4510. [security] Named mishandled some responses where covering RRSIG

author Mark Andrews <marka@isc.org>

Fri, 4 Nov 2016 05:07:01 +0000 (16:07 +1100)

committer Mark Andrews <marka@isc.org>

Fri, 4 Nov 2016 05:08:27 +0000 (16:08 +1100)
author Mark Andrews <marka@isc.org>
Fri, 4 Nov 2016 05:07:01 +0000 (16:07 +1100)
committer Mark Andrews <marka@isc.org>
Fri, 4 Nov 2016 05:08:27 +0000 (16:08 +1100)
diff --git a/CHANGES b/CHANGES

index f22301c7a9c395b27b6c59fe1b33638d26864125..efaa4efc10172546ba1335d312c904efea5117d9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
         --- 9.11.0-P2 released ---
  
+4510.  [security]      Named mishandled some responses where covering RRSIG
+                       records are returned without the requested data
+                       resulting in a assertion failure. (CVE-2016-9147)
+                       [RT #43548]
+
  4508.  [security]      Named incorrectly tried to cache TKEY records which
                         could trigger a assertion failure when there was
                         a class mismatch. (CVE-2016-9131) [RT #43522]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index 02048ee83327d3031402339d6478e2ca1d900168..f58bc8787abe0d3bc8914f5981ef76427f16ae24 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -6992,15 +6992,19 @@ answer_response(fetchctx_t *fctx) {
                                                  * a CNAME or DNAME).
                                                  */
                                                 INSIST(!external);
-                                               if ((rdataset->type !=
-                                                    dns_rdatatype_cname) ||
-                                                   !found_dname ||
-                                                   (aflag ==
-                                                    DNS_RDATASETATTR_ANSWER))
+                                               /*
+                                                * Don't use found_cname here
+                                                * as we have just set it
+                                                * above.
+                                                */
+                                               if (cname == NULL &&
+                                                   !found_dname &&
+                                                   aflag ==
+                                                    DNS_RDATASETATTR_ANSWER)
                                                 {
                                                         have_answer = ISC_TRUE;
-                                                       if (rdataset->type ==
-                                                           dns_rdatatype_cname)
+                                                       if (found_cname &&
+                                                           cname == NULL)
                                                                 cname = name;
                                                         name->attributes |=
                                                             DNS_NAMEATTR_ANSWER;
author	Mark Andrews <marka@isc.org>
	Fri, 4 Nov 2016 05:07:01 +0000 (16:07 +1100)
committer	Mark Andrews <marka@isc.org>
	Fri, 4 Nov 2016 05:08:27 +0000 (16:08 +1100)
CHANGES		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history