Blame SOURCES/bind99-CVE-2015-1349.patch
|
 |
c25660 |
diff -up bind-9.9.4/lib/dns/zone.c.CVE-2015-1349 bind-9.9.4/lib/dns/zone.c
|
|
|
c25660 |
--- bind-9.9.4/lib/dns/zone.c.CVE-2015-1349 2015-03-02 11:18:36.138872044 +0100
|
|
|
c25660 |
+++ bind-9.9.4/lib/dns/zone.c 2015-03-02 11:20:15.941032102 +0100
|
|
|
c25660 |
@@ -8456,6 +8456,12 @@ keyfetch_done(isc_task_t *task, isc_even
|
|
|
c25660 |
namebuf, tag);
|
|
|
c25660 |
trustkey = ISC_TRUE;
|
|
|
c25660 |
}
|
|
|
c25660 |
+ } else {
|
|
|
c25660 |
+ /*
|
|
|
c25660 |
+ * No previously known key, and the key is not
|
|
|
c25660 |
+ * secure, so skip it.
|
|
|
c25660 |
+ */
|
|
|
c25660 |
+ continue;
|
|
|
c25660 |
}
|
|
|
c25660 |
|
|
|
c25660 |
/* Delete old version */
|
|
|
c25660 |
@@ -8504,7 +8510,7 @@ keyfetch_done(isc_task_t *task, isc_even
|
|
|
c25660 |
trust_key(zone, keyname, &dnskey, mctx);
|
|
|
c25660 |
}
|
|
|
c25660 |
|
|
|
c25660 |
- if (!deletekey)
|
|
|
c25660 |
+ if (secure && !deletekey)
|
|
|
c25660 |
set_refreshkeytimer(zone, &keydata, now);
|
|
|
c25660 |
}
|
|
|
c25660 |
|