Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Nov 2011 00:55:17 +0400
From: Solar Designer <>
Subject: Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c

Speaking of BIND 9.3.x:

On Thu, Nov 17, 2011 at 10:43:51PM +0400, Solar Designer wrote:
> So do we (distro vendors) choose to go ahead and release updates with
> just those changes for now?

Red Hat has just released an update for 9.3.6 in RHEL5:


Meanwhile, per my further analysis, BIND 9.3.x's affected code in
query.c is only reached if the dnssec-enable option is set to yes,
regardless of whether the build of BIND includes full DNSSEC support
(is linked against OpenSSL) or not.

In 9.4.x+, it probably does not take "dnssec-enable yes" to make the
issue triggerable, because of the added query_addadditional2() function
with an extra instance of the assertion.  This extra function does not
have the same check for DNSSEC being enabled that query_addadditional()
does.  Here's query_addadditional()'s check in 9.3.x:

	if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype))
		return (ISC_R_SUCCESS);

where WANTDNSSEC() is:

#define WANTDNSSEC(c)           (((c)->attributes & \
                                  NS_CLIENTATTR_WANTDNSSEC) != 0)

where the NS_CLIENTATTR_WANTDNSSEC flag is set when:

	if (!client->view->enablednssec) {
		message->flags &= ~DNS_MESSAGEFLAG_CD;
		client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
	if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0)
		client->attributes |= NS_CLIENTATTR_WANTDNSSEC;

where server.c sets:

	result = ns_config_get(maps, "dnssec-enable", &obj);
	view->enablednssec = cfg_obj_asboolean(obj);

I hope I am not misreading this.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.