4510. [security] Named mishandled some responses where covering RRSIG

author Mark Andrews <marka@isc.org>

Thu, 29 Dec 2016 00:47:19 +0000 (11:47 +1100)

committer Mark Andrews <marka@isc.org>

Thu, 29 Dec 2016 00:52:46 +0000 (11:52 +1100)
author Mark Andrews <marka@isc.org>
Thu, 29 Dec 2016 00:47:19 +0000 (11:47 +1100)
committer Mark Andrews <marka@isc.org>
Thu, 29 Dec 2016 00:52:46 +0000 (11:52 +1100)
diff --git a/CHANGES b/CHANGES

index 1e4f74b87e444efa889ee8e8c7ea1a3bf4e16ae1..0e433597dabe1fc6665a4bed894d278c2eaa6fe7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -79,6 +79,11 @@
  4512.  [bug]           win32: @GEOIP_INC@ missing from delv.vcxproj.in.
                         [RT #43556]
  
+4510.  [security]      Named mishandled some responses where covering RRSIG
+                       records are returned without the requested data
+                       resulting in a assertion failure. (CVE-2016-9147)
+                       [RT #43548]
+
  4509.  [test]          Make the rrl system test more reliable on slower
                         machines by using mdig instead of dig. [RT #43280]
  
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index a013f19eeaa7ef735aefbc2a4b5036dbbaf5ead5..f044fbce449ef3b2797c863c3e8919283e44789b 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -6930,15 +6930,19 @@ answer_response(fetchctx_t *fctx) {
                                                  * a CNAME or DNAME).
                                                  */
                                                 INSIST(!external);
-                                               if ((rdataset->type !=
-                                                    dns_rdatatype_cname) ||
-                                                   !found_dname ||
-                                                   (aflag ==
-                                                    DNS_RDATASETATTR_ANSWER))
+                                               /*
+                                                * Don't use found_cname here
+                                                * as we have just set it
+                                                * above.
+                                                */
+                                               if (cname == NULL &&
+                                                   !found_dname &&
+                                                   aflag ==
+                                                    DNS_RDATASETATTR_ANSWER)
                                                 {
                                                         have_answer = ISC_TRUE;
-                                                       if (rdataset->type ==
-                                                           dns_rdatatype_cname)
+                                                       if (found_cname &&
+                                                           cname == NULL)
                                                                 cname = name;
                                                         name->attributes |=
                                                             DNS_NAMEATTR_ANSWER;
author	Mark Andrews <marka@isc.org>
	Thu, 29 Dec 2016 00:47:19 +0000 (11:47 +1100)
committer	Mark Andrews <marka@isc.org>
	Thu, 29 Dec 2016 00:52:46 +0000 (11:52 +1100)
CHANGES		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history