From cdd271b14aebc6a3f076eb82a016e0a4d0d4247a Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 2 Jul 2012 10:01:48 -0700
Subject: [PATCH] fix bad-cache assert

3346.	[security]	Bad-cache data could be used before it was
			initialized, causing an assert. [RT #30025]
---
 CHANGES            | 3 +++
 lib/dns/resolver.c | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3caa37ffd4..a291c8e03d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3346.	[security]	Bad-cache data could be used before it was
+			initialized, causing an assert. [RT #30025]
+
 3345.	[bug]		Addressed race condition when removing the last item
 			or inserting the first item in an ISC_QUEUE.
 			[RT #29539]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index f6ce93bdd4..d81de760e1 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -8452,6 +8452,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 			goto cleanup;
 		bad->type = type;
 		bad->hashval = hashval;
+		bad->expire = *expire;
 		isc_buffer_init(&buffer, bad + 1, name->length);
 		dns_name_init(&bad->name, NULL);
 		dns_name_copy(name, &bad->name, &buffer);
@@ -8463,8 +8464,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
 		if (resolver->badcount < resolver->badhash * 2 &&
 		    resolver->badhash > DNS_BADCACHE_SIZE)
 			resizehash(resolver, &now, ISC_FALSE);
-	}
-	bad->expire = *expire;
+	} else
+		bad->expire = *expire;
  cleanup:
 	UNLOCK(&resolver->lock);
 }