File bind-CVE-2021-25220.patch of Package bind.24015

Overview Repositories Revisions Requests Users Attributes Meta

File bind-CVE-2021-25220.patch of Package bind.24015

Index: bind-9.9.9-P1/bin/named/include/named/query.h
===================================================================
--- bind-9.9.9-P1.orig/bin/named/include/named/query.h
+++ bind-9.9.9-P1/bin/named/include/named/query.h
@@ -66,6 +66,19 @@ struct ns_query {
 	unsigned int			dns64_aaaaoklen;
 	unsigned int			dns64_options;
 	unsigned int			dns64_ttl;
+	struct {
+		dns_db_t *              db;
+		dns_zone_t *            zone;
+		dns_dbnode_t *          node;
+		dns_rdatatype_t         qtype;
+		dns_name_t *            fname;
+		dns_fixedname_t         fixed;
+		isc_result_t            result;
+		dns_rdataset_t *        rdataset;
+		dns_rdataset_t *        sigrdataset;
+		isc_boolean_t           authoritative;
+		isc_boolean_t           is_zone;
+	} redirect;
 };
 
 #define NS_QUERYATTR_RECURSIONOK	0x0001
Index: bind-9.9.9-P1/bin/named/query.c
===================================================================
--- bind-9.9.9-P1.orig/bin/named/query.c
+++ bind-9.9.9-P1/bin/named/query.c
@@ -661,6 +661,17 @@ ns_query_init(ns_client_t *client) {
 	client->query.dns64_sigaaaa = NULL;
 	client->query.dns64_aaaaok = NULL;
 	client->query.dns64_aaaaoklen = 0;
+	client->query.redirect.db = NULL;
+	client->query.redirect.node = NULL;
+	client->query.redirect.zone = NULL;
+	client->query.redirect.qtype = dns_rdatatype_none;
+	client->query.redirect.result = ISC_R_SUCCESS;
+	client->query.redirect.rdataset = NULL;
+	client->query.redirect.sigrdataset = NULL;
+	client->query.redirect.authoritative = isc_boolean_false;
+	client->query.redirect.is_zone  = isc_boolean_false;
+	client->query.redirect.fname =
+		dns_fixedname_initname(&client->query.redirect.fixed);
 	query_reset(client, ISC_FALSE);
 	result = query_newdbversion(client, 3);
 	if (result != ISC_R_SUCCESS) {
@@ -2676,8 +2687,7 @@ query_addsoa(ns_client_t *client, dns_db
 		dns_fixedname_t foundname;
 		dns_name_t *fname;
 
-		dns_fixedname_init(&foundname);
-		fname = dns_fixedname_name(&foundname);
+		fname = dns_fixedname_initname(&foundname);
 
 		result = dns_db_findext(db, name, version, dns_rdatatype_soa,
 					client->query.dboptions, 0, &node,
@@ -2761,8 +2771,7 @@ query_addns(ns_client_t *client, dns_db_
 	name = NULL;
 	rdataset = NULL;
 	node = NULL;
-	dns_fixedname_init(&foundname);
-	fname = dns_fixedname_name(&foundname);
+	fname = dns_fixedname_initname(&foundname);
 	dns_clientinfomethods_init(&cm, ns_client_sourceip);
 	dns_clientinfo_init(&ci, client);
 
@@ -3492,8 +3501,7 @@ query_addwildcardproof(ns_client_t *clie
 	 *	wild *.example
 	 */
 	options = client->query.dboptions | DNS_DBFIND_NOWILD;
-	dns_fixedname_init(&wfixed);
-	wname = dns_fixedname_name(&wfixed);
+	wname = dns_fixedname_initname(&wfixed);
  again:
 	have_wname = ISC_FALSE;
 	/*
@@ -3518,8 +3526,7 @@ query_addwildcardproof(ns_client_t *clie
 		/*
 		 * No NSEC proof available, return NSEC3 proofs instead.
 		 */
-		dns_fixedname_init(&cfixed);
-		cname = dns_fixedname_name(&cfixed);
+		cname = dns_fixedname_initname(&cfixed);
 		/*
 		 * Find the closest encloser.
 		 */
@@ -4097,8 +4104,7 @@ rpz_rrset_find(ns_client_t *client, dns_
 	}
 
 	node = NULL;
-	dns_fixedname_init(&fixed);
-	found = dns_fixedname_name(&fixed);
+	found = dns_fixedname_initname(&fixed);
 	result = dns_db_findext(*dbp, name, version, type, DNS_DBFIND_GLUEOK,
 				client->now, &node, found,
 				&cm, &ci, *rdatasetp, NULL);
@@ -4335,8 +4341,7 @@ rpz_find(ns_client_t *client, dns_rdatat
 		return (DNS_R_NXDOMAIN);
 	}
 
-	dns_fixedname_init(&fixed);
-	found = dns_fixedname_name(&fixed);
+	found = dns_fixedname_initname(&fixed);
 	result = dns_db_findext(*dbp, qnamef, *versionp, dns_rdatatype_any, 0,
 				client->now, nodep, found, &cm, &ci,
 				*rdatasetp, NULL);
@@ -4491,15 +4496,13 @@ rpz_rewrite_name(ns_client_t *client, dn
 		/*
 		 * Construct the policy's owner name.
 		 */
-		dns_fixedname_init(&prefixf);
-		prefix = dns_fixedname_name(&prefixf);
+		prefix = dns_fixedname_initname(&prefixf);
 		dns_name_split(qname, 1, prefix, NULL);
 		if (rpz_type == DNS_RPZ_TYPE_NSDNAME)
 			suffix = &rpz->nsdname;
 		else
 			suffix = &rpz->origin;
-		dns_fixedname_init(&rpz_qnamef);
-		rpz_qname = dns_fixedname_name(&rpz_qnamef);
+		rpz_qname = dns_fixedname_initname(&rpz_qnamef);
 		for (;;) {
 			result = dns_name_concatenate(prefix, suffix,
 						      rpz_qname, NULL);
@@ -4674,12 +4677,9 @@ rpz_rewrite(ns_client_t *client, dns_rda
 		st->m.ttl = ~0;
 		memset(&st->r, 0, sizeof(st->r));
 		memset(&st->q, 0, sizeof(st->q));
-		dns_fixedname_init(&st->_qnamef);
-		dns_fixedname_init(&st->_r_namef);
-		dns_fixedname_init(&st->_fnamef);
-		st->qname = dns_fixedname_name(&st->_qnamef);
-		st->r_name = dns_fixedname_name(&st->_r_namef);
-		st->fname = dns_fixedname_name(&st->_fnamef);
+		st->qname = dns_fixedname_initname(&st->_qnamef);
+		st->r_name = dns_fixedname_initname(&st->_r_namef);
+		st->fname = dns_fixedname_initname(&st->_fnamef);
 		client->query.rpz_st = st;
 	}
 
@@ -4957,8 +4957,7 @@ rpz_ck_dnssec(ns_client_t *client, isc_r
 	 */
 	if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) == 0)
 		return (ISC_TRUE);
-	dns_fixedname_init(&fixed);
-	found = dns_fixedname_name(&fixed);
+	found = dns_fixedname_initname(&fixed);
 	dns_rdataset_init(&trdataset);
 	for (result = dns_rdataset_first(rdataset);
 	     result == ISC_R_SUCCESS;
@@ -5544,8 +5543,7 @@ redirect(ns_client_t *client, dns_name_t
 	if (client->view->redirect == NULL)
 		return (ISC_R_NOTFOUND);
 
-	dns_fixedname_init(&fixed);
-	found = dns_fixedname_name(&fixed);
+	found = dns_fixedname_initname(&fixed);
 	dns_rdataset_init(&trdataset);
 
 	dns_clientinfomethods_init(&cm, ns_client_sourceip);
@@ -6709,8 +6707,7 @@ query_find(ns_client_t *client, dns_fetc
 				dns_name_t *found;
 				dns_name_t *qname;
 
-				dns_fixedname_init(&fixed);
-				found = dns_fixedname_name(&fixed);
+				found = dns_fixedname_initname(&fixed);
 				qname = client->query.qname;
 
 				query_findclosestnsec3(qname, db, version,
@@ -7153,8 +7150,7 @@ query_find(ns_client_t *client, dns_fetc
 		 * Construct the new qname consisting of
 		 * <found name prefix>.<dname target>
 		 */
-		dns_fixedname_init(&fixed);
-		prefix = dns_fixedname_name(&fixed);
+		prefix = dns_fixedname_initname(&fixed);
 		dns_name_split(client->query.qname, nlabels, prefix, NULL);
 		INSIST(fname == NULL);
 		dbuf = query_getnamebuf(client);
Index: bind-9.9.9-P1/bin/named/tkeyconf.c
===================================================================
--- bind-9.9.9-P1.orig/bin/named/tkeyconf.c
+++ bind-9.9.9-P1/bin/named/tkeyconf.c
@@ -75,8 +75,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *o
 		n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
 		isc_buffer_constinit(&b, s, strlen(s));
 		isc_buffer_add(&b, strlen(s));
-		dns_fixedname_init(&fname);
-		name = dns_fixedname_name(&fname);
+		name = dns_fixedname_initname(&fname);
 		RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
 		type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
 		RETERR(dst_key_fromfile(name, (dns_keytag_t) n, DNS_KEYALG_DH,
@@ -89,8 +88,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *o
 		s = cfg_obj_asstring(obj);
 		isc_buffer_constinit(&b, s, strlen(s));
 		isc_buffer_add(&b, strlen(s));
-		dns_fixedname_init(&fname);
-		name = dns_fixedname_name(&fname);
+		name = dns_fixedname_initname(&fname);
 		RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
 		tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t));
 		if (tctx->domain == NULL) {
@@ -108,8 +106,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *o
 
 		isc_buffer_constinit(&b, s, strlen(s));
 		isc_buffer_add(&b, strlen(s));
-		dns_fixedname_init(&fname);
-		name = dns_fixedname_name(&fname);
+		name = dns_fixedname_initname(&fname);
 		RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
 		RETERR(dst_gssapi_acquirecred(name, ISC_FALSE, &tctx->gsscred));
 	}
Index: bind-9.9.9-P1/lib/dns/forward.c
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/forward.c
+++ bind-9.9.9-P1/lib/dns/forward.c
@@ -81,12 +81,62 @@ dns_fwdtable_create(isc_mem_t *mctx, dns
 }
 
 isc_result_t
+dns_fwdtable_addfwd(dns_fwdtable_t *fwdtable, dns_name_t *name,
+		     dns_forwarderlist_t *fwdrs, dns_fwdpolicy_t fwdpolicy)
+{
+	isc_result_t result;
+	dns_forwarders_t *forwarders;
+	dns_forwarder_t *fwd, *nfwd;
+
+	REQUIRE(VALID_FWDTABLE(fwdtable));
+
+	forwarders = isc_mem_get(fwdtable->mctx, sizeof(dns_forwarders_t));
+	if (forwarders == NULL)
+		return (ISC_R_NOMEMORY);
+
+	ISC_LIST_INIT(forwarders->fwdrs);
+	for (fwd = ISC_LIST_HEAD(*fwdrs);
+	     fwd != NULL;
+	     fwd = ISC_LIST_NEXT(fwd, link))
+	{
+		nfwd = isc_mem_get(fwdtable->mctx, sizeof(dns_forwarder_t));
+		if (nfwd == NULL) {
+			result = ISC_R_NOMEMORY;
+			goto cleanup;
+		}
+		*nfwd = *fwd;
+		ISC_LINK_INIT(nfwd, link);
+		ISC_LIST_APPEND(forwarders->fwdrs, nfwd, link);
+	}
+	forwarders->fwdpolicy = fwdpolicy;
+
+	RWLOCK(&fwdtable->rwlock, isc_rwlocktype_write);
+	result = dns_rbt_addname(fwdtable->table, name, forwarders);
+	RWUNLOCK(&fwdtable->rwlock, isc_rwlocktype_write);
+
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
+
+	return (ISC_R_SUCCESS);
+
+  cleanup:
+	while (!ISC_LIST_EMPTY(forwarders->fwdrs)) {
+		fwd = ISC_LIST_HEAD(forwarders->fwdrs);
+		ISC_LIST_UNLINK(forwarders->fwdrs, fwd, link);
+		isc_mem_put(fwdtable->mctx, fwd, sizeof(isc_sockaddr_t));
+	}
+	isc_mem_put(fwdtable->mctx, forwarders, sizeof(dns_forwarders_t));
+	return (result);
+}
+
+isc_result_t
 dns_fwdtable_add(dns_fwdtable_t *fwdtable, dns_name_t *name,
 		 isc_sockaddrlist_t *addrs, dns_fwdpolicy_t fwdpolicy)
 {
 	isc_result_t result;
 	dns_forwarders_t *forwarders;
-	isc_sockaddr_t *sa, *nsa;
+	dns_forwarder_t *fwd;
+	isc_sockaddr_t *sa;
 
 	REQUIRE(VALID_FWDTABLE(fwdtable));
 
@@ -94,19 +144,20 @@ dns_fwdtable_add(dns_fwdtable_t *fwdtabl
 	if (forwarders == NULL)
 		return (ISC_R_NOMEMORY);
 
-	ISC_LIST_INIT(forwarders->addrs);
+	ISC_LIST_INIT(forwarders->fwdrs);
 	for (sa = ISC_LIST_HEAD(*addrs);
 	     sa != NULL;
 	     sa = ISC_LIST_NEXT(sa, link))
 	{
-		nsa = isc_mem_get(fwdtable->mctx, sizeof(isc_sockaddr_t));
-		if (nsa == NULL) {
+		fwd = isc_mem_get(fwdtable->mctx, sizeof(dns_forwarder_t));
+		if (fwd == NULL) {
 			result = ISC_R_NOMEMORY;
 			goto cleanup;
 		}
-		*nsa = *sa;
-		ISC_LINK_INIT(nsa, link);
-		ISC_LIST_APPEND(forwarders->addrs, nsa, link);
+		fwd->addr = *sa;
+		fwd->dscp = -1;
+		ISC_LINK_INIT(fwd, link);
+		ISC_LIST_APPEND(forwarders->fwdrs, fwd, link);
 	}
 	forwarders->fwdpolicy = fwdpolicy;
 
@@ -120,10 +171,10 @@ dns_fwdtable_add(dns_fwdtable_t *fwdtabl
 	return (ISC_R_SUCCESS);
 
  cleanup:
-	while (!ISC_LIST_EMPTY(forwarders->addrs)) {
-		sa = ISC_LIST_HEAD(forwarders->addrs);
-		ISC_LIST_UNLINK(forwarders->addrs, sa, link);
-		isc_mem_put(fwdtable->mctx, sa, sizeof(isc_sockaddr_t));
+	while (!ISC_LIST_EMPTY(forwarders->fwdrs)) {
+		fwd = ISC_LIST_HEAD(forwarders->fwdrs);
+		ISC_LIST_UNLINK(forwarders->fwdrs, fwd, link);
+		isc_mem_put(fwdtable->mctx, fwd, sizeof(dns_forwarder_t));
 	}
 	isc_mem_put(fwdtable->mctx, forwarders, sizeof(dns_forwarders_t));
 	return (result);
@@ -199,14 +250,14 @@ static void
 auto_detach(void *data, void *arg) {
 	dns_forwarders_t *forwarders = data;
 	dns_fwdtable_t *fwdtable = arg;
-	isc_sockaddr_t *sa;
+	dns_forwarder_t *fwd;
 
 	UNUSED(arg);
 
-	while (!ISC_LIST_EMPTY(forwarders->addrs)) {
-		sa = ISC_LIST_HEAD(forwarders->addrs);
-		ISC_LIST_UNLINK(forwarders->addrs, sa, link);
-		isc_mem_put(fwdtable->mctx, sa, sizeof(isc_sockaddr_t));
+	while (!ISC_LIST_EMPTY(forwarders->fwdrs)) {
+		fwd = ISC_LIST_HEAD(forwarders->fwdrs);
+		ISC_LIST_UNLINK(forwarders->fwdrs, fwd, link);
+		isc_mem_put(fwdtable->mctx, fwd, sizeof(dns_forwarder_t));
 	}
 	isc_mem_put(fwdtable->mctx, forwarders, sizeof(dns_forwarders_t));
 }
Index: bind-9.9.9-P1/lib/dns/include/dns/fixedname.h
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/include/dns/fixedname.h
+++ bind-9.9.9-P1/lib/dns/include/dns/fixedname.h
@@ -83,4 +83,10 @@ struct dns_fixedname {
 
 #define dns_fixedname_name(fn)		(&((fn)->name))
 
+static inline dns_name_t *
+dns_fixedname_initname(dns_fixedname_t *fixed) {
+	dns_fixedname_init(fixed);
+	return (dns_fixedname_name(fixed));
+}
+
 #endif /* DNS_FIXEDNAME_H */
Index: bind-9.9.9-P1/lib/dns/include/dns/forward.h
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/include/dns/forward.h
+++ bind-9.9.9-P1/lib/dns/include/dns/forward.h
@@ -28,8 +28,16 @@
 
 ISC_LANG_BEGINDECLS
 
+struct dns_forwarder {
+	isc_sockaddr_t                  addr;
+	isc_dscp_t                      dscp;
+	ISC_LINK(dns_forwarder_t)       link;
+};
+
+typedef ISC_LIST(struct dns_forwarder)  dns_forwarderlist_t;
+
 struct dns_forwarders {
-	isc_sockaddrlist_t	addrs;
+	dns_forwarderlist_t	fwdrs;
 	dns_fwdpolicy_t		fwdpolicy;
 };
 
@@ -48,17 +56,23 @@ dns_fwdtable_create(isc_mem_t *mctx, dns
  */
 
 isc_result_t
+dns_fwdtable_addfwd(dns_fwdtable_t *fwdtable, dns_name_t *name,
+		    dns_forwarderlist_t *fwdrs, dns_fwdpolicy_t policy);
+
+isc_result_t
 dns_fwdtable_add(dns_fwdtable_t *fwdtable, dns_name_t *name,
 		 isc_sockaddrlist_t *addrs, dns_fwdpolicy_t policy);
 /*%<
  * Adds an entry to the forwarding table.  The entry associates
  * a domain with a list of forwarders and a forwarding policy.  The
- * addrs list is copied if not empty, so the caller should free its copy.
+ * addrs/fwdrs list is copied if not empty, so the caller should free
+ * its copy.
  *
  * Requires:
  * \li	fwdtable is a valid forwarding table.
  * \li	name is a valid name
- * \li	addrs is a valid list of sockaddrs, which may be empty.
+ * \li	addrs/fwdrs is a valid list of isc_sockaddr/dns_forwarder
+ *	structures, which may be empty.
  *
  * Returns:
  * \li	#ISC_R_SUCCESS
Index: bind-9.9.9-P1/lib/dns/include/dns/types.h
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/include/dns/types.h
+++ bind-9.9.9-P1/lib/dns/include/dns/types.h
@@ -77,6 +77,7 @@ typedef struct dns_ednsopt			dns_ednsopt
 typedef struct dns_fetch			dns_fetch_t;
 typedef struct dns_fixedname			dns_fixedname_t;
 typedef struct dns_forwarders			dns_forwarders_t;
+typedef struct dns_forwarder			dns_forwarder_t;
 typedef struct dns_fwdtable			dns_fwdtable_t;
 typedef struct dns_iptable			dns_iptable_t;
 typedef isc_uint32_t				dns_iterations_t;
Index: bind-9.9.9-P1/lib/dns/resolver.c
===================================================================
--- bind-9.9.9-P1.orig/lib/dns/resolver.c
+++ bind-9.9.9-P1/lib/dns/resolver.c
@@ -61,6 +61,7 @@
 #include <dns/stats.h>
 #include <dns/tsig.h>
 #include <dns/validator.h>
+#include <dns/zone.h>
 
 #ifdef WANT_QUERYTRACE
 #define RTRACE(m)       isc_log_write(dns_lctx, \
@@ -282,7 +283,7 @@ struct fetchctx {
 	dns_adbfind_t *			altfind;
 	dns_adbaddrinfolist_t		forwaddrs;
 	dns_adbaddrinfolist_t		altaddrs;
-	isc_sockaddrlist_t		forwarders;
+	dns_forwarderlist_t		forwarders;
 	dns_fwdpolicy_t			fwdpolicy;
 	isc_sockaddrlist_t		bad;
 	isc_sockaddrlist_t		edns;
@@ -295,6 +296,8 @@ struct fetchctx {
 	isc_boolean_t			ns_ttl_ok;
 	isc_uint32_t			ns_ttl;
 	isc_counter_t *			qc;
+	dns_fixedname_t			fwdfname;
+	dns_name_t			*fwdname;
 
 	/*%
 	 * The number of events we're waiting for.
@@ -2887,7 +2890,7 @@ fctx_getaddresses(fetchctx_t *fctx, isc_
 	dns_resolver_t *res;
 	isc_stdtime_t now;
 	unsigned int stdoptions = 0;
-	isc_sockaddr_t *sa;
+	dns_forwarder_t *fwd;
 	dns_adbaddrinfo_t *ai;
 	isc_boolean_t all_bad;
 	dns_rdata_ns_t ns;
@@ -2931,8 +2934,8 @@ fctx_getaddresses(fetchctx_t *fctx, isc_
 	 * selective forwarders specified in the view; otherwise use the
 	 * resolver's forwarders (if any).
 	 */
-	sa = ISC_LIST_HEAD(fctx->forwarders);
-	if (sa == NULL) {
+	fwd = ISC_LIST_HEAD(fctx->forwarders);
+	if (fwd == NULL) {
 		dns_forwarders_t *forwarders = NULL;
 		dns_name_t *name = &fctx->name;
 		dns_name_t suffix;
@@ -2952,13 +2955,13 @@ fctx_getaddresses(fetchctx_t *fctx, isc_
 			name = &suffix;
 		}
 
-		dns_fixedname_init(&fixed);
-		domain = dns_fixedname_name(&fixed);
+		domain = dns_fixedname_initname(&fixed);
 		result = dns_fwdtable_find2(res->view->fwdtable, name,
 					    domain, &forwarders);
 		if (result == ISC_R_SUCCESS) {
-			sa = ISC_LIST_HEAD(forwarders->addrs);
+			fwd = ISC_LIST_HEAD(forwarders->fwdrs);
 			fctx->fwdpolicy = forwarders->fwdpolicy;
+			dns_name_copy(domain, fctx->fwdname, NULL);
 			if (fctx->fwdpolicy == dns_fwdpolicy_only &&
 			    isstrictsubdomain(domain, &fctx->domain)) {
 #ifdef ENABLE_FETCHLIMIT
@@ -2981,17 +2984,16 @@ fctx_getaddresses(fetchctx_t *fctx, isc_
 		}
 	}
 
-	while (sa != NULL) {
-		if ((isc_sockaddr_pf(sa) == AF_INET &&
+	while (fwd != NULL) {
+		if ((isc_sockaddr_pf(&fwd->addr) == AF_INET &&
 			 fctx->res->dispatches4 == NULL) ||
-		    (isc_sockaddr_pf(sa) == AF_INET6 &&
+		    (isc_sockaddr_pf(&fwd->addr) == AF_INET6 &&
 			fctx->res->dispatches6 == NULL)) {
-				sa = ISC_LIST_NEXT(sa, link);
+				fwd = ISC_LIST_NEXT(fwd, link);
 				continue;
 		}
 		ai = NULL;
-		result = dns_adb_findaddrinfo(fctx->adb,
-					      sa, &ai, 0);  /* XXXMLG */
+		result = dns_adb_findaddrinfo(fctx->adb, &fwd->addr, &ai, 0);
 		if (result == ISC_R_SUCCESS) {
 			dns_adbaddrinfo_t *cur;
 			ai->flags |= FCTX_ADDRINFO_FORWARDER;
@@ -3004,7 +3006,7 @@ fctx_getaddresses(fetchctx_t *fctx, isc_
 			else
 				ISC_LIST_APPEND(fctx->forwaddrs, ai, publink);
 		}
-		sa = ISC_LIST_NEXT(sa, link);
+		fwd = ISC_LIST_NEXT(fwd, link);
 	}
 
 	/*
@@ -4012,6 +4014,9 @@ fctx_create(dns_resolver_t *res, dns_nam
 	fctx->restarts = 0;
 	fctx->querysent = 0;
 	fctx->referrals = 0;
+
+	fctx->fwdname = dns_fixedname_initname(&fctx->fwdfname);
+
 	TIME_NOW(&fctx->start);
 	fctx->timeouts = 0;
 	fctx->lamecount = 0;
@@ -5715,6 +5720,107 @@ mark_related(dns_name_t *name, dns_rdata
 		rdataset->attributes |= DNS_RDATASETATTR_EXTERNAL;
 }
 
+/*
+ * Returns true if 'name' is external to the namespace for which
+ * the server being queried can answer, either because it's not a
+ * subdomain or because it's below a forward declaration or a
+ * locally served zone.
+ */
+static inline isc_boolean_t
+name_external(dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
+	isc_result_t result;
+	dns_forwarders_t *forwarders = NULL;
+	dns_fixedname_t fixed, zfixed;
+	dns_name_t *fname = dns_fixedname_initname(&fixed);
+	dns_name_t *zfname = dns_fixedname_initname(&zfixed);
+	dns_name_t *apex = NULL;
+	dns_name_t suffix;
+	dns_zone_t *zone = NULL;
+	unsigned int labels;
+	dns_namereln_t rel;
+
+	apex = ISFORWARDER(fctx->addrinfo) ? fctx->fwdname : &fctx->domain;
+
+	/*
+	 * The name is outside the queried namespace.
+	 */
+	rel = dns_name_fullcompare(name, apex, &(int){ 0 },
+				   &(unsigned int){ 0U });
+	if (rel != dns_namereln_subdomain && rel != dns_namereln_equal) {
+		return (ISC_TRUE);
+	}
+
+	/*
+	 * If the record lives in the parent zone, adjust the name so we
+	 * look for the correct zone or forward clause.
+	 */
+	labels = dns_name_countlabels(name);
+	if (dns_rdatatype_atparent(type) && labels > 1U) {
+		dns_name_init(&suffix, NULL);
+		dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
+		name = &suffix;
+	} else if (rel == dns_namereln_equal) {
+		/* If 'name' is 'apex', no further checking is needed. */
+		return (ISC_FALSE);
+	}
+
+	/*
+	 * If there is a locally served zone between 'apex' and 'name'
+	 * then don't cache.
+	 */
+	LOCK(&fctx->res->view->lock);
+	if (fctx->res->view->zonetable != NULL) {
+		unsigned int options = DNS_ZTFIND_NOEXACT;
+		result = dns_zt_find(fctx->res->view->zonetable, name, options,
+				     zfname, &zone);
+		if (zone != NULL) {
+			dns_zone_detach(&zone);
+		}
+		if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
+			if (dns_name_fullcompare(zfname, apex, &(int){ 0 },
+						 &(unsigned int){ 0U }) ==
+			    dns_namereln_subdomain)
+			{
+				UNLOCK(&fctx->res->view->lock);
+				return (ISC_TRUE);
+			}
+		}
+	}
+	UNLOCK(&fctx->res->view->lock);
+
+	/*
+	 * Look for a forward declaration below 'name'.
+	 */
+	result = dns_fwdtable_find2(fctx->res->view->fwdtable, name, fname,
+				    &forwarders);
+
+	if (ISFORWARDER(fctx->addrinfo)) {
+		/*
+		 * See if the forwarder declaration is better.
+		 */
+		if (result == ISC_R_SUCCESS) {
+			return (!dns_name_equal(fname, fctx->fwdname));
+		}
+
+		/*
+		 * If the lookup failed, the configuration must have
+		 * changed: play it safe and don't cache.
+		 */
+		return (ISC_TRUE);
+	} else if (result == ISC_R_SUCCESS &&
+		   forwarders->fwdpolicy == dns_fwdpolicy_only &&
+		   !ISC_LIST_EMPTY(forwarders->fwdrs))
+	{
+		/*
+		 * If 'name' is covered by a 'forward only' clause then we
+		 * can't cache this repsonse.
+		 */
+		return (ISC_TRUE);
+	}
+
+	return (ISC_FALSE);
+}
+
 static isc_result_t
 check_section(void *arg, dns_name_t *addname, dns_rdatatype_t type,
 	      dns_section_t section)
@@ -5743,7 +5849,7 @@ check_section(void *arg, dns_name_t *add
 	result = dns_message_findname(fctx->rmessage, section, addname,
 				      dns_rdatatype_any, 0, &name, NULL);
 	if (result == ISC_R_SUCCESS) {
-		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
+		external = ISC_TF(name_external(name, type, fctx));
 		if (type == dns_rdatatype_a) {
 			for (rdataset = ISC_LIST_HEAD(name->list);
 			     rdataset != NULL;
@@ -6602,6 +6708,13 @@ answer_response(fetchctx_t *fctx) {
 
 		case dns_namereln_subdomain:
 			/*
+			 * Don't accept DNAME from parent namespace.
+			 */
+			if (name_external(name, dns_rdatatype_dname, fctx)) {
+				continue;
+			}
+
+			 /*
 			 * In-scope DNAME records must have at least
 			 * as many labels as the domain being queried.
 			 * They also must be less that qname's labels
@@ -6829,11 +6942,9 @@ answer_response(fetchctx_t *fctx) {
 	 */
 	result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
 	while (!done && result == ISC_R_SUCCESS) {
-		isc_boolean_t external;
 		name = NULL;
 		dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
-		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
-		if (!external) {
+		if (ISC_TF(!name_external(name, dns_rdatatype_ns, fctx))) {
 			/*
 			 * We expect to find NS or SIG NS rdatasets, and
 			 * nothing else.
Index: bind-9.9.9-P1/lib/isc/include/isc/types.h
===================================================================
--- bind-9.9.9-P1.orig/lib/isc/include/isc/types.h
+++ bind-9.9.9-P1/lib/isc/include/isc/types.h
@@ -51,6 +51,7 @@ typedef ISC_LIST(isc_buffer_t)		isc_buff
 typedef struct isc_constregion		isc_constregion_t;	/*%< Const region */
 typedef struct isc_consttextregion	isc_consttextregion_t;	/*%< Const Text Region */
 typedef struct isc_counter		isc_counter_t;		/*%< Counter */
+typedef int16_t			isc_dscp_t;		/*%< Diffserv code point */
 typedef struct isc_entropy		isc_entropy_t;		/*%< Entropy */
 typedef struct isc_entropysource	isc_entropysource_t;	/*%< Entropy Source */
 typedef struct isc_event		isc_event_t;		/*%< Event */

Places

File bind-CVE-2021-25220.patch of Package bind.24015

Places