Fix named(8) DNSSEC validation Denial of Service.

Security:	FreeBSD-SA-12:05.bind
Security:	CVE-2012-3817
Obtained from:	ISC
Approved by:	so (simon)

3 files changed, 7 insertions, 3 deletions

diff --git a/UPDATING b/UPDATING
index b36591b8b989..49bbfe8f2dd9 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,9 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20120806:	p10	FreeBSD-SA-12:05.bind
+	Fix named(8) DNSSEC validation Denial of Service.
+
 20120612:	p9	FreeBSD-SA-12:03.bind
 			FreeBSD-SA-12:04.sysret
 	Fix a problem where zero-length RDATA fields can cause named to crash.
diff --git a/contrib/bind9/lib/dns/resolver.c b/contrib/bind9/lib/dns/resolver.c
index f14ac7fda535..5d0b4e9ee83a 100644
--- a/contrib/bind9/lib/dns/resolver.c
+++ b/contrib/bind9/lib/dns/resolver.c
@@ -7622,6 +7622,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 		}
 		bad->type = type;
 		bad->hashval = hashval;
+		bad->expire = *expire;
 		isc_buffer_init(&buffer, bad + 1, name->length);
 		dns_name_init(&bad->name, NULL);
 		dns_name_copy(name, &bad->name, &buffer);
@@ -7633,8 +7634,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 		if (resolver->badcount < resolver->badhash * 2 &&
 		    resolver->badhash > DNS_BADCACHE_SIZE)
 			resizehash(resolver, &now, ISC_FALSE);
-	}
-	bad->expire = *expire;
+	} else
+		bad->expire = *expire;
  cleanup:
 	UNLOCK(&resolver->lock);
 }
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 379844794e43..50b946b5e5d2 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="7.4"
-BRANCH="RELEASE-p9"
+BRANCH="RELEASE-p10"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi