Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/bind/patches/011-RT43522.patch
branchs11u3-sru
changeset 7592 12dea84f307b 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/patches/011-RT43522.patch	Mon Jan 23 11:25:04 2017 -0800
@@ -0,0 +1,66 @@
+This patch was derived from a source code patch provided by ISC to
+resolve ISC ticket RT #43522. [9.6-ESV-R11-S10]
+
+--- old/./CHANGES	Wed Jan 11 23:20:20 2017
++++ new/./CHANGES	Wed Jan 11 23:20:20 2017
+@@ -1,3 +1,9 @@
++	--- 9.6-ESV-R11-S10 released ---
++
++4508.	[security]	Named incorrectly tried to cache TKEY records which
++			could trigger a assertion failure when there was
++			a class mismatch. (CVE-2016-9131) [RT #43522]
++
+ 	--- 9.6-ESV-R11-S9 released ---
+ 
+ 4489.   [security]      It was possible to trigger assertions when processing
+--- old/lib/dns/resolver.c	Wed Jan 11 23:20:20 2017
++++ new/lib/dns/resolver.c	Wed Jan 11 23:20:20 2017
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (C) 2004-2016  Internet Systems Consortium, Inc. ("ISC")
+  * Copyright (C) 1999-2003  Internet Software Consortium.
+  *
+  * Permission to use, copy, modify, and/or distribute this software for any
+@@ -5848,6 +5848,25 @@
+ 					    ISC_LOG_NOTICE, "NSEC3 in answer");
+ 					return (DNS_R_FORMERR);
+ 				}
++				if (rdataset->type == dns_rdatatype_tkey) {
++					/*
++					 * TKEY is not a valid record in a
++					 * response to any query we can make.
++					 */
++					isc_log_write(dns_lctx,
++					    DNS_LOGCATEGORY_RESOLVER,
++					    DNS_LOGMODULE_RESOLVER,
++					    ISC_LOG_NOTICE, "TKEY in answer");
++					return (DNS_R_FORMERR);
++				}
++				if (rdataset->rdclass != fctx->res->rdclass) {
++					isc_log_write(dns_lctx,
++					    DNS_LOGCATEGORY_RESOLVER,
++					    DNS_LOGMODULE_RESOLVER,
++					    ISC_LOG_NOTICE, "Mismatched class "
++						    "in answer");
++					return (DNS_R_FORMERR);
++				}
+ 				if (rdataset->type == type && !found_cname) {
+ 					/*
+ 					 * We've found an ordinary answer.
+@@ -6017,6 +6036,15 @@
+ 			     rdataset != NULL;
+ 			     rdataset = ISC_LIST_NEXT(rdataset, link))
+ 			{
++				if (rdataset->rdclass != fctx->res->rdclass) {
++					isc_log_write(dns_lctx,
++					    DNS_LOGCATEGORY_RESOLVER,
++					    DNS_LOGMODULE_RESOLVER,
++					    ISC_LOG_NOTICE, "Mismatched class "
++						    "in answer");
++					return (DNS_R_FORMERR);
++				}
++
+ 				/*
+ 				 * Only pass DNAME or RRSIG(DNAME).
+ 				 */
upstream/oracle/userland-gate