From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 25 May 2011 06:04:14 +0000 (+0000)
Subject:       - Fix assertion failure when unbound generates an empty error reply
X-Git-Tag: release-1.4.10^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a79861c86c62adfca69dcf07cc4035b216c4265d;p=thirdparty%2Funbound.git

  - Fix assertion failure when unbound generates an empty error reply
        in response to a query, CVE-2011-1922 VU#531342.
      - release 1.4.10.


git-svn-id: file:///svn/unbound/tags/release-1.4.10@2417 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 6d667f377..dff320fd0 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -777,6 +777,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
 		verbose(VERB_ALGO, "worker request: refused zone transfer.");
 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+		ldns_buffer_rewind(c->buffer);
 		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
 			LDNS_RCODE_REFUSED);
diff --git a/doc/Changelog b/doc/Changelog
index 372ee23d5..3d7866638 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+25 March 2011: Wouter
+	- Fix assertion failure when unbound generates an empty error reply
+	  in response to a query, CVE-2011-1922 VU#531342.
+	- release 1.4.10.
+
 24 March 2011: Wouter
 	- iana portlist updated.
 	- release 1.4.9.