Reject meta-classes in UPDATE and NOTIFY messages

NOTIFY and UPDATE messages must specify a data class in the
QUESTION/ZONE section.  NONE and ANY are meta-classes and not
appropriate here.  Return FORMERR if either is used.

Rejecting messages with a query class of NONE addresses YWH-PGM40640-72,
YWH-PGM40640-82, and YWH-PGM40640-83.  Rejecting messages with a query
class of ANY addresses YWH-PGM40640-87, YWH-PGM40640-88, and
YWH-PGM40640-117.

Fixes: isc-projects/bind9#5778
Fixes: isc-projects/bind9#5782
Fixes: isc-projects/bind9#5783
Fixes: isc-projects/bind9#5797
Fixes: isc-projects/bind9#5798
Fixes: isc-projects/bind9#5853
(cherry picked from commit 7de5160517ae69196d1c323b8627b267cdd10761)
(cherry picked from commit 3c44de9e6252ec1c7742ef02ecc0d6cbf1cde5e9)

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 225c9d7576ff2db438f8d4e9eefe53f062ddb840..1fc115261649beac953e65e962fe80b8a167f1bc 100644 (file)
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1087,6 +1087,17 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
                rdtype = isc_buffer_getuint16(source);
                rdclass = isc_buffer_getuint16(source);
 
+               /*
+                * Notify and update messages need to specify the data class.
+                */
+               if ((msg->opcode == dns_opcode_update ||
+                    msg->opcode == dns_opcode_notify) &&
+                   (rdclass == dns_rdataclass_none ||
+                    rdclass == dns_rdataclass_any))
+               {
+                       DO_ERROR(DNS_R_FORMERR);
+               }
+
                /*
                 * If this class is different than the one we already read,
                 * this is an error.