Module Name: src
Committed By: christos
Date: Tue Feb 13 15:23:16 UTC 2024
Modified Files:
src/external/mpl/bind/dist/lib/ns: query.c
Log Message:
Apply patch for CVE-2023-5679:
A bad interaction between DNS64 and serve-stale may cause `named`
to crash with an assertion failure during recursive resolution,
when both of these features are enabled. This issue affects BIND
9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0
through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1
through 9.18.21-S1.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/external/mpl/bind/dist/lib/ns/query.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/mpl/bind/dist/lib/ns/query.c
diff -u src/external/mpl/bind/dist/lib/ns/query.c:1.18 src/external/mpl/bind/dist/lib/ns/query.c:1.19
--- src/external/mpl/bind/dist/lib/ns/query.c:1.18 Tue Feb 13 10:22:03 2024
+++ src/external/mpl/bind/dist/lib/ns/query.c Tue Feb 13 10:23:15 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.18 2024/02/13 15:22:03 christos Exp $ */
+/* $NetBSD: query.c,v 1.19 2024/02/13 15:23:15 christos Exp $ */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -6102,6 +6102,13 @@ query_lookup_stale(ns_client_t *client)
query_ctx_t qctx;
qctx_init(client, NULL, client->query.qtype, &qctx);
+ if (DNS64(client)) {
+ qctx.qtype = qctx.type = dns_rdatatype_a;
+ qctx.dns64 = true;
+ }
+ if (DNS64EXCLUDE(client)) {
+ qctx.dns64_exclude = true;
+ }
dns_db_attach(client->view->cachedb, &qctx.db);
client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
client->query.dboptions |= DNS_DBFIND_STALETIMEOUT;
