powerel7
/
web
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
267 Commits
1 Branch
0 Tags
2.3 MiB
 
 
 
 
 
 
Tree: 00787ca0fe
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '00787ca0fe'
${ noResults }
web/SOURCES/bind99-CVE-2016-9131.patch

37 lines
1.1 KiB
Raw Blame History

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 2bc4461..d9de369 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -6533,6 +6533,19 @@ answer_response(fetchctx_t *fctx) {
log_formerr(fctx, "NSEC3 in answer");
return (DNS_R_FORMERR);
}
+ if (rdataset->type == dns_rdatatype_tkey) {
+ /*
+ * TKEY is not a valid record in a
+ * response to any query we can make.
+ */
+ log_formerr(fctx, "TKEY in answer");
+ return (DNS_R_FORMERR);
+ }
+ if (rdataset->rdclass != fctx->res->rdclass) {
+ log_formerr(fctx, "Mismatched class "
+ "in answer");
+ return (DNS_R_FORMERR);
+ }
/*
* Apply filters, if given, on answers to reject
@@ -6719,6 +6732,12 @@ answer_response(fetchctx_t *fctx) {
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link))
{
+ if (rdataset->rdclass != fctx->res->rdclass) {
+ log_formerr(fctx, "Mismatched class "
+ "in answer");
+ return (DNS_R_FORMERR);
+ }
+
/*
* Only pass DNAME or RRSIG(DNAME).
*/