25371178 Upgrade Solaris to BIND 9.6-ESV-R11-S10
25360334 problem in SERVICE/DNS-SERVER
25382925 ISC's change 4489 broke the handling of CNAME -> DNAME in responses
This patch was derived from a source code patch provided by ISC to
resolve ISC ticket RT #43522. [9.6-ESV-R11-S10]
--- old/./CHANGES Wed Jan 11 23:20:20 2017
+++ new/./CHANGES Wed Jan 11 23:20:20 2017
@@ -1,3 +1,9 @@
+ --- 9.6-ESV-R11-S10 released ---
+
+4508. [security] Named incorrectly tried to cache TKEY records which
+ could trigger a assertion failure when there was
+ a class mismatch. (CVE-2016-9131) [RT #43522]
+
--- 9.6-ESV-R11-S9 released ---
4489. [security] It was possible to trigger assertions when processing
--- old/lib/dns/resolver.c Wed Jan 11 23:20:20 2017
+++ new/lib/dns/resolver.c Wed Jan 11 23:20:20 2017
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -5848,6 +5848,25 @@
ISC_LOG_NOTICE, "NSEC3 in answer");
return (DNS_R_FORMERR);
}
+ if (rdataset->type == dns_rdatatype_tkey) {
+ /*
+ * TKEY is not a valid record in a
+ * response to any query we can make.
+ */
+ isc_log_write(dns_lctx,
+ DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER,
+ ISC_LOG_NOTICE, "TKEY in answer");
+ return (DNS_R_FORMERR);
+ }
+ if (rdataset->rdclass != fctx->res->rdclass) {
+ isc_log_write(dns_lctx,
+ DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER,
+ ISC_LOG_NOTICE, "Mismatched class "
+ "in answer");
+ return (DNS_R_FORMERR);
+ }
if (rdataset->type == type && !found_cname) {
/*
* We've found an ordinary answer.
@@ -6017,6 +6036,15 @@
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link))
{
+ if (rdataset->rdclass != fctx->res->rdclass) {
+ isc_log_write(dns_lctx,
+ DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER,
+ ISC_LOG_NOTICE, "Mismatched class "
+ "in answer");
+ return (DNS_R_FORMERR);
+ }
+
/*
* Only pass DNAME or RRSIG(DNAME).
*/