1 files changed, 53 insertions, 0 deletions

diff --git a/bind-9.16-CVE-2022-3736.patch b/bind-9.16-CVE-2022-3736.patch
new file mode 100644
index 0000000..606c22f
--- /dev/null
+++ b/bind-9.16-CVE-2022-3736.patch
@@ -0,0 +1,53 @@
+From 1b6590eafce064cbf70f5afc2fe4d6f1bfdc3804 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Thu, 27 Oct 2022 13:22:11 +1100
+Subject: [PATCH] Move the mapping of SIG and RRSIG to ANY
+
+dns_db_findext() asserts if RRSIG is passed to it and
+query_lookup_stale() failed to map RRSIG to ANY to prevent this.  To
+avoid cases like this in the future, move the mapping of SIG and RRSIG
+to ANY for qctx->type to qctx_init().
+
+(cherry picked from commit 56eae064183488bcf7ff08c3edf59f2e1742c1b6)
+---
+ lib/ns/query.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/lib/ns/query.c b/lib/ns/query.c
+index a450cb7..f66bab4 100644
+--- a/lib/ns/query.c
++++ b/lib/ns/query.c
+@@ -5103,6 +5103,15 @@ qctx_init(ns_client_t *client, dns_fetchevent_t **eventp, dns_rdatatype_t qtype,
+ 	qctx->result = ISC_R_SUCCESS;
+ 	qctx->findcoveringnsec = qctx->view->synthfromdnssec;
+ 
++	/*
++	 * If it's an RRSIG or SIG query, we'll iterate the node.
++	 */
++	if (qctx->qtype == dns_rdatatype_rrsig ||
++	    qctx->qtype == dns_rdatatype_sig)
++	{
++		qctx->type = dns_rdatatype_any;
++	}
++
+ 	CALL_HOOK_NORETURN(NS_QUERY_QCTX_INITIALIZED, qctx);
+ }
+ 
+@@ -5243,14 +5252,6 @@ query_setup(ns_client_t *client, dns_rdatatype_t qtype) {
+ 
+ 	CALL_HOOK(NS_QUERY_SETUP, &qctx);
+ 
+-	/*
+-	 * If it's a SIG query, we'll iterate the node.
+-	 */
+-	if (qctx.qtype == dns_rdatatype_rrsig ||
+-	    qctx.qtype == dns_rdatatype_sig) {
+-		qctx.type = dns_rdatatype_any;
+-	}
+-
+ 	/*
+ 	 * Check SERVFAIL cache
+ 	 */
+-- 
+2.39.1
+