4575. [security] Dns64 with break-dnssec yes; can result in a

author Mark Andrews <marka@isc.org>

Wed, 15 Feb 2017 01:18:51 +0000 (12:18 +1100)

committer Mark Andrews <marka@isc.org>

Wed, 15 Feb 2017 01:22:53 +0000 (12:22 +1100)
author Mark Andrews <marka@isc.org>
Wed, 15 Feb 2017 01:18:51 +0000 (12:18 +1100)
committer Mark Andrews <marka@isc.org>
Wed, 15 Feb 2017 01:22:53 +0000 (12:22 +1100)
diff --git a/CHANGES b/CHANGES

index 454b3041d68398d99766367db5eca87050bc6d54..d2d63c5940b2dcf8efecc24ba64dd8efea3f6082 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4575.  [security]      Dns64 with break-dnssec yes; can result in a
+                       assertion failure. (CVE-2017-3136) [RT #44653]
+
         --- 9.11.1rc1 released ---
  
  4571.  [bug]           Out-of-tree builds of backtrace_test failed.
diff --git a/bin/named/query.c b/bin/named/query.c

index dd46d50ee59db1dc5bb6cfa822afea8d5bb412bf..3b71df55d1ec48897fb3eed94de9ff9b555f30b9 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -8740,6 +8740,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                         result = query_dns64(client, &fname, rdataset,
                                              sigrdataset, dbuf,
                                              DNS_SECTION_ANSWER);
+                       noqname = NULL;
                         dns_rdataset_disassociate(rdataset);
                         dns_message_puttemprdataset(client->message, &rdataset);
                         if (result == ISC_R_NOMORE) {
author	Mark Andrews <marka@isc.org>
	Wed, 15 Feb 2017 01:18:51 +0000 (12:18 +1100)
committer	Mark Andrews <marka@isc.org>
	Wed, 15 Feb 2017 01:22:53 +0000 (12:22 +1100)
CHANGES		patch \| blob \| blame \| history
bin/named/query.c		patch \| blob \| blame \| history