summaryrefslogtreecommitdiffstats
path: root/usr.sbin/bind (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add a fix for CVE-2012-1667, backported from ISC BIND. ok millert@sthen2012-06-062-5/+10
| | | | | | | | | http://www.isc.org/software/bind/advisories/cve-2012-1667 Distinguish rdata removed by BIND due to duplication, from zero-length rdata received from a server. Otherwise a server supplying zero-length rdata sections can trigger crashes or possible memory disclosure to the client. Primarily affects recursive servers.
* Apply the patches from BIND upstream to mitigate cve-2011-4313 (crashessthen2011-11-172-13/+13
| | | | | | with INSIST(! dns_rdataset_isassociated(sigrdataset))). ok jakob@
* fix an |= that should have been !=jsg2011-09-211-1/+1
| | | | | this could cause a log message to trigger when it shouldn't have reported to isc (RT #24053) and now included in current bind releases
* fix some memset sizeofs, found by jsg. ok deraadt krwtedu2011-07-051-7/+7
|
* correct memsets of key contexts which were shorter than they needed to bederaadt2011-07-051-11/+5
| | | | | | due to sizeof pointer instead of sizeof of type with tedu; some quibbles spotted by miod, ok tedu miod jsg jakob -- please push this upstream
* Add missing #includes instead of assuming that some system header pulls inguenther2010-12-311-0/+1
| | | | | | the needed bits ok deraadt@, millert@
* Initialise the port in nslookup.c correctly. It was initialisedstsp2010-05-021-2/+7
| | | | | | to zero in interactive mode, should be 53. Second half of patch submission by Nathan Rickerby (pr 6322). ok krw
* Fix breakage of dig's -p option introduced when support forstsp2010-04-241-4/+17
| | | | | | | parsing the [host]:port syntax in resolv.conf was added. Patch by Nathan Rickerby <rickerby () gmail ! com>. Prodded by jmc, OK djm krw
* Add line breaks to the source to render an .RS display that got skipped;schwarze2010-02-201-1/+6
| | | | | | found by and unbreaking the build with mandoc(1). I will also send this patch upstream. ok jmc@
* parse "nameserver [host]:port" syntax in /etc/resolv.confstsp2009-08-166-17/+63
| | | | ok deraadt@
* apply patch for https://www.isc.org/node/474 since jakob does notderaadt2009-07-291-1/+5
| | | | appear to be around.
* seperation -> separation; from Amarendra Godbolejmc2009-07-271-2/+2
|
* fix CVE-2009-0025: incorrect check of DSA DNSSEC signature verificationdjm2009-01-141-1/+1
| | | | "please commit" miod@
* #if 0 a function which we have we do not use, and where the call to it is in #if 0 as wellderaadt2008-11-101-0/+2
|
* Update to BIND 9.4.2-P2 and adapt our dynamic select changes. OK deraadt@millert2008-08-0432-244/+653
|
* Don't print a warning when the random device cannot be opened ifmillert2008-08-031-10/+10
| | | | we have a pre-chroot random device. OK deraadt@ kettenis@
* This log message is an excruiciating pain in the ass when it repeats 4000 times a second on a machine you need debug log on, and is actually used as a cacheing nameserver. remove just this one line of debug log to save people's sanitybeck2008-08-011-2/+1
| | | | ok djm@
* Dynamically allocate fd_sets so we are not limited to FD_SETSIZEmillert2008-07-163-53/+141
| | | | connections. With help from djm@. OK djm@
* retry port allocation on all errors, not just EADDRINUSE; ok jakob@djm2008-07-101-1/+1
|
* let the kernel choose the random port. code from djm@. ok markus@.jakob2008-07-091-0/+21
|
* reintroduce our own shuffle ID generator. ok djm@ millert@jakob2008-07-091-1/+4
|
* merge and resolve conflicts introduced by 9.4.2-P1jakob2008-07-0910-523/+341
|
* remove an unused variable that is a leftover from the old alg.reyk2008-07-091-2/+1
| | | | ok deraadt@
* simplify math for arc4random_uniform() suggested bydjm2008-06-091-2/+2
| | | | | | Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound
* fix math screwup that reintroduced a bias for upper_bounds in rangedjm2008-06-041-1/+1
| | | | | | | (2^30,2^31). Nothing in the tree yet requests random numbers bounded by this range. report jakob!deraadt; ok deraadt@
* msg_controllen has to be CMSG_SPACE so that the kernel can account forderaadt2008-03-242-30/+18
| | | | | | | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
* CMSG_LEN and CMSG_SPACE are not neccessarily the same size. So if youderaadt2008-03-191-15/+27
| | | | | | are going to allocate/free a block of memory for the message contents, you have to calculate and track the sizes seperately. This change is just like all the other CMSG changes...
* Repair the simple cases for msg_controllen where it should just bederaadt2008-03-151-3/+3
| | | | | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
* Because the shuffle code initialisation is a specific case of shufflingdjm2008-03-151-8/+4
| | | | | | | | | a set of incrementing integers (and not an arbitrary set of values) it is possible to populate the array as we shuffle it in a single forward pass. Clever optimisation from didickman AT gmail.com; ok deraadt@ mcbride@ (same change as netinet/ip_id.c)
* Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toderaadt2008-03-131-7/+13
| | | | an extensive discussion with otto, kettenis, millert, and hshoexer
* introduce a isc_random_uniform() function to return a uniformly distributeddjm2008-03-023-10/+55
| | | | | | | number 0 < x <= upper_bound and use it to correct the last tiny bias in the shuffle initialisation feedback & ok deraadt@
* replacement algorithm. initialize a 64K-short buffer using Durstenfeldderaadt2008-02-297-280/+143
| | | | | | | | | | | | shuffle. Upon allocation, swap-permute the new value to a random slot in the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness but also satisfying the non-repeating property we need. Inspired by Dillon's implementation for ip id. We believe this is easier to read though, initializes with less bias and wins speed tests. Thanks a lot to mcbride and djm for doing a bunch of statistical and speed analysis, and comments from nordin ok jakob djm mcbride
* taht -> thatmbalmer2008-02-241-1/+1
|
* fix a type, taht -> that.mbalmer2008-02-241-2/+2
|
* add IPv6 root serversjakob2008-02-071-4/+8
|
* regenjakob2007-12-191-105/+46
|
* ref rndc-confgen(8); from Jean Rabyjakob2007-12-191-0/+3
|
* more str fixes; from chl@jakob2007-12-131-3/+6
|
* str fixes; from chl@jakob2007-12-133-7/+7
|
* nslookup(8) moved to nslookup(1)jakob2007-12-091-1/+1
|
* regen from named.docbookjakob2007-12-091-173/+78
|
* merge our command line changes to docbookjakob2007-12-091-3/+32
|
* more strcpy fixesjakob2007-12-094-6/+6
|
* regen using autoconf 2.61jakob2007-12-091-3533/+2214
|
* resolve conflictsjakob2007-12-09235-24431/+47400
|
* ISC BIND release 9.4.2jakob2007-12-09640-11324/+46149
|
* fix race condition, as reported by naddy@.espie2007-11-241-1/+6
| | | | | | | | On a sufficiently fast machine, the subdirs and the ${TARGETS} will be run simultaneously, and will fail. Since TARGETS can be empty, we need an extra dummy-target to make sure make does something sensible (this avoids bsd-specific constructs).
* update IP address of L.ROOT-SERVERS.NET; fix PR#5629jakob2007-11-141-1/+1
|
* make sure configure is done before we try building manpages.espie2007-11-031-1/+3
|
* avoid potentially bad snprintf construct; ok henning millert ottopvalchev2007-06-011-2/+4
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.