diff --git a/CHANGES b/CHANGES index 28f4424ecb..5d1f9a51d0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4138. [bug] A uninitialized value in validator.c could result + in a assertion failure. (CVE-2015-4620) [RT #39795] + 4137. [bug] rndc reconfig reports configuration errors the same way rndc reload does [RT #39635] @@ -5,7 +8,7 @@ added +class as an unabbreviated alternative to +cl. [RT #39686] -4130. [bug] The compatability shim for *printf() misprinted some +4130. [bug] The compatibility shim for *printf() misprinted some large numbers. [RT #39586] 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] @@ -115,7 +118,7 @@ [RT #38056] 4072. [func] Add a --enable-querytrace configure switch for - very verbose query tracelogging. (This option + very verbose query trace logging. (This option has a negative performance impact and should be used only for debugging.) [RT #37520] @@ -8532,7 +8535,7 @@ on the responses. [RT #2454] 1208. [bug] dns_master_load*() failed to log a error message if - an error was detected when parsing the ownername of + an error was detected when parsing the owner name of a record. [RT #2448] 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 565e7e1d62..1d0b709336 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1420,7 +1420,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnskey_t *key) { */ static isc_boolean_t isselfsigned(dns_validator_t *val) { - dns_fixedname_t fixed; dns_rdataset_t *rdataset, *sigrdataset; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_t sigrdata = DNS_RDATA_INIT; @@ -1476,8 +1475,7 @@ isselfsigned(dns_validator_t *val) { result = dns_dnssec_verify3(name, rdataset, dstkey, ISC_TRUE, val->view->maxbits, - mctx, &sigrdata, - dns_fixedname_name(&fixed)); + mctx, &sigrdata, NULL); dst_key_free(&dstkey); if (result != ISC_R_SUCCESS) continue;