BIND 9.3.4-2 backport of 9.4.1's fix

To: debian-security@lists.debian.org
Subject: BIND 9.3.4-2 backport of 9.4.1's fix
From: LaMont Jones <lamont@debian.org>
Date: Mon, 30 Apr 2007 18:37:36 -0600
Message-id: <20070501003736.GA5300@mix.mmjgroup.com>
Mail-followup-to: LaMont Jones <lamont@debian.org>, debian-security@lists.debian.org

Here's a diff that backports the security fix in bind 9.4.1 to bind
9.3.4.  I dug around a bit and found no CVE for it yet...

lamont

--- orig/CHANGES
+++ mod/CHANGES
@@ -1,3 +1,5 @@
+2172.	[bug]		query_addsoa() was being called with a non zone db.
+			[RT #16834]
 
 	--- 9.3.4 released ---
 


--- orig/bin/named/query.c
+++ mod/bin/named/query.c
@@ -3212,6 +3212,21 @@
 				 * an error unless we were searching for
 				 * glue.  Ugh.
 				 */
+				if (!is_zone) {
+					authoritative = ISC_FALSE;
+					dns_rdatasetiter_destroy(&rdsiter);
+					if (RECURSIONOK(client)) {
+						result = query_recurse(client,
+								       qtype,
+								       NULL,
+								       NULL);
+						if (result == ISC_R_SUCCESS)
+						    client->query.attributes |=
+							NS_QUERYATTR_RECURSING;
+						else
+						    QUERY_ERROR(DNS_R_SERVFAIL);					}
+					goto addauth;
+				}
 				/*
 				 * We were searching for SIG records in
 				 * a nonsecure zone.  Send a "no error,


--- orig/debian/changelog
+++ mod/debian/changelog
@@ -1,3 +1,9 @@
+bind9 (1:9.3.4-2+etch1) stable; urgency=low
+
+  * Backport security fix from 9.4.1
+
+ -- LaMont Jones <lamont@debian.org>  Mon, 30 Apr 2007 18:29:40 -0600
+
 bind9 (1:9.3.4-2) unstable; urgency=high
 
   * Actually really do the merge of 9.3.4.  Sigh.  Closes: #408925

Reply to:

Follow-Ups:
- Re: BIND 9.3.4-2 backport of 9.4.1's fix
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: BIND 9.3.4-2 backport of 9.4.1's fix
  - From: LaMont Jones <lamont@debian.org>

Next by Date: Re: BIND 9.3.4-2 backport of 9.4.1's fix
Next by thread: Re: BIND 9.3.4-2 backport of 9.4.1's fix
Index(es):
- Date
- Thread