From 0b00ab09795886b86b7b4bba2833e336dc6909a1 Mon Sep 17 00:00:00 2001
From: taca <taca@NetBSD.org>
Date: Fri, 6 May 2011 15:28:19 +0000
Subject: [PATCH] Apply fix by BIND 9.8.0-P1:
 https://www.isc.org/CVE-2011-1907.

---
 external/bsd/bind/dist/bin/named/query.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/external/bsd/bind/dist/bin/named/query.c b/external/bsd/bind/dist/bin/named/query.c
index b9f44747ebe2..6cc11f045cbc 100644
--- a/external/bsd/bind/dist/bin/named/query.c
+++ b/external/bsd/bind/dist/bin/named/query.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: query.c,v 1.2 2011/02/16 03:46:46 christos Exp $	*/
+/*	$NetBSD: query.c,v 1.3 2011/05/06 15:28:19 taca Exp $	*/
 
 /*
  * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
@@ -4089,9 +4089,15 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
 			if (dns_rdataset_isassociated(*rdatasetp))
 				dns_rdataset_disassociate(*rdatasetp);
 			dns_db_detachnode(*dbp, nodep);
-			result = dns_db_find(*dbp, qnamef, version, qtype, 0,
-					     client->now, nodep, found,
-					     *rdatasetp, NULL);
+
+			if (qtype == dns_rdatatype_rrsig ||
+			    qtype == dns_rdatatype_sig)
+				result = DNS_R_NXRRSET;
+			else 
+				result = dns_db_find(*dbp, qnamef, version,
+						     qtype, 0, client->now,
+						     nodep, found, *rdatasetp,
+						     NULL);
 		}
 	}
 	switch (result) {