4468. [bug] Address ECS option handling issues. [RT #43191]

                        Note: Only the parts required to restore
                        interoperation with ECS clients have been
                        included in this security release.  The full
                        fix is included in BIND 9.10.5.

diff --git a/CHANGES b/CHANGES
index 2ce963d0757b4b687ae51e6d5e891e54f10ac1e8..dcf41531e408b8dcc7f0f85709d688f96d75ef82 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,12 @@
        --- 9.10.4-P3 released ---
 
+4468.  [bug]           Address ECS option handling issues. [RT #43191]
+
+                       Note: Only the parts required to restore
+                       interoperation with ECS clients have been
+                       included in this security release.  The full
+                       fix is included in BIND 9.10.5.
+
 4467.  [security]      It was possible to trigger a assertion when rendering
                        a message. (CVE-2016-2776) [RT #43139]
 

diff --git a/lib/dns/rdata/generic/opt_41.c b/lib/dns/rdata/generic/opt_41.c
index ea0e8cd44c267ddba0367da481e852419d7495c1..35b2526f74cb347992c08e1c6e9e8d3857933fee 100644 (file)
--- a/lib/dns/rdata/generic/opt_41.c
+++ b/lib/dns/rdata/generic/opt_41.c
@@ -134,9 +134,6 @@ fromwire_opt(ARGS_FROMWIRE) {
                        scope = uint8_fromregion(&sregion);
                        isc_region_consume(&sregion, 1);
 
-                       if (addrlen == 0U && family != 0U)
-                               return (DNS_R_OPTERR);
-
                        switch (family) {
                        case 0:
                                /*

diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c
index 2596d26dfde2c9a211272aa04aea4565ecc6f875..65ecb0cc71941edef342cbf8cb4d3c9b1ba9e8c6 100644 (file)
--- a/lib/dns/tests/rdata_test.c
+++ b/lib/dns/tests/rdata_test.c
@@ -105,7 +105,7 @@ ATF_TC_BODY(edns_client_subnet, tc) {
                          0x00, 0x08, 0x00, 0x04,
                          0x00, 0x01, 0x00, 0x00
                        },
-                       8, ISC_FALSE
+                       8, ISC_TRUE
                },
                {
                        /* Option code family 2 (ipv6) , source 0, scope 0 */
@@ -113,7 +113,7 @@ ATF_TC_BODY(edns_client_subnet, tc) {
                          0x00, 0x08, 0x00, 0x04,
                          0x00, 0x02, 0x00, 0x00
                        },
-                       8, ISC_FALSE
+                       8, ISC_TRUE
                },
                {
                        /* extra octet */