This patch was obtained from ISC for 9.6-ESV-R11-P2. The patch can
only be obtained from [email protected] on an as needed
basis.
--- a/CHANGES Thu Jul 23 10:45:58 2015
+++ b/CHANGES Thu Jul 23 10:45:58 2015
@@ -1,3 +1,9 @@
+ --- 9.6-ESV-R11-P2 released ---
+
+4165. [security] A failure to reset a value to NULL in tkey.c could
+ result in an assertion failure. (CVE-2015-5477)
+ [RT #40046]
+
--- 9.6-ESV-R11-P1 released ---
4006. [security] A flaw in delegation handling could be exploited
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 66210d5..34ad90b 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -654,6 +654,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
* Try the answer section, since that's where Win2000
* puts it.
*/
+ name = NULL;
if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
dns_rdatatype_tkey, 0, &name,
&tkeyset) != ISC_R_SUCCESS) {
diff --git version version
index 1be3c16..2058444 100644
--- a/version
+++ b/version
@@ -10,4 +10,4 @@ MINORVER=6
PATCHVER=
RELEASETYPE=-ESV
RELEASEVER=-R11
-EXTENSIONS=-P1
+EXTENSIONS=-P2