Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame] | 1 | From adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d Mon Sep 17 00:00:00 2001 |
| 2 | From: Mark Andrews <marka@isc.org> |
| 3 | Date: Thu, 25 Jun 2015 18:36:27 +1000 |
| 4 | Subject: [PATCH] 4146. [bug] Address reference leak that could |
| 5 | prevent a clean shutdown. [RT #37125] |
| 6 | |
| 7 | Upstream-Status: Backport |
| 8 | |
| 9 | https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d |
| 10 | |
| 11 | CVE: CVE-2015-8461 |
| 12 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 13 | --- |
| 14 | CHANGES | 3 +++ |
| 15 | lib/dns/resolver.c | 5 +++++ |
| 16 | 2 files changed, 8 insertions(+) |
| 17 | |
| 18 | Index: bind-9.10.2-P4/CHANGES |
| 19 | =================================================================== |
| 20 | --- bind-9.10.2-P4.orig/CHANGES |
| 21 | +++ bind-9.10.2-P4/CHANGES |
| 22 | @@ -1,3 +1,6 @@ |
| 23 | +4146. [bug] Address reference leak that could prevent a clean |
| 24 | + shutdown. [RT #37125] |
| 25 | + |
| 26 | 4260. [security] Insufficient testing when parsing a message allowed |
| 27 | records with an incorrect class to be be accepted, |
| 28 | triggering a REQUIRE failure when those records |
| 29 | Index: bind-9.10.2-P4/lib/dns/resolver.c |
| 30 | =================================================================== |
| 31 | --- bind-9.10.2-P4.orig/lib/dns/resolver.c |
| 32 | +++ bind-9.10.2-P4/lib/dns/resolver.c |
| 33 | @@ -1649,6 +1649,11 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr |
| 34 | if (query->dispatch != NULL) |
| 35 | dns_dispatch_detach(&query->dispatch); |
| 36 | |
| 37 | + LOCK(&res->buckets[fctx->bucketnum].lock); |
| 38 | + INSIST(fctx->references > 1); |
| 39 | + fctx->references--; |
| 40 | + UNLOCK(&res->buckets[fctx->bucketnum].lock); |
| 41 | + |
| 42 | cleanup_query: |
| 43 | if (query->connects == 0) { |
| 44 | query->magic = 0; |