4510. [security] Named mishandled some responses where covering RRSIG

author Mark Andrews <marka@isc.org>

Fri, 4 Nov 2016 05:07:01 +0000 (16:07 +1100)

committer Mark Andrews <marka@isc.org>

Fri, 4 Nov 2016 05:54:55 +0000 (16:54 +1100)
author Mark Andrews <marka@isc.org>
Fri, 4 Nov 2016 05:07:01 +0000 (16:07 +1100)
committer Mark Andrews <marka@isc.org>
Fri, 4 Nov 2016 05:54:55 +0000 (16:54 +1100)
diff --git a/CHANGES b/CHANGES

index 2b4dc6388861e5d793fce211cd7bfb9e16dacd07..8461a9a9ffd7b7d8286c64a60a12c823a93f2238 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
         --- 9.10.4-P5 released ---
  
+4510.  [security]      Named mishandled some responses where covering RRSIG
+                       records are returned without the requested data
+                       resulting in a assertion failure. (CVE-2016-9147)
+                       [RT #43548]
+
  4508.  [security]      Named incorrectly tried to cache TKEY records which
                         could trigger a assertion failure when there was
                         a class mismatch. (CVE-2016-9131) [RT #43522]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index afce9dfa67d2310c58a50ba22ed9b54e62c3ba96..90a419cc2a0dc21fa53134a5c29a8006300acde7 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -6934,15 +6934,19 @@ answer_response(fetchctx_t *fctx) {
                                                  * a CNAME or DNAME).
                                                  */
                                                 INSIST(!external);
-                                               if ((rdataset->type !=
-                                                    dns_rdatatype_cname) ||
-                                                   !found_dname ||
-                                                   (aflag ==
-                                                    DNS_RDATASETATTR_ANSWER))
+                                               /*
+                                                * Don't use found_cname here
+                                                * as we have just set it
+                                                * above.
+                                                */
+                                               if (cname == NULL &&
+                                                   !found_dname &&
+                                                   aflag ==
+                                                    DNS_RDATASETATTR_ANSWER)
                                                 {
                                                         have_answer = ISC_TRUE;
-                                                       if (rdataset->type ==
-                                                           dns_rdatatype_cname)
+                                                       if (found_cname &&
+                                                           cname == NULL)
                                                                 cname = name;
                                                         name->attributes |=
                                                             DNS_NAMEATTR_ANSWER;
author	Mark Andrews <marka@isc.org>
	Fri, 4 Nov 2016 05:07:01 +0000 (16:07 +1100)
committer	Mark Andrews <marka@isc.org>
	Fri, 4 Nov 2016 05:54:55 +0000 (16:54 +1100)
CHANGES		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history