Re: BIND 9.3.4-2 backport of 9.4.1's fix

[LaMont Jones <lamont@debian.org>]

CVE-2007-2241

On Mon, Apr 30, 2007 at 06:37:36PM -0600, LaMont Jones wrote:
> Here's a diff that backports the security fix in bind 9.4.1 to bind
> 9.3.4.  I dug around a bit and found no CVE for it yet...
> 
> lamont
> 
> --- orig/CHANGES
> +++ mod/CHANGES
> @@ -1,3 +1,5 @@
> +2172.	[bug]		query_addsoa() was being called with a non zone db.
> +			[RT #16834]
>  
>  	--- 9.3.4 released ---
>  
> 
> 
> --- orig/bin/named/query.c
> +++ mod/bin/named/query.c
> @@ -3212,6 +3212,21 @@
>  				 * an error unless we were searching for
>  				 * glue.  Ugh.
>  				 */
> +				if (!is_zone) {
> +					authoritative = ISC_FALSE;
> +					dns_rdatasetiter_destroy(&rdsiter);
> +					if (RECURSIONOK(client)) {
> +						result = query_recurse(client,
> +								       qtype,
> +								       NULL,
> +								       NULL);
> +						if (result == ISC_R_SUCCESS)
> +						    client->query.attributes |=
> +							NS_QUERYATTR_RECURSING;
> +						else
> +						    QUERY_ERROR(DNS_R_SERVFAIL);					}
> +					goto addauth;
> +				}
>  				/*
>  				 * We were searching for SIG records in
>  				 * a nonsecure zone.  Send a "no error,
> 
> 
> --- orig/debian/changelog
> +++ mod/debian/changelog
> @@ -1,3 +1,9 @@
> +bind9 (1:9.3.4-2+etch1) stable; urgency=low
> +
> +  * Backport security fix from 9.4.1
> +
> + -- LaMont Jones <lamont@debian.org>  Mon, 30 Apr 2007 18:29:40 -0600
> +
>  bind9 (1:9.3.4-2) unstable; urgency=high
>  
>    * Actually really do the merge of 9.3.4.  Sigh.  Closes: #408925
> 
>