Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/bind/patches/011-RT43522.patch
author Ben Chang <Benjamin.Chang@Oracle.COM>
Mon, 23 Jan 2017 11:25:04 -0800
branchs11u3-sru
changeset 7592 12dea84f307b
permissions -rw-r--r--
25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10 25360334 problem in SERVICE/DNS-SERVER 25382925 ISC's change 4489 broke the handling of CNAME -> DNAME in responses

This patch was derived from a source code patch provided by ISC to
resolve ISC ticket RT #43522. [9.6-ESV-R11-S10]

--- old/./CHANGES	Wed Jan 11 23:20:20 2017
+++ new/./CHANGES	Wed Jan 11 23:20:20 2017
@@ -1,3 +1,9 @@
+	--- 9.6-ESV-R11-S10 released ---
+
+4508.	[security]	Named incorrectly tried to cache TKEY records which
+			could trigger a assertion failure when there was
+			a class mismatch. (CVE-2016-9131) [RT #43522]
+
 	--- 9.6-ESV-R11-S9 released ---
 
 4489.   [security]      It was possible to trigger assertions when processing
--- old/lib/dns/resolver.c	Wed Jan 11 23:20:20 2017
+++ new/lib/dns/resolver.c	Wed Jan 11 23:20:20 2017
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -5848,6 +5848,25 @@
 					    ISC_LOG_NOTICE, "NSEC3 in answer");
 					return (DNS_R_FORMERR);
 				}
+				if (rdataset->type == dns_rdatatype_tkey) {
+					/*
+					 * TKEY is not a valid record in a
+					 * response to any query we can make.
+					 */
+					isc_log_write(dns_lctx,
+					    DNS_LOGCATEGORY_RESOLVER,
+					    DNS_LOGMODULE_RESOLVER,
+					    ISC_LOG_NOTICE, "TKEY in answer");
+					return (DNS_R_FORMERR);
+				}
+				if (rdataset->rdclass != fctx->res->rdclass) {
+					isc_log_write(dns_lctx,
+					    DNS_LOGCATEGORY_RESOLVER,
+					    DNS_LOGMODULE_RESOLVER,
+					    ISC_LOG_NOTICE, "Mismatched class "
+						    "in answer");
+					return (DNS_R_FORMERR);
+				}
 				if (rdataset->type == type && !found_cname) {
 					/*
 					 * We've found an ordinary answer.
@@ -6017,6 +6036,15 @@
 			     rdataset != NULL;
 			     rdataset = ISC_LIST_NEXT(rdataset, link))
 			{
+				if (rdataset->rdclass != fctx->res->rdclass) {
+					isc_log_write(dns_lctx,
+					    DNS_LOGCATEGORY_RESOLVER,
+					    DNS_LOGMODULE_RESOLVER,
+					    ISC_LOG_NOTICE, "Mismatched class "
+						    "in answer");
+					return (DNS_R_FORMERR);
+				}
+
 				/*
 				 * Only pass DNAME or RRSIG(DNAME).
 				 */
upstream/oracle/userland-gate