | | | an extensive discussion with otto, kettenis, millert, and hshoexer
* introduce a isc_random_uniform() function to return a uniformly distributeddjm2008-03-023-10/+55
| | | | | | | number 0 < x <= upper_bound and use it to correct the last tiny bias in the shuffle initialisation feedback & ok deraadt@
* replacement algorithm. initialize a 64K-short buffer using Durstenfeldderaadt2008-02-296-277/+140
| | | | | | | | | | | | shuffle. Upon allocation, swap-permute the new value to a random slot in the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness but also satisfying the non-repeating property we need. Inspired by Dillon's implementation for ip id. We believe this is easier to read though, initializes with less bias and wins speed tests. Thanks a lot to mcbride and djm for doing a bunch of statistical and speed analysis, and comments from nordin ok jakob djm mcbride
* add IPv6 root serversjakob2008-02-071-4/+8
|
* more str fixes; from chl@jakob2007-12-131-3/+6
|
* str fixes; from chl@jakob2007-12-132-4/+4
|
* more strcpy fixesjakob2007-12-094-6/+6
|
* resolve conflictsjakob2007-12-09157-8173/+15899
|
* ISC BIND release 9.4.2jakob2007-12-09470-8406/+23219
|
* update IP address of L.ROOT-SERVERS.NET; fix PR#5629jakob2007-11-141-1/+1
|
* avoid potentially bad snprintf construct; ok henning millert ottopvalchev2007-06-011-2/+4
|
* More comment typos from Diego Casati. Including winners like funtion, allmost,krw2007-05-261-1/+1
| | | | oustside, seqencer, toghether, nessissary, etc.
* remove some bogus *p tests from charles longeautedu2007-03-202-2/+2
| | | | ok deraadt millert
* resolve conflicts with 9.3.4; SECURITY UPDATEjakob2007-01-253-12/+71
|
* ISC BIND release 9.3.4jakob2007-01-251-1/+11
|
* resolve conflicts and regen configure scriptjakob2007-01-1063-1287/+1636
|
* ISC BIND release 9.3.3jakob2007-01-1060-578/+1417
|
* Use S_IS* macros insted of masking with S_IF* flags. The latter mayotto2006-09-251-2/+2
| | | | | have multiple bits set, which leads to surprising results. Spotted by from Paul Stoeber, more to come. ok jaredy@
* security update to BIND 9.3.2-P1. ok miod@ and deraadt@jakob2006-09-051-21/+28
|
* Tyop fix: simultaniousmk2006-07-181-2/+2
|
* resolve conflictsjakob2006-04-0554-7050/+4551
|
* ISC BIND release 9.3.2jakob2006-04-0561-1397/+1761
|
* malloc(x * y) -> calloc(x, y) from adobriyan AT gmail.com, with tweaksdjm2006-04-021-2/+1
| | | | suggested by kjell@; ok otto@ pat@ millert@ jaredy@
* The patch addresses a problem with high-load resolvers whichbrad2005-08-211-2/+4
| | | | | | | | | hit memory barriers. Without this patch, running the resolving name server out of memory would lead to "unpredictable results." From glebius FreeBSD ok deraadt@ millert@ cloder@ krw@
* remove testsjakob2005-05-167-1004/+1
|
* setres[ug]id; ok jakob@djm2005-05-041-3/+3
|
* more vsnprintf checking. ok cloder@moritz2005-04-281-1/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.