4575. [security] Dns64 with break-dnssec yes; can result in a

                        assertion failure. (CVE-2017-3136) [RT #44653]

diff --git a/CHANGES b/CHANGES
index 74036906b3e47932f7c82fd1f4b8d73ab6d384a7..324dd17fdd8ab1a2f8ba89cc6b70c7e7da5f9c8a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4575.  [security]      Dns64 with break-dnssec yes; can result in a
+                       assertion failure. (CVE-2017-3136) [RT #44653]
+
 4574.  [bug]           Dig leaked memory with multiple +subnet options.
                        [RT #44683]
 

diff --git a/bin/named/query.c b/bin/named/query.c
index 0cfdf9288fb16a8f991e7a31f3248118add691d5..5fd52f2b29e8fbedeb7e300a9256545e6cb23980 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -6984,6 +6984,7 @@ query_respond(query_ctx_t *qctx) {
 
        if (qctx->dns64) {
                result = query_dns64(qctx);
+               qctx->noqname = NULL;
                dns_rdataset_disassociate(qctx->rdataset);
                dns_message_puttemprdataset(qctx->client->message,
                                            &qctx->rdataset);
@@ -7110,7 +7111,7 @@ query_dns64(query_ctx_t *qctx) {
 
        result = isc_buffer_allocate(client->mctx, &buffer,
                                     view->dns64cnt * 16 *
-                                     dns_rdataset_count(qctx->rdataset));
+                                    dns_rdataset_count(qctx->rdataset));
        if (result != ISC_R_SUCCESS)
                goto cleanup;
        result = dns_message_gettemprdataset(client->message,