From 5c974b3074a13b17ebeed33fd00bad131991c6d8 Mon Sep 17 00:00:00 2001
From: spz <spz@NetBSD.org>
Date: Tue, 14 Jan 2014 08:03:07 +0000
Subject: [PATCH] a fix by ISC for CVE-2014-0591: 3693.  [security]      memcpy
 was incorrectly called with overlapping                        ranges
 resulting in malformed names being generated                        on some
 platforms.  This could cause INSIST failures                        when
 serving NSEC3 signed zones.  [RT #35120]

---
 external/bsd/bind/dist/bin/named/query.c | 21 +++++++++++++--------
 external/bsd/bind/dist/version           |  4 ++--
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/external/bsd/bind/dist/bin/named/query.c b/external/bsd/bind/dist/bin/named/query.c
index 74330aff1656..01db4e633dbf 100644
--- a/external/bsd/bind/dist/bin/named/query.c
+++ b/external/bsd/bind/dist/bin/named/query.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: query.c,v 1.12 2013/12/31 20:24:39 christos Exp $	*/
+/*	$NetBSD: query.c,v 1.13 2014/01/14 08:03:07 spz Exp $	*/
 
 /*
  * Copyright (C) 2004-2013  Internet Systems Consortium, Inc. ("ISC")
@@ -5263,8 +5263,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
 	dns_fixedname_t fixed;
 	dns_hash_t hash;
 	dns_name_t name;
-	int order;
-	unsigned int count;
+	unsigned int skip = 0, labels;
 	dns_rdata_nsec3_t nsec3;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	isc_boolean_t optout;
@@ -5279,6 +5278,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
 
 	dns_name_init(&name, NULL);
 	dns_name_clone(qname, &name);
+	labels = dns_name_countlabels(&name);
 	dns_clientinfomethods_init(&cm, ns_client_sourceip);
 	dns_clientinfo_init(&ci, client);
 
@@ -5312,13 +5312,14 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
 		dns_rdata_reset(&rdata);
 		optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
 		if (found != NULL && optout &&
-		    dns_name_fullcompare(&name, dns_db_origin(db), &order,
-					 &count) == dns_namereln_subdomain) {
+		    dns_name_issubdomain(&name, dns_db_origin(db)))
+		{
 			dns_rdataset_disassociate(rdataset);
 			if (dns_rdataset_isassociated(sigrdataset))
 				dns_rdataset_disassociate(sigrdataset);
-			count = dns_name_countlabels(&name) - 1;
-			dns_name_getlabelsequence(&name, 1, count, &name);
+			skip++;
+			dns_name_getlabelsequence(qname, skip, labels - skip,
+			                          &name);
 			ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
 				      NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
 				      "looking for closest provable encloser");
@@ -5336,7 +5337,11 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
 		ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
 			      NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
 			      "expected covering NSEC3, got an exact match");
-	if (found != NULL)
+	if (found == qname) {
+		if (skip != 0U)
+			dns_name_getlabelsequence(qname, skip, labels - skip,
+			                          found);
+	} else if (found != NULL)
 		dns_name_copy(&name, found, NULL);
 	return;
 }
diff --git a/external/bsd/bind/dist/version b/external/bsd/bind/dist/version
index 18b6ebe99c1f..391d0ca73a6b 100644
--- a/external/bsd/bind/dist/version
+++ b/external/bsd/bind/dist/version
@@ -4,10 +4,10 @@
 # configure.
 #
 PRODUCT=BIND
-DESCRIPTION="(Extended Support Version)"
+DESCRIPTION="(Development release)"
 MAJORVER=9
 MINORVER=9
 PATCHVER=5
 RELEASETYPE=b
 RELEASEVER=1
-EXTENSIONS=
+EXTENSIONS=nb1