1 files changed, 41 insertions, 0 deletions
diff --git a/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
new file mode 100644
index 0000000..31bc2b5
--- /dev/null
+++ b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
@@ -0,0 +1,41 @@
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 25 Oct 2017 11:19:19 +0200
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
+CVE: CVE-2017-15908
+Upstream-Status: Backport [https://launchpadlibrarian.net/342808615/resolved-fix-loop-on-packets-with-pseudo-dns-types.patch]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ src/resolve/resolved-dns-packet.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index e2f227bfc6..35f4d0689b 100644
+--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+ 
+                 found = true;
+ 
+-                while (bitmask) {
+                for (; bitmask; bit++, bitmask >>= 1)
+                         if (bitmap[i] & bitmask) {
+                                 uint16_t n;
+ 
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+                                 if (r < 0)
+                                         return r;
+                         }
+-
+-                        bit++;
+-                        bitmask >>= 1;
+-                }
+         }
+ 
+         if (!found)
+\ No newline at end of file

diff --git a/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch new file mode 100644 index 0000000..31bc2b5 --- /dev/null +++ b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
@@ -0,0 +1,41 @@
	1	From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
	3	Date: Wed, 25 Oct 2017 11:19:19 +0200
	4	Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
	5
	6	Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
	7
	8	https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
	9
	10	CVE: CVE-2017-15908
	11	Upstream-Status: Backport [https://launchpadlibrarian.net/342808615/resolved-fix-loop-on-packets-with-pseudo-dns-types.patch]
	12
	13	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	14	---
	15	src/resolve/resolved-dns-packet.c \| 6 +-----
	16	1 file changed, 1 insertion(+), 5 deletions(-)
	17
	18	diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
	19	index e2f227bfc6..35f4d0689b 100644
	20	--- a/src/resolve/resolved-dns-packet.c
	21	+++ b/src/resolve/resolved-dns-packet.c
	22	@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket p, Bitmap types, size_t sta
	23
	24	found = true;
	25
	26	- while (bitmask) {
	27	+ for (; bitmask; bit++, bitmask >>= 1)
	28	if (bitmap[i] & bitmask) {
	29	uint16_t n;
	30
	31	@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket p, Bitmap types, size_t sta
	32	if (r < 0)
	33	return r;
	34	}
	35	-
	36	- bit++;
	37	- bitmask >>= 1;
	38	- }
	39	}
	40
	41	if (!found) \ No newline at end of file