From: Mark Andrews <marka@isc.org>
Date: Tue, 3 Mar 2026 23:00:56 +0000 (+1100)
Subject: Reject meta-classes in UPDATE and NOTIFY messages
X-Git-Tag: v9.21.22~5^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=71221a1402ceaef3a1554801515dbbb6dfcee134;p=thirdparty%2Fbind9.git

Reject meta-classes in UPDATE and NOTIFY messages

NOTIFY and UPDATE messages must specify a data class in the
QUESTION/ZONE section.  NONE and ANY are meta-classes and not
appropriate here.  Return FORMERR if either is used.

Rejecting messages with a query class of NONE addresses YWH-PGM40640-72,
YWH-PGM40640-82, and YWH-PGM40640-83.  Rejecting messages with a query
class of ANY addresses YWH-PGM40640-87, YWH-PGM40640-88, and
YWH-PGM40640-117.

Fixes: isc-projects/bind9#5778
Fixes: isc-projects/bind9#5782
Fixes: isc-projects/bind9#5783
Fixes: isc-projects/bind9#5797
Fixes: isc-projects/bind9#5798
Fixes: isc-projects/bind9#5853
---

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 1a7181b1052..2dc904c3f11 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -972,6 +972,17 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
 		rdtype = isc_buffer_getuint16(source);
 		rdclass = isc_buffer_getuint16(source);
 
+		/*
+		 * Notify and update messages need to specify the data class.
+		 */
+		if ((msg->opcode == dns_opcode_update ||
+		     msg->opcode == dns_opcode_notify) &&
+		    (rdclass == dns_rdataclass_none ||
+		     rdclass == dns_rdataclass_any))
+		{
+			DO_ERROR(DNS_R_FORMERR);
+		}
+
 		/*
 		 * If this class is different than the one we already read,
 		 * this is an error.