2640. [security] A specially crafted update packet will cause named

                        to exit. [RT #20000]

diff --git a/CHANGES b/CHANGES
index dd536ccccb0d8a8c297d2fd792604ac5517190a1..b07c529138090e6bb9edb55dd80dc064917cf3e3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,5 @@
-2637.  [func]          Rationalize dnssec-signzone's signwithkey() calling.
+2640.  [security]      A specially crafted update packet will cause named
+                       to exit. [RT #20000]
                        [RT #19959]
 
 2635.  [bug]           isc_inet_ntop() incorrectly handled 0.0/16 addresses.

diff --git a/bin/named/update.c b/bin/named/update.c
index 1aabe9c5e5e9b501cdb6808e618206e0fd24c479..fddebe35980429c8a3130c701f32d22c65f16568 100644 (file)
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.109.18.32 2009/04/30 07:02:57 marka Exp $ */
+/* $Id: update.c,v 1.109.18.33 2009/07/28 15:57:26 marka Exp $ */
 
 #include <config.h>
 
@@ -904,7 +904,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
                        if (type == dns_rdatatype_rrsig ||
                            type == dns_rdatatype_sig)
                                covers = dns_rdata_covers(&t->rdata);
-                       else
+                       else if (type == dns_rdatatype_any) {
+                               dns_db_detachnode(db, &node);
+                               dns_diff_clear(&trash);
+                               return (DNS_R_NXRRSET);
+                       } else
                                covers = 0;
 
                        /*