Commit 6adf421e authored by Mark Andrews's avatar Mark Andrews
Browse files

4510. [security] Named mishandled some responses where covering RRSIG

                        records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]
parent 2c1c4b99
......@@ -108,7 +108,10 @@
4511. [bug] win32: mdig.exe-BNFT was missing Configure. [RT #43554]
4510. [placeholder]
4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
[RT #43548]
4509. [test] Make the rrl system test more reliable on slower
machines by using mdig instead of dig. [RT #43280]
......
......@@ -6984,15 +6984,19 @@ answer_response(fetchctx_t *fctx) {
* a CNAME or DNAME).
*/
INSIST(!external);
if ((rdataset->type !=
dns_rdatatype_cname) ||
!found_dname ||
(aflag ==
DNS_RDATASETATTR_ANSWER))
/*
* Don't use found_cname here
* as we have just set it
* above.
*/
if (cname == NULL &&
!found_dname &&
aflag ==
DNS_RDATASETATTR_ANSWER)
{
have_answer = ISC_TRUE;
if (rdataset->type ==
dns_rdatatype_cname)
if (found_cname &&
cname == NULL)
cname = name;
name->attributes |=
DNS_NAMEATTR_ANSWER;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment