diff options
| -rw-r--r-- | CHANGES | 7 | ||||
| -rw-r--r-- | lib/dns/zone.c | 8 |
2 files changed, 14 insertions, 1 deletions
@@ -1,3 +1,10 @@ + --- 9.9.6-P2 released --- + +4053. [security] Revoking a managed trust anchor and supplying + an untrusted replacement could cause named + to crash with an assertion failure. + (CVE-2015-1349) [RT #38344] + --- 9.9.6-P1 released --- 4006. [security] A flaw in delegation handling could be exploited diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 7a9825bd96b0..5db28449b8f7 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { namebuf, tag); trustkey = ISC_TRUE; } + } else { + /* + * No previously known key, and the key is not + * secure, so skip it. + */ + continue; } /* Delete old version */ @@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { trust_key(zone, keyname, &dnskey, mctx); } - if (!deletekey) { + if (secure && !deletekey) { INSIST(newkey || updatekey); set_refreshkeytimer(zone, &keydata, now); } |