4575. [security] Dns64 with break-dnssec yes; can result in a

author Mark Andrews <marka@isc.org>

Wed, 15 Feb 2017 01:18:51 +0000 (12:18 +1100)

committer Mark Andrews <marka@isc.org>

Wed, 15 Feb 2017 01:24:33 +0000 (12:24 +1100)
author Mark Andrews <marka@isc.org>
Wed, 15 Feb 2017 01:18:51 +0000 (12:18 +1100)
committer Mark Andrews <marka@isc.org>
Wed, 15 Feb 2017 01:24:33 +0000 (12:24 +1100)
diff --git a/CHANGES b/CHANGES

index a15d7327f53f1a34d848792ecd16242860e4f50c..8f02fcc6396380dd9324e99f0bb86886b4a35017 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4575.  [security]      Dns64 with break-dnssec yes; can result in a
+                       assertion failure. (CVE-2017-3136) [RT #44653]
+
         --- 9.9.10rc1 released ---
  
  4571.  [bug]           Out-of-tree builds of backtrace_test failed.
diff --git a/bin/named/query.c b/bin/named/query.c

index 38e17c477e4715ce942c22febe4ee08c01310ea0..5e002d26f3ddc85b0f81d9dd8c53f6f5e230f1bf 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -7581,6 +7581,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                         result = query_dns64(client, &fname, rdataset,
                                              sigrdataset, dbuf,
                                              DNS_SECTION_ANSWER);
+                       noqname = NULL;
                         dns_rdataset_disassociate(rdataset);
                         dns_message_puttemprdataset(client->message, &rdataset);
                         if (result == ISC_R_NOMORE) {
author	Mark Andrews <marka@isc.org>
	Wed, 15 Feb 2017 01:18:51 +0000 (12:18 +1100)
committer	Mark Andrews <marka@isc.org>
	Wed, 15 Feb 2017 01:24:33 +0000 (12:24 +1100)
CHANGES		patch \| blob \| blame \| history
bin/named/query.c		patch \| blob \| blame \| history