diff -up bind-9.3.6-P1/bin/named/query.c.CVE-2012-5166 bind-9.3.6-P1/bin/named/query.c --- bind-9.3.6-P1/bin/named/query.c.CVE-2012-5166 2012-10-10 02:18:11.120440792 +0200 +++ bind-9.3.6-P1/bin/named/query.c 2012-10-10 02:25:59.575599005 +0200 @@ -856,13 +856,6 @@ query_isduplicate(ns_client_t *client, d mname = NULL; } - /* - * If the dns_name_t we're looking up is already in the message, - * we don't want to trigger the caller's name replacement logic. - */ - if (name == mname) - mname = NULL; - *mnamep = mname; CTRACE("query_isduplicate: false: done"); @@ -1042,6 +1035,7 @@ query_addadditional(void *arg, dns_name_ if (dns_rdataset_isassociated(rdataset) && !query_isduplicate(client, fname, type, &mname)) { if (mname != NULL) { + INSIST(mname != fname); query_releasename(client, &fname); fname = mname; } else @@ -1102,11 +1096,13 @@ query_addadditional(void *arg, dns_name_ mname = NULL; if (!query_isduplicate(client, fname, dns_rdatatype_a, &mname)) { - if (mname != NULL) { - query_releasename(client, &fname); - fname = mname; - } else - need_addname = ISC_TRUE; + if (mname != fname) { + if (mname != NULL) { + query_releasename(client, &fname); + fname = mname; + } else + need_addname = ISC_TRUE; + } ISC_LIST_APPEND(fname->list, rdataset, link); added_something = ISC_TRUE; if (sigrdataset != NULL && @@ -1145,11 +1141,13 @@ query_addadditional(void *arg, dns_name_ mname = NULL; if (!query_isduplicate(client, fname, dns_rdatatype_aaaa, &mname)) { - if (mname != NULL) { - query_releasename(client, &fname); - fname = mname; - } else - need_addname = ISC_TRUE; + if (mname != fname) { + if (mname != NULL) { + query_releasename(client, &fname); + fname = mname; + } else + need_addname = ISC_TRUE; + } ISC_LIST_APPEND(fname->list, rdataset, link); added_something = ISC_TRUE; if (sigrdataset != NULL &&