Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 482997498f9f95c2819169698d08f0c7 > files > 30

bind-9.3.6-25.P1.el5_11.8.src.rpm

diff -up bind-9.3.6-P1/lib/dns/rdata.c.CVE-2012-1667 bind-9.3.6-P1/lib/dns/rdata.c
--- bind-9.3.6-P1/lib/dns/rdata.c.CVE-2012-1667	2012-06-04 18:24:53.741535104 +0200
+++ bind-9.3.6-P1/lib/dns/rdata.c	2012-06-04 18:25:16.015495186 +0200
@@ -328,8 +328,8 @@ dns_rdata_compare(const dns_rdata_t *rda
 
 	REQUIRE(rdata1 != NULL);
 	REQUIRE(rdata2 != NULL);
-	REQUIRE(rdata1->data != NULL);
-	REQUIRE(rdata2->data != NULL);
+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
 
diff -up bind-9.3.6-P1/lib/dns/rdataslab.c.CVE-2012-1667 bind-9.3.6-P1/lib/dns/rdataslab.c
--- bind-9.3.6-P1/lib/dns/rdataslab.c.CVE-2012-1667	2012-06-04 18:28:03.478195195 +0200
+++ bind-9.3.6-P1/lib/dns/rdataslab.c	2012-06-04 18:33:18.855634417 +0200
@@ -43,6 +43,11 @@ isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, unsigned int reservelen)
 {
+	/*
+	 * Use &removed as a sentinal pointer for duplicate
+	 * rdata as rdata.data == NULL is valid.
+	 */
+	static unsigned char removed;
 	dns_rdata_t    *rdatas;
 	unsigned char  *rawbuf;
 	unsigned int	buflen;
@@ -72,6 +77,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 		INSIST(result == ISC_R_SUCCESS);
 		dns_rdata_init(&rdatas[i]);
 		dns_rdataset_current(rdataset, &rdatas[i]);
+		INSIST(rdatas[i].data != &removed);
 		result = dns_rdataset_next(rdataset);
 	}
 	if (result != ISC_R_NOMORE)
@@ -97,8 +103,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 	 */
 	for (i = 1; i < nalloc; i++) {
 		if (compare_rdata(&rdatas[i-1], &rdatas[i]) == 0) {
-			rdatas[i-1].data = NULL;
-			rdatas[i-1].length = 0;
+			rdatas[i-1].data = &removed;
 			nitems--;
 		} else
 			buflen += (2 + rdatas[i-1].length);
@@ -138,7 +143,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
 	*rawbuf++ = (nitems & 0xff00) >> 8;
 	*rawbuf++ = (nitems & 0x00ff);
 	for (i = 0; i < nalloc; i++) {
-		if (rdatas[i].data == NULL)
+		if (rdatas[i].data == &removed)
 			continue;
 		*rawbuf++ = (rdatas[i].length & 0xff00) >> 8;
 		*rawbuf++ = (rdatas[i].length & 0x00ff);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional