2640. [security] A specially crafted update packet will cause named

                        to exit. [RT #20000]

diff --git a/CHANGES b/CHANGES
index b3ae949bc2cdd4db32ed9cce325755c3dc5489ef..bf9226bd100bbcd54ee1e561c3cf0c111f8fad7a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,5 @@
-2639.  [bug]           Silence compiler warnings in gssapi code. [RT #19954]
+2640.  [security]      A specially crafted update packet will cause named
+                       to exit. [RT #20000]
 
 2637.  [func]          Rationalize dnssec-signzone's signwithkey() calling.
                        [RT #19959]

diff --git a/bin/named/update.c b/bin/named/update.c
index f41298ddfc885de6eb24b967ebfbe09e99aa8f44..d1ca0997bd1cb4be56a62ee39027159556aaa958 100644 (file)
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.138.2.12 2009/04/30 07:01:21 marka Exp $ */
+/* $Id: update.c,v 1.138.2.13 2009/07/28 15:54:31 marka Exp $ */
 
 #include <config.h>
 
@@ -950,7 +950,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
                        if (type == dns_rdatatype_rrsig ||
                            type == dns_rdatatype_sig)
                                covers = dns_rdata_covers(&t->rdata);
-                       else
+                       else if (type == dns_rdatatype_any) {
+                               dns_db_detachnode(db, &node);
+                               dns_diff_clear(&trash);
+                               return (DNS_R_NXRRSET);
+                       } else
                                covers = 0;
 
                        /*