Bug#2819: named loses (in an easily fixed way) on 1.2.13 kernels
Package: bind
Version: 4.9.3-P1-2
When this version is run on a 1.2.13 system (yeah, yeah, I had to
force it against the explicit image dependency) the only thing that
doesn't work is zone-transfers, due to the code that attempts to clear
the IP options (which isn't handled by older kernels.)
Given that the *only* way getsockopt is going to fail is if there's
some kernel/libc synch problem, it might be better to treat the
failure as an indication that we don't *have* options support. A
simple patch (which I'm running with) follows.
The "risk" of this patch is that someone can get a zone transfer using
source routing to get around an xfer list, but if you don't have ip
options support you can't fix that hole anyway, and probably know
it. Please consider forwarding this to the upstream maintainers...
_Mark_ <eichin@cygnus.com>
Cygnus Support, Eastern USA
*** ns_main.c 1996/04/25 22:45:27 1.1
--- ns_main.c 1996/04/25 23:07:07
***************
*** 738,749 ****
len = sizeof ip_opts;
if (getsockopt(rfd, IPPROTO_IP, IP_OPTIONS,
(char *)ip_opts, &len) < 0) {
syslog(LOG_INFO,
"getsockopt(rfd, IP_OPTIONS): %m");
! (void) my_close(rfd);
! continue;
! }
! if (len != 0) {
nameserIncr(from_addr.sin_addr, nssRcvdOpts);
if (!haveComplained((char*)
from_addr.sin_addr.s_addr,
--- 738,748 ----
len = sizeof ip_opts;
if (getsockopt(rfd, IPPROTO_IP, IP_OPTIONS,
(char *)ip_opts, &len) < 0) {
+ /* getsockopt only fails if it isn't really
+ supported anyway... */
syslog(LOG_INFO,
"getsockopt(rfd, IP_OPTIONS): %m");
! } else if (len != 0) {
nameserIncr(from_addr.sin_addr, nssRcvdOpts);
if (!haveComplained((char*)
from_addr.sin_addr.s_addr,
Reply to: