diff options
Diffstat (limited to 'debian/patches/0030-Address-inconsistencies-in-checking-added-RRsets.patch')
-rw-r--r-- | debian/patches/0030-Address-inconsistencies-in-checking-added-RRsets.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/debian/patches/0030-Address-inconsistencies-in-checking-added-RRsets.patch b/debian/patches/0030-Address-inconsistencies-in-checking-added-RRsets.patch new file mode 100644 index 0000000..23a1b29 --- /dev/null +++ b/debian/patches/0030-Address-inconsistencies-in-checking-added-RRsets.patch @@ -0,0 +1,46 @@ +From: Mark Andrews <marka@isc.org> +Date: Fri, 12 Feb 2021 14:51:28 +1100 +Subject: Address inconsistencies in checking added RRsets + +loading_addrdataset() rejects SOA RRsets which are not at top of zone. +addrdataset() should similarly reject such RRsets. +--- + lib/dns/rbtdb.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c +index 792c443..b1b928c 100644 +--- a/lib/dns/rbtdb.c ++++ b/lib/dns/rbtdb.c +@@ -117,7 +117,7 @@ struct rbtdb_file_header { + /*% + * Note that "impmagic" is not the first four bytes of the struct, so + * ISC_MAGIC_VALID cannot be used. +- */ ++a */ + #define VALID_RBTDB(rbtdb) ((rbtdb) != NULL && \ + (rbtdb)->common.impmagic == RBTDB_MAGIC) + +@@ -6806,13 +6806,21 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + REQUIRE(VALID_RBTDB(rbtdb)); + INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb); + +- if (rbtdb->common.methods == &zone_methods) ++ if (rbtdb->common.methods == &zone_methods) { ++ /* ++ * SOA records are only allowed at top of zone. ++ */ ++ if (rdataset->type == dns_rdatatype_soa && ++ node != rbtdb->origin_node) { ++ return (DNS_R_NOTZONETOP); ++ } + REQUIRE(((rbtnode->nsec == DNS_RBT_NSEC_NSEC3 && + (rdataset->type == dns_rdatatype_nsec3 || + rdataset->covers == dns_rdatatype_nsec3)) || + (rbtnode->nsec != DNS_RBT_NSEC_NSEC3 && + rdataset->type != dns_rdatatype_nsec3 && + rdataset->covers != dns_rdatatype_nsec3))); ++ } + + if (rbtversion == NULL) { + if (now == 0) |