From: Mark Andrews <marka@isc.org>
Date: Tue, 28 Jul 2009 15:54:31 +0000 (+0000)
Subject: 2640.   [security]      A specially crafted update packet will cause named
X-Git-Tag: v9.5.2b1~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fdf8bb9e4e7d13122bba851127a4a92fb1852b3d;p=thirdparty%2Fbind9.git

2640.   [security]      A specially crafted update packet will cause named
                        to exit. [RT #20000]
---

diff --git a/CHANGES b/CHANGES
index b3ae949bc2c..bf9226bd100 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,5 @@
-2639.	[bug]		Silence compiler warnings in gssapi code. [RT #19954]
+2640.	[security]	A specially crafted update packet will cause named
+			to exit. [RT #20000]
 
 2637.	[func]		Rationalize dnssec-signzone's signwithkey() calling.
 			[RT #19959]
diff --git a/bin/named/update.c b/bin/named/update.c
index f41298ddfc8..d1ca0997bd1 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.138.2.12 2009/04/30 07:01:21 marka Exp $ */
+/* $Id: update.c,v 1.138.2.13 2009/07/28 15:54:31 marka Exp $ */
 
 #include <config.h>
 
@@ -950,7 +950,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*