bind: CVE-2017-3136

Incorrect error handling causes assertion failure when using DNS64 with "break-dnssec yes;" Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-3136 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2017-09-27 11:02:15 +0200
committer: Adrian Dudau <adrian.dudau@enea.com> 2017-09-28 09:58:20 +0200
commit: cd8e084d9f7bb118f3d87a943852eef0f1a263d9 (patch)
tree: 2782140284fc77ecce5273a3686f7529149738be
parent: 0ff3df20f57ac50043641df84df5604c37fe8357 (diff)
download: meta-el-common-cd8e084d9f7bb118f3d87a943852eef0f1a263d9.tar.gz
2 files changed, 48 insertions, 0 deletions
diff --git a/recipes-connectivity/bind/bind/CVE-2017-3136.patch b/recipes-connectivity/bind/bind/CVE-2017-3136.patch
new file mode 100644
index 0000000..c47a6f7
--- /dev/null
+++ b/recipes-connectivity/bind/bind/CVE-2017-3136.patch
@@ -0,0 +1,47 @@
+From cdb44bbabefa96fceb9bca540f5112493756d593 Mon Sep 17 00:00:00 2001
+From: Sona Sarmadi <sona.sarmadi@enea.com>
+Date: Wed, 27 Sep 2017 09:45:10 +0200
+Subject: [PATCH] Dns64 with break-dnssec yes; can result in a assertion
+ failure.
+From 764240ca07ab1b796226d5402ccd9fbfa77ec32a Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Wed, 15 Feb 2017 12:18:51 +1100
+(cherry picked from commit 3bce12e4b6d37f570ffc7747b499f8b90e8521ac)
+CVE: CVE-2017-3136
+Upstream-Status: Backport [backport from remotes/origin/v9_10]
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ CHANGES           | 3 +++
+ bin/named/query.c | 1 +
+ 2 files changed, 4 insertions(+)
+diff --git a/CHANGES b/CHANGES
+index ec11967..ba27df0 100644
+--- a/CHANGES
+++ b/CHANGES
+@@ -1,3 +1,6 @@
+4575.  [security]      Dns64 with break-dnssec yes; can result in a
+                       assertion failure. (CVE-2017-3136) [RT #44653]
+
+ 4517.  [security]      Named could mishandle authority sections that were
+                        missing RRSIGs triggering an assertion failure.
+                        (CVE-2016-9444) [RT # 43632]
+diff --git a/bin/named/query.c b/bin/named/query.c
+index 1398776..48822ff 100644
+--- a/bin/named/query.c
+++ b/bin/named/query.c
+@@ -8149,6 +8149,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
+                        result = query_dns64(client, &fname, rdataset,
+                                             sigrdataset, dbuf,
+                                             DNS_SECTION_ANSWER);
+                       noqname = NULL;
+                        dns_rdataset_disassociate(rdataset);
+                        dns_message_puttemprdataset(client->message, &rdataset);
+                        if (result == ISC_R_NOMORE) {
+-- 
+1.9.1
diff --git a/recipes-connectivity/bind/bind_%.bbappend b/recipes-connectivity/bind/bind_%.bbappend
index 5730d2f..0461313 100644
--- a/recipes-connectivity/bind/bind_%.bbappend
+++ b/recipes-connectivity/bind/bind_%.bbappend
@@ -3,4 +3,5 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 SRC_URI += "file://CVE-2016-9444.patch \
            file://0001-fix-back-port-issue.patch \
            file://CVE-2017-3135.patch \
+            file://CVE-2017-3136.patch \
           "
author	Sona Sarmadi <sona.sarmadi@enea.com>	2017-09-27 11:02:15 +0200
committer	Adrian Dudau <adrian.dudau@enea.com>	2017-09-28 09:58:20 +0200
commit	cd8e084d9f7bb118f3d87a943852eef0f1a263d9 (patch)
tree	2782140284fc77ecce5273a3686f7529149738be
parent	0ff3df20f57ac50043641df84df5604c37fe8357 (diff)
download	meta-el-common-cd8e084d9f7bb118f3d87a943852eef0f1a263d9.tar.gz

diff --git a/recipes-connectivity/bind/bind/CVE-2017-3136.patch b/recipes-connectivity/bind/bind/CVE-2017-3136.patch new file mode 100644 index 0000000..c47a6f7 --- /dev/null +++ b/recipes-connectivity/bind/bind/CVE-2017-3136.patch
@@ -0,0 +1,47 @@
		1	From cdb44bbabefa96fceb9bca540f5112493756d593 Mon Sep 17 00:00:00 2001
		2	From: Sona Sarmadi <sona.sarmadi@enea.com>
		3	Date: Wed, 27 Sep 2017 09:45:10 +0200
		4	Subject: [PATCH] Dns64 with break-dnssec yes; can result in a assertion
		5	failure.
		6
		7	From 764240ca07ab1b796226d5402ccd9fbfa77ec32a Mon Sep 17 00:00:00 2001
		8	From: Mark Andrews <marka@isc.org>
		9	Date: Wed, 15 Feb 2017 12:18:51 +1100
		10
		11	(cherry picked from commit 3bce12e4b6d37f570ffc7747b499f8b90e8521ac)
		12
		13	CVE: CVE-2017-3136
		14	Upstream-Status: Backport [backport from remotes/origin/v9_10]
		15
		16	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
		17	---
		18	CHANGES \| 3 +++
		19	bin/named/query.c \| 1 +
		20	2 files changed, 4 insertions(+)
		21
		22	diff --git a/CHANGES b/CHANGES
		23	index ec11967..ba27df0 100644
		24	--- a/CHANGES
		25	+++ b/CHANGES
		26	@@ -1,3 +1,6 @@
		27	+4575. [security] Dns64 with break-dnssec yes; can result in a
		28	+ assertion failure. (CVE-2017-3136) [RT #44653]
		29	+
		30	4517. [security] Named could mishandle authority sections that were
		31	missing RRSIGs triggering an assertion failure.
		32	(CVE-2016-9444) [RT # 43632]
		33	diff --git a/bin/named/query.c b/bin/named/query.c
		34	index 1398776..48822ff 100644
		35	--- a/bin/named/query.c
		36	+++ b/bin/named/query.c
		37	@@ -8149,6 +8149,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)
		38	result = query_dns64(client, &fname, rdataset,
		39	sigrdataset, dbuf,
		40	DNS_SECTION_ANSWER);
		41	+ noqname = NULL;
		42	dns_rdataset_disassociate(rdataset);
		43	dns_message_puttemprdataset(client->message, &rdataset);
		44	if (result == ISC_R_NOMORE) {
		45	--
		46	1.9.1
		47


diff --git a/recipes-connectivity/bind/bind_%.bbappend b/recipes-connectivity/bind/bind_%.bbappend index 5730d2f..0461313 100644 --- a/recipes-connectivity/bind/bind_%.bbappend +++ b/recipes-connectivity/bind/bind_%.bbappend
@@ -3,4 +3,5 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3	SRC_URI += "file://CVE-2016-9444.patch \	3	SRC_URI += "file://CVE-2016-9444.patch \
4	file://0001-fix-back-port-issue.patch \	4	file://0001-fix-back-port-issue.patch \
5	file://CVE-2017-3135.patch \	5	file://CVE-2017-3135.patch \
		6	file://CVE-2017-3136.patch \
6	"	7	"