Reject meta-classes in UPDATE and NOTIFY messages

NOTIFY and UPDATE messages must specify a data class in the
QUESTION/ZONE section.  NONE and ANY are meta-classes and not
appropriate here.  Return FORMERR if either is used.

Rejecting messages with a query class of NONE addresses YWH-PGM40640-72,
YWH-PGM40640-82, and YWH-PGM40640-83.  Rejecting messages with a query
class of ANY addresses YWH-PGM40640-87, YWH-PGM40640-88, and
YWH-PGM40640-117.

Fixes: isc-projects/bind9#5778
Fixes: isc-projects/bind9#5782
Fixes: isc-projects/bind9#5783
Fixes: isc-projects/bind9#5797
Fixes: isc-projects/bind9#5798
Fixes: isc-projects/bind9#5853
(cherry picked from commit c66a1b1e1bfd6c79d7b9bc8d4a59e69f4faa1563)

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 541a854db0b35411803471b8fe7c09d408f3e927..38f564050026d57ac718aa2137cc47339d94876b 100644 (file)
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1080,6 +1080,17 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
                rdtype = isc_buffer_getuint16(source);
                rdclass = isc_buffer_getuint16(source);
 
+               /*
+                * Notify and update messages need to specify the data class.
+                */
+               if ((msg->opcode == dns_opcode_update ||
+                    msg->opcode == dns_opcode_notify) &&
+                   (rdclass == dns_rdataclass_none ||
+                    rdclass == dns_rdataclass_any))
+               {
+                       DO_ERROR(DNS_R_FORMERR);
+               }
+
                /*
                 * If this class is different than the one we already read,
                 * this is an error.