Overview

File bind-CVE-2020-8617.patch of Package bind.19428

Index: bind-9.6-ESV-R11-W1/lib/dns/tsig.c
===================================================================
--- bind-9.6-ESV-R11-W1.orig/lib/dns/tsig.c
+++ bind-9.6-ESV-R11-W1/lib/dns/tsig.c
@@ -1255,8 +1255,9 @@ dns_tsig_verify(isc_buffer_t *source, dn
 		} else if (ret != ISC_R_SUCCESS) {
 			goto cleanup_context;
 		}
-	} else if (tsig.error != dns_tsigerror_badsig &&
-		   tsig.error != dns_tsigerror_badkey) {
+	} else if (!response || (tsig.error != dns_tsigerror_badsig &&
+				 tsig.error != dns_tsigerror_badkey))
+	{
 		tsig_log(msg->tsigkey, 2, "signature was empty");
 		return (DNS_R_TSIGVERIFYFAILURE);
 	}
@@ -1322,7 +1323,7 @@ dns_tsig_verify(isc_buffer_t *source, dn
 		}
 	}
 
-	if (tsig.error != dns_rcode_noerror) {
+	if (response && tsig.error != dns_rcode_noerror) {
 		msg->tsigstatus = tsig.error;
 		if (tsig.error == dns_tsigerror_badtime)
 			ret = DNS_R_CLOCKSKEW;
openSUSE Build Service is sponsored by
Places