File bind-CVE-2016-9147.patch of Package bind

Index: bind-9.9.9-P1/lib/dns/resolver.c
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/resolver.c	2017-01-07 16:02:43.822638159 +0100
+++ bind-9.9.9-P1/lib/dns/resolver.c	2017-01-07 16:02:55.154768351 +0100
@@ -6654,15 +6654,19 @@ answer_response(fetchctx_t *fctx) {
 						 * a CNAME or DNAME).
 						 */
 						INSIST(!external);
-						if ((rdataset->type !=
-						     dns_rdatatype_cname) ||
-						    !found_dname ||
-						    (aflag ==
-						     DNS_RDATASETATTR_ANSWER))
+						/*
+						 * Don't use found_cname here
+						 * as we have just set it
+						 * above.
+						 */
+						if (cname == NULL &&
+						    !found_dname &&
+						    aflag ==
+						     DNS_RDATASETATTR_ANSWER)
 						{
 							have_answer = ISC_TRUE;
-							if (rdataset->type ==
-							    dns_rdatatype_cname)
+							if (found_cname &&
+							    cname == NULL)
 								cname = name;
 							name->attributes |=
 							    DNS_NAMEATTR_ANSWER;