blob: 88e9c83421f2390fcf152596228b03e0612dc37b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 25 Jun 2015 18:36:27 +1000
Subject: [PATCH] 4146. [bug] Address reference leak that could
prevent a clean shutdown. [RT #37125]
Upstream-Status: Backport
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d
CVE: CVE-2015-8461
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
CHANGES | 3 +++
lib/dns/resolver.c | 5 +++++
2 files changed, 8 insertions(+)
Index: bind-9.10.2-P4/CHANGES
===================================================================
--- bind-9.10.2-P4.orig/CHANGES
+++ bind-9.10.2-P4/CHANGES
@@ -1,3 +1,6 @@
+4146. [bug] Address reference leak that could prevent a clean
+ shutdown. [RT #37125]
+
4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
Index: bind-9.10.2-P4/lib/dns/resolver.c
===================================================================
--- bind-9.10.2-P4.orig/lib/dns/resolver.c
+++ bind-9.10.2-P4/lib/dns/resolver.c
@@ -1649,6 +1649,11 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr
if (query->dispatch != NULL)
dns_dispatch_detach(&query->dispatch);
+ LOCK(&res->buckets[fctx->bucketnum].lock);
+ INSIST(fctx->references > 1);
+ fctx->references--;
+ UNLOCK(&res->buckets[fctx->bucketnum].lock);
+
cleanup_query:
if (query->connects == 0) {
query->magic = 0;
|
