rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind99-CVE-2016-9131.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   578297f94d3f6cfe0ef68c72bd64f0d45701fb36
  2.   SOURCES
  3.   bind99-CVE-2016-9131.patch
Blob History Raw
578297 
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
578297 
index 2bc4461..d9de369 100644
578297 
--- a/lib/dns/resolver.c
578297 
+++ b/lib/dns/resolver.c
578297 
@@ -6533,6 +6533,19 @@ answer_response(fetchctx_t *fctx) {
578297 
 					log_formerr(fctx, "NSEC3 in answer");
578297 
 					return (DNS_R_FORMERR);
578297 
 				}
578297 
+				if (rdataset->type == dns_rdatatype_tkey) {
578297 
+					/*
578297 
+					 * TKEY is not a valid record in a
578297 
+					 * response to any query we can make.
578297 
+					 */
578297 
+					log_formerr(fctx, "TKEY in answer");
578297 
+					return (DNS_R_FORMERR);
578297 
+				}
578297 
+				if (rdataset->rdclass != fctx->res->rdclass) {
578297 
+					log_formerr(fctx, "Mismatched class "
578297 
+						    "in answer");
578297 
+					return (DNS_R_FORMERR);
578297 
+				}
578297
578297 
 				/*
578297 
 				 * Apply filters, if given, on answers to reject
578297 
@@ -6719,6 +6732,12 @@ answer_response(fetchctx_t *fctx) {
578297 
 			     rdataset != NULL;
578297 
 			     rdataset = ISC_LIST_NEXT(rdataset, link))
578297 
 			{
578297 
+				if (rdataset->rdclass != fctx->res->rdclass) {
578297 
+					log_formerr(fctx, "Mismatched class "
578297 
+						    "in answer");
578297 
+					return (DNS_R_FORMERR);
578297 
+				}
578297 
+
578297 
 				/*
578297 
 				 * Only pass DNAME or RRSIG(DNAME).
578297 
 				 */

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation