From: Mark Andrews <marka@isc.org>
Date: Tue, 28 Jul 2009 15:51:31 +0000 (+0000)
Subject: 2640.   [security]      A specially crafted update packet will cause named
X-Git-Tag: v9.6.1-P1^2~1^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcf7d085b9812a77195b41c3781dd59ea418cca3;p=thirdparty%2Fbind9.git

2640.   [security]      A specially crafted update packet will cause named
                        to exit. [RT #20000]
---

diff --git a/CHANGES b/CHANGES
index 674f88c6fc1..65ae7de6826 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,5 @@
-2639.	[bug]		Silence compiler warnings in gssapi code. [RT #19954]
+2640.	[security]	A specially crafted update packet will cause named
+			to exit. [RT #20000]
 
 2637.	[func]		Rationalize dnssec-signzone's signwithkey() calling.
 			[RT #19959]
diff --git a/bin/named/update.c b/bin/named/update.c
index 1ff8f0c9e69..0004e1662ad 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.151.12.6 2009/06/22 03:29:20 marka Exp $ */
+/* $Id: update.c,v 1.151.12.7 2009/07/28 15:51:31 marka Exp $ */
 
 #include <config.h>
 
@@ -979,7 +979,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*