Operational Notification: Some releases of BIND are too strict when handling referrals containing non-empty answer sections
Mukund Sivaraman
muks at mukund.org
Thu Sep 20 11:34:03 UTC 2018
On Thu, Sep 20, 2018 at 09:48:08AM +0100, G.W. Haywood via bind-users wrote:
> Hi there,
>
> On Wed, 19 Sep 2018, Michael McNally wrote:
>
> > ... code refactoring ...
>
> That phrase always sends shudders through my corpus.
Some functions in the reply handling in the resolver, e.g.,
answer_response() before refactoring were responsible for multiple CVEs
and IIRC even regressions introduced by fixes. Note that the bug now is
not a CVE severity one. Such refactoring, though risky to do for
evolved code, was necessary.
Mukund
More information about the bind-users
mailing list