From: Brian Wellington <source@isc.org>
Date: Tue, 5 Dec 2000 18:59:49 +0000 (+0000)
Subject: pullup:
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a5e1eb735f0787011613a51188a110d178c179a6;p=thirdparty%2Fbind9.git

pullup:
 555.   [bug]           Slave server attempting zone transfer could crash
                        with an assertion failure on certain malformed
                        responses from the master. [RT #457]
---

diff --git a/CHANGES b/CHANGES
index 98635410557..370437453a8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -16,6 +16,10 @@
  572.	[bug]		Quoted strings were not accepted as key names in
 			address match lists.
 
+ 555.	[bug]		Slave server attempting zone transfer could crash
+			with an assertion failure on certain malformed
+			responses from the master. [RT #457]
+
  554.	[bug]		In some cases, not all of the dnssec tools were
 			properly installed.
 
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index 9fec65638be..62176bb456f 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.79.2.6 2000/09/01 01:06:06 bwelling Exp $ */
+/* $Id: xfrin.c,v 1.79.2.7 2000/12/05 18:59:47 bwelling Exp $ */
 
 #include <config.h>
 
@@ -406,6 +406,11 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl,
  redo:
 	switch (xfr->state) {
 	case XFRST_SOAQUERY:
+		if (rdata->type != dns_rdatatype_soa) {
+			xfrin_log(xfr, ISC_LOG_ERROR,
+				  "non-SOA response to SOA query");
+			FAIL(DNS_R_FORMERR);
+		}
 		xfr->end_serial = dns_soa_getserial(rdata);
 		if (!DNS_SERIAL_GT(xfr->end_serial,
 				   xfr->ixfr.request_serial)) {