ALT Linux repos
S: | 9.16.44-alt1 |
5.0: | 9.3.6-alt5 |
4.1: | 9.3.6-alt4.M41.2 |
+updates: | 9.3.6-alt4.M41.1 |
4.0: | 9.3.6-alt4.M41.1 |
+updates: | 9.3.6-alt4.M41.1 |
3.0: | 9.2.4.rel-alt2 |
Group :: System/Servers
RPM: bind
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: bind93-rh554851-CVE-2010-0097.patch
Download
Download
--- bind-9.3.6-P1/lib/dns/validator.c.rh555118 2010-01-18 15:35:17.587785286 +0100
+++ bind-9.3.6-P1/lib/dns/validator.c 2010-01-18 15:37:33.335285482 +0100
@@ -2544,20 +2544,22 @@ proveunsecure(dns_validator_t *val, isc_
if (val->havedlvsep)
dns_name_copy(dns_fixedname_name(&val->dlvsep), secroot, NULL);
else {
+ unsigned int labels;
dns_name_copy(val->event->name, secroot, NULL);
+
/*
* If this is a response to a DS query, we need to look in
* the parent zone for the trust anchor.
*/
- if (val->event->type == dns_rdatatype_ds &&
- dns_name_countlabels(secroot) > 1U)
- dns_name_split(secroot, 1, NULL, secroot);
+ labels = dns_name_countlabels(secroot);
+ if (val->event->type == dns_rdatatype_ds && labels > 1U)
+ dns_name_getlabelsequence(secroot, 1, labels - 1,
+ secroot);
+
result = dns_keytable_finddeepestmatch(val->keytable,
secroot, secroot);
if (result == ISC_R_NOTFOUND) {
- validator_log(val, ISC_LOG_DEBUG(3),
- "not beneath secure root");
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
"must be secure failure");