Module Name:	src
Committed By:	adrianp
Date:		Tue Sep  5 19:31:47 UTC 2006

Modified Files:
	src/dist/bind/bin/named: query.c
	src/dist/bind/lib/dns: resolver.c

Log Message:
Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1

* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)

- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.

- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.

* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)

It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.

ok'ed christos@


To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 src/dist/bind/bin/named/query.c
cvs rdiff -r1.1.1.4 -r1.2 src/dist/bind/lib/dns/resolver.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.