summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-04-13 08:32:15 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-04-14 10:58:33 +0100
commitc3c55478f5d346c65bd6f1e0a188da49e5a1369e (patch)
treefa3be5ecc1e990668a2211e78c0d92fdd4d4a72f
parentc4387a8b65cd1666a3eac1c85fb107d2b494ce0a (diff)
downloadpoky-c3c55478f5d346c65bd6f1e0a188da49e5a1369e.tar.gz
bind: CVE-2016-1285 CVE-2016-1286
Fixes following vulnerabilities: CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: =========================================================== CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=70037e040e587329cec82123e12b9f4f7c945f67 CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=7602be276a73a6eb5431c5acd9718e68a55e8b61 (From OE-Core rev: 080d1a313e4982dd05846b375ebf936c46934d80) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch154
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch79
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch314
-rw-r--r--meta/recipes-connectivity/bind/bind_9.10.3-P3.bb3
4 files changed, 550 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
new file mode 100644
index 0000000000..2149bd180d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
@@ -0,0 +1,154 @@
1From 70037e040e587329cec82123e12b9f4f7c945f67 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Thu, 18 Feb 2016 12:11:27 +1100
4Subject: [PATCH] 4318. [security] Malformed control messages can
5 trigger assertions in named and rndc. (CVE-2016-1285)
6 [RT #41666]
7
8(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
9
10CVE: CVE-2016-1285
11Upstream-Status: Backport
12[Removed doc/arm/notes.xml changes from upstream patch]
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16 CHANGES | 3 +++
17 bin/named/control.c | 2 +-
18 bin/named/controlconf.c | 2 +-
19 bin/rndc/rndc.c | 8 ++++----
20 doc/arm/notes.xml | 11 +++++++++++
21 lib/isccc/cc.c | 14 +++++++-------
22 6 files changed, 27 insertions(+), 13 deletions(-)
23
24diff --git a/CHANGES b/CHANGES
25index b9bd9ef..2c727d5 100644
26--- a/CHANGES
27+++ b/CHANGES
28@@ -1,3 +1,6 @@
29+4318. [security] Malformed control messages can trigger assertions
30+ in named and rndc. (CVE-2016-1285) [RT #41666]
31+
32 --- 9.10.3-P3 released ---
33
34 4288. [bug] Fixed a regression in resolver.c:possibly_mark()
35diff --git a/bin/named/control.c b/bin/named/control.c
36index 8554335..81340ca 100644
37--- a/bin/named/control.c
38+++ b/bin/named/control.c
39@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
40 #endif
41
42 data = isccc_alist_lookup(message, "_data");
43- if (data == NULL) {
44+ if (!isccc_alist_alistp(data)) {
45 /*
46 * No data section.
47 */
48diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
49index 765afdd..a39ab8b 100644
50--- a/bin/named/controlconf.c
51+++ b/bin/named/controlconf.c
52@@ -402,7 +402,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
53 * Limit exposure to replay attacks.
54 */
55 _ctrl = isccc_alist_lookup(request, "_ctrl");
56- if (_ctrl == NULL) {
57+ if (!isccc_alist_alistp(_ctrl)) {
58 log_invalid(&conn->ccmsg, ISC_R_FAILURE);
59 goto cleanup_request;
60 }
61diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
62index cb17050..b6e05c8 100644
63--- a/bin/rndc/rndc.c
64+++ b/bin/rndc/rndc.c
65@@ -255,8 +255,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
66 isccc_cc_fromwire(&source, &response, algorithm, &secret));
67
68 data = isccc_alist_lookup(response, "_data");
69- if (data == NULL)
70- fatal("no data section in response");
71+ if (!isccc_alist_alistp(data))
72+ fatal("bad or missing data section in response");
73 result = isccc_cc_lookupstring(data, "err", &errormsg);
74 if (result == ISC_R_SUCCESS) {
75 failed = ISC_TRUE;
76@@ -321,8 +321,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
77 isccc_cc_fromwire(&source, &response, algorithm, &secret));
78
79 _ctrl = isccc_alist_lookup(response, "_ctrl");
80- if (_ctrl == NULL)
81- fatal("_ctrl section missing");
82+ if (!isccc_alist_alistp(_ctrl))
83+ fatal("bad or missing ctrl section in response");
84 nonce = 0;
85 if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
86 nonce = 0;
87diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
88index 47a3b74..2bb961e 100644
89--- a/lib/isccc/cc.c
90+++ b/lib/isccc/cc.c
91@@ -403,13 +403,13 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
92 * Extract digest.
93 */
94 _auth = isccc_alist_lookup(alist, "_auth");
95- if (_auth == NULL)
96+ if (!isccc_alist_alistp(_auth))
97 return (ISC_R_FAILURE);
98 if (algorithm == ISCCC_ALG_HMACMD5)
99 hmac = isccc_alist_lookup(_auth, "hmd5");
100 else
101 hmac = isccc_alist_lookup(_auth, "hsha");
102- if (hmac == NULL)
103+ if (!isccc_sexpr_binaryp(hmac))
104 return (ISC_R_FAILURE);
105 /*
106 * Compute digest.
107@@ -728,7 +728,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
108 REQUIRE(ackp != NULL && *ackp == NULL);
109
110 _ctrl = isccc_alist_lookup(message, "_ctrl");
111- if (_ctrl == NULL ||
112+ if (!isccc_alist_alistp(_ctrl) ||
113 isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
114 isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
115 return (ISC_R_FAILURE);
116@@ -773,7 +773,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
117 isccc_sexpr_t *_ctrl;
118
119 _ctrl = isccc_alist_lookup(message, "_ctrl");
120- if (_ctrl == NULL)
121+ if (!isccc_alist_alistp(_ctrl))
122 return (ISC_FALSE);
123 if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
124 return (ISC_TRUE);
125@@ -786,7 +786,7 @@ isccc_cc_isreply(isccc_sexpr_t *message)
126 isccc_sexpr_t *_ctrl;
127
128 _ctrl = isccc_alist_lookup(message, "_ctrl");
129- if (_ctrl == NULL)
130+ if (!isccc_alist_alistp(_ctrl))
131 return (ISC_FALSE);
132 if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
133 return (ISC_TRUE);
134@@ -806,7 +806,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
135
136 _ctrl = isccc_alist_lookup(message, "_ctrl");
137 _data = isccc_alist_lookup(message, "_data");
138- if (_ctrl == NULL || _data == NULL ||
139+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
140 isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
141 isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
142 return (ISC_R_FAILURE);
143@@ -995,7 +995,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
144 isccc_sexpr_t *_ctrl;
145
146 _ctrl = isccc_alist_lookup(message, "_ctrl");
147- if (_ctrl == NULL ||
148+ if (!isccc_alist_alistp(_ctrl) ||
149 isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
150 isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
151 return (ISC_R_FAILURE);
152--
1531.9.1
154
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
new file mode 100644
index 0000000000..ae5cc48d9c
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
@@ -0,0 +1,79 @@
1From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
2From: Mukund Sivaraman <muks@isc.org>
3Date: Mon, 22 Feb 2016 12:22:43 +0530
4Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
5 (CVE-2016-1286) (#41753)
6
7(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
8
9CVE: CVE-2016-1286
10Upstream-Status: Backport
11
12[Removed doc/arm/notes.xml changes from upstream patch.]
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16diff -ruN a/CHANGES b/CHANGES
17--- a/CHANGES 2016-04-13 07:28:44.940873629 +0200
18+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200
19@@ -1,3 +1,7 @@
20+4319. [security] Fix resolver assertion failure due to improper
21+ DNAME handling when parsing fetch reply messages.
22+ (CVE-2016-1286) [RT #41753]
23+
24 4318. [security] Malformed control messages can trigger assertions
25 in named and rndc. (CVE-2016-1285) [RT #41666]
26
27diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
28--- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200
29+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200
30@@ -6967,21 +6967,26 @@
31 isc_boolean_t found_dname = ISC_FALSE;
32 dns_name_t *dname_name;
33
34+ /*
35+ * Only pass DNAME or RRSIG(DNAME).
36+ */
37+ if (rdataset->type != dns_rdatatype_dname &&
38+ (rdataset->type != dns_rdatatype_rrsig ||
39+ rdataset->covers != dns_rdatatype_dname))
40+ continue;
41+
42+ /*
43+ * If we're not chaining, then the DNAME and
44+ * its signature should not be external.
45+ */
46+ if (!chaining && external) {
47+ log_formerr(fctx, "external DNAME");
48+ return (DNS_R_FORMERR);
49+ }
50+
51 found = ISC_FALSE;
52 aflag = 0;
53 if (rdataset->type == dns_rdatatype_dname) {
54- /*
55- * We're looking for something else,
56- * but we found a DNAME.
57- *
58- * If we're not chaining, then the
59- * DNAME should not be external.
60- */
61- if (!chaining && external) {
62- log_formerr(fctx,
63- "external DNAME");
64- return (DNS_R_FORMERR);
65- }
66 found = ISC_TRUE;
67 want_chaining = ISC_TRUE;
68 POST(want_chaining);
69@@ -7010,9 +7015,7 @@
70 &fctx->domain)) {
71 return (DNS_R_SERVFAIL);
72 }
73- } else if (rdataset->type == dns_rdatatype_rrsig
74- && rdataset->covers ==
75- dns_rdatatype_dname) {
76+ } else {
77 /*
78 * We've found a signature that
79 * covers the DNAME.
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
new file mode 100644
index 0000000000..a31ea81f87
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
@@ -0,0 +1,314 @@
1From 7602be276a73a6eb5431c5acd9718e68a55e8b61 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Mon, 29 Feb 2016 07:16:48 +1100
4Subject: [PATCH] Part 2 of: 4319. [security] Fix resolver assertion
5 failure due to improper DNAME handling when parsing
6 fetch reply messages. (CVE-2016-1286) [RT #41753]
7
8(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
12 1 file changed, 93 insertions(+), 99 deletions(-)
13
14diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
15index 70aba87..41e9df4 100644
16--- a/lib/dns/resolver.c
17+++ b/lib/dns/resolver.c
18@@ -6074,14 +6074,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
19 }
20
21 static inline isc_result_t
22-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
23- dns_name_t *oname, dns_fixedname_t *fixeddname)
24+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
25+ unsigned int nlabels, dns_fixedname_t *fixeddname)
26 {
27 isc_result_t result;
28 dns_rdata_t rdata = DNS_RDATA_INIT;
29- unsigned int nlabels;
30- int order;
31- dns_namereln_t namereln;
32 dns_rdata_dname_t dname;
33 dns_fixedname_t prefix;
34
35@@ -6096,21 +6093,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
36 if (result != ISC_R_SUCCESS)
37 return (result);
38
39- /*
40- * Get the prefix of qname.
41- */
42- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
43- if (namereln != dns_namereln_subdomain) {
44- char qbuf[DNS_NAME_FORMATSIZE];
45- char obuf[DNS_NAME_FORMATSIZE];
46-
47- dns_rdata_freestruct(&dname);
48- dns_name_format(qname, qbuf, sizeof(qbuf));
49- dns_name_format(oname, obuf, sizeof(obuf));
50- log_formerr(fctx, "unrelated DNAME in answer: "
51- "%s is not in %s", qbuf, obuf);
52- return (DNS_R_FORMERR);
53- }
54 dns_fixedname_init(&prefix);
55 dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
56 dns_fixedname_init(fixeddname);
57@@ -6736,13 +6718,13 @@ static isc_result_t
58 answer_response(fetchctx_t *fctx) {
59 isc_result_t result;
60 dns_message_t *message;
61- dns_name_t *name, *qname, tname, *ns_name;
62+ dns_name_t *name, *dname, *qname, tname, *ns_name;
63 dns_rdataset_t *rdataset, *ns_rdataset;
64 isc_boolean_t done, external, chaining, aa, found, want_chaining;
65 isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
66 unsigned int aflag;
67 dns_rdatatype_t type;
68- dns_fixedname_t dname, fqname;
69+ dns_fixedname_t fdname, fqname;
70 dns_view_t *view;
71
72 FCTXTRACE("answer_response");
73@@ -6770,10 +6752,15 @@ answer_response(fetchctx_t *fctx) {
74 view = fctx->res->view;
75 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
76 while (!done && result == ISC_R_SUCCESS) {
77+ dns_namereln_t namereln;
78+ int order;
79+ unsigned int nlabels;
80+
81 name = NULL;
82 dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
83 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
84- if (dns_name_equal(name, qname)) {
85+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
86+ if (namereln == dns_namereln_equal) {
87 wanted_chaining = ISC_FALSE;
88 for (rdataset = ISC_LIST_HEAD(name->list);
89 rdataset != NULL;
90@@ -6898,10 +6885,11 @@ answer_response(fetchctx_t *fctx) {
91 */
92 INSIST(!external);
93 if (aflag ==
94- DNS_RDATASETATTR_ANSWER)
95+ DNS_RDATASETATTR_ANSWER) {
96 have_answer = ISC_TRUE;
97- name->attributes |=
98- DNS_NAMEATTR_ANSWER;
99+ name->attributes |=
100+ DNS_NAMEATTR_ANSWER;
101+ }
102 rdataset->attributes |= aflag;
103 if (aa)
104 rdataset->trust =
105@@ -6956,6 +6944,8 @@ answer_response(fetchctx_t *fctx) {
106 if (wanted_chaining)
107 chaining = ISC_TRUE;
108 } else {
109+ dns_rdataset_t *dnameset = NULL;
110+
111 /*
112 * Look for a DNAME (or its SIG). Anything else is
113 * ignored.
114@@ -6963,10 +6953,8 @@ answer_response(fetchctx_t *fctx) {
115 wanted_chaining = ISC_FALSE;
116 for (rdataset = ISC_LIST_HEAD(name->list);
117 rdataset != NULL;
118- rdataset = ISC_LIST_NEXT(rdataset, link)) {
119- isc_boolean_t found_dname = ISC_FALSE;
120- dns_name_t *dname_name;
121-
122+ rdataset = ISC_LIST_NEXT(rdataset, link))
123+ {
124 /*
125 * Only pass DNAME or RRSIG(DNAME).
126 */
127@@ -6980,20 +6968,41 @@ answer_response(fetchctx_t *fctx) {
128 * its signature should not be external.
129 */
130 if (!chaining && external) {
131- log_formerr(fctx, "external DNAME");
132+ char qbuf[DNS_NAME_FORMATSIZE];
133+ char obuf[DNS_NAME_FORMATSIZE];
134+
135+ dns_name_format(name, qbuf,
136+ sizeof(qbuf));
137+ dns_name_format(&fctx->domain, obuf,
138+ sizeof(obuf));
139+ log_formerr(fctx, "external DNAME or "
140+ "RRSIG covering DNAME "
141+ "in answer: %s is "
142+ "not in %s", qbuf, obuf);
143+ return (DNS_R_FORMERR);
144+ }
145+
146+ if (namereln != dns_namereln_subdomain) {
147+ char qbuf[DNS_NAME_FORMATSIZE];
148+ char obuf[DNS_NAME_FORMATSIZE];
149+
150+ dns_name_format(qname, qbuf,
151+ sizeof(qbuf));
152+ dns_name_format(name, obuf,
153+ sizeof(obuf));
154+ log_formerr(fctx, "unrelated DNAME "
155+ "in answer: %s is "
156+ "not in %s", qbuf, obuf);
157 return (DNS_R_FORMERR);
158 }
159
160- found = ISC_FALSE;
161 aflag = 0;
162 if (rdataset->type == dns_rdatatype_dname) {
163- found = ISC_TRUE;
164 want_chaining = ISC_TRUE;
165 POST(want_chaining);
166 aflag = DNS_RDATASETATTR_ANSWER;
167- result = dname_target(fctx, rdataset,
168- qname, name,
169- &dname);
170+ result = dname_target(rdataset, qname,
171+ nlabels, &fdname);
172 if (result == ISC_R_NOSPACE) {
173 /*
174 * We can't construct the
175@@ -7005,14 +7014,12 @@ answer_response(fetchctx_t *fctx) {
176 } else if (result != ISC_R_SUCCESS)
177 return (result);
178 else
179- found_dname = ISC_TRUE;
180+ dnameset = rdataset;
181
182- dname_name = dns_fixedname_name(&dname);
183+ dname = dns_fixedname_name(&fdname);
184 if (!is_answertarget_allowed(view,
185- qname,
186- rdataset->type,
187- dname_name,
188- &fctx->domain)) {
189+ qname, rdataset->type,
190+ dname, &fctx->domain)) {
191 return (DNS_R_SERVFAIL);
192 }
193 } else {
194@@ -7020,73 +7027,60 @@ answer_response(fetchctx_t *fctx) {
195 * We've found a signature that
196 * covers the DNAME.
197 */
198- found = ISC_TRUE;
199 aflag = DNS_RDATASETATTR_ANSWERSIG;
200 }
201
202- if (found) {
203+ /*
204+ * We've found an answer to our
205+ * question.
206+ */
207+ name->attributes |= DNS_NAMEATTR_CACHE;
208+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
209+ rdataset->trust = dns_trust_answer;
210+ if (!chaining) {
211 /*
212- * We've found an answer to our
213- * question.
214+ * This data is "the" answer to
215+ * our question only if we're
216+ * not chaining.
217 */
218- name->attributes |=
219- DNS_NAMEATTR_CACHE;
220- rdataset->attributes |=
221- DNS_RDATASETATTR_CACHE;
222- rdataset->trust = dns_trust_answer;
223- if (!chaining) {
224- /*
225- * This data is "the" answer
226- * to our question only if
227- * we're not chaining.
228- */
229- INSIST(!external);
230- if (aflag ==
231- DNS_RDATASETATTR_ANSWER)
232- have_answer = ISC_TRUE;
233+ INSIST(!external);
234+ if (aflag == DNS_RDATASETATTR_ANSWER) {
235+ have_answer = ISC_TRUE;
236 name->attributes |=
237 DNS_NAMEATTR_ANSWER;
238- rdataset->attributes |= aflag;
239- if (aa)
240- rdataset->trust =
241- dns_trust_authanswer;
242- } else if (external) {
243- rdataset->attributes |=
244- DNS_RDATASETATTR_EXTERNAL;
245- }
246-
247- /*
248- * DNAME chaining.
249- */
250- if (found_dname) {
251- /*
252- * Copy the dname into the
253- * qname fixed name.
254- *
255- * Although we check for
256- * failure of the copy
257- * operation, in practice it
258- * should never fail since
259- * we already know that the
260- * result fits in a fixedname.
261- */
262- dns_fixedname_init(&fqname);
263- result = dns_name_copy(
264- dns_fixedname_name(&dname),
265- dns_fixedname_name(&fqname),
266- NULL);
267- if (result != ISC_R_SUCCESS)
268- return (result);
269- wanted_chaining = ISC_TRUE;
270- name->attributes |=
271- DNS_NAMEATTR_CHAINING;
272- rdataset->attributes |=
273- DNS_RDATASETATTR_CHAINING;
274- qname = dns_fixedname_name(
275- &fqname);
276 }
277+ rdataset->attributes |= aflag;
278+ if (aa)
279+ rdataset->trust =
280+ dns_trust_authanswer;
281+ } else if (external) {
282+ rdataset->attributes |=
283+ DNS_RDATASETATTR_EXTERNAL;
284 }
285 }
286+
287+ /*
288+ * DNAME chaining.
289+ */
290+ if (dnameset != NULL) {
291+ /*
292+ * Copy the dname into the qname fixed name.
293+ *
294+ * Although we check for failure of the copy
295+ * operation, in practice it should never fail
296+ * since we already know that the result fits
297+ * in a fixedname.
298+ */
299+ dns_fixedname_init(&fqname);
300+ qname = dns_fixedname_name(&fqname);
301+ result = dns_name_copy(dname, qname, NULL);
302+ if (result != ISC_R_SUCCESS)
303+ return (result);
304+ wanted_chaining = ISC_TRUE;
305+ name->attributes |= DNS_NAMEATTR_CHAINING;
306+ dnameset->attributes |=
307+ DNS_RDATASETATTR_CHAINING;
308+ }
309 if (wanted_chaining)
310 chaining = ISC_TRUE;
311 }
312--
3131.9.1
314
diff --git a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
index fa057d52cf..3ad14b235f 100644
--- a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
+++ b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
@@ -21,6 +21,9 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
21 file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ 21 file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
22 file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ 22 file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
23 file://0001-lib-dns-gen.c-fix-too-long-error.patch \ 23 file://0001-lib-dns-gen.c-fix-too-long-error.patch \
24 file://CVE-2016-1285.patch \
25 file://CVE-2016-1286_1.patch \
26 file://CVE-2016-1286_2.patch \
24 " 27 "
25 28
26SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a" 29SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a"