From 1b113bcf17062a4582fb89ebba8f67126541c6fb Mon Sep 17 00:00:00 2001
From: Doug Barton <dougb@FreeBSD.org>
Date: Tue, 28 Jul 2009 23:23:48 +0000
Subject: Vendor import of BIND 9.4.3-P3

---
 CHANGES            | 5 +++++
 bin/named/update.c | 8 ++++++--
 version            | 4 ++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8d1f22b8e381..b78523972534 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+	--- 9.4.3-P3 released ---
+
+2640.	[security]	A specially crafted update packet will cause named
+			to exit. [RT #20000]
+
 	--- 9.4.3-P2 released ---
 
 2579.	[bug]		DNSSEC lookaside validation failed to handle unknown
diff --git a/bin/named/update.c b/bin/named/update.c
index fb6dec2f11e0..ddb426afb202 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.109.18.27 2008/02/07 03:16:08 marka Exp $ */
+/* $Id: update.c,v 1.109.18.27.4.1 2009/07/28 13:57:27 marka Exp $ */
 
 #include <config.h>
 
@@ -865,7 +865,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;
 
 			/*
diff --git a/version b/version
index 1eb5a692d923..7b907241d137 100644
--- a/version
+++ b/version
@@ -1,4 +1,4 @@
-# $Id: version,v 1.29.134.23.2.2 2009/03/17 02:23:49 marka Exp $
+# $Id: version,v 1.29.134.23.2.3 2009/07/28 13:57:27 marka Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=4
 PATCHVER=3
 RELEASETYPE=-P
-RELEASEVER=2
+RELEASEVER=3
-- 
cgit v1.2.3