--- 9.9.8-P4 released ---
+4319. [security] Fix resolver assertion failure due to improper
+ DNAME handling when parsing fetch reply messages.
+ (CVE-2016-1286) [RT #41753]
+
4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]
#41666]
</para>
</listitem>
+ <listitem>
+ <para>
+ The resolver could abort with an assertion failure due to
+ improper DNAME handling when parsing fetch reply
+ messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
+ </para>
+ </listitem>
</itemizedlist>
</sect2>
<sect2 id="relnotes_features">
isc_boolean_t found_dname = ISC_FALSE;
dns_name_t *dname_name;
+ /*
+ * Only pass DNAME or RRSIG(DNAME).
+ */
+ if (rdataset->type != dns_rdatatype_dname &&
+ (rdataset->type != dns_rdatatype_rrsig ||
+ rdataset->covers != dns_rdatatype_dname))
+ continue;
+
+ /*
+ * If we're not chaining, then the DNAME and
+ * its signature should not be external.
+ */
+ if (!chaining && external) {
+ log_formerr(fctx, "external DNAME");
+ return (DNS_R_FORMERR);
+ }
+
found = ISC_FALSE;
aflag = 0;
if (rdataset->type == dns_rdatatype_dname) {
- /*
- * We're looking for something else,
- * but we found a DNAME.
- *
- * If we're not chaining, then the
- * DNAME should not be external.
- */
- if (!chaining && external) {
- log_formerr(fctx,
- "external DNAME");
- return (DNS_R_FORMERR);
- }
found = ISC_TRUE;
want_chaining = ISC_TRUE;
POST(want_chaining);
&fctx->domain)) {
return (DNS_R_SERVFAIL);
}
- } else if (rdataset->type == dns_rdatatype_rrsig
- && rdataset->covers ==
- dns_rdatatype_dname) {
+ } else {
/*
* We've found a signature that
* covers the DNAME.
projects / thirdparty / bind9.git / commitdiff
