summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-04-07 12:27:27 +0200
committerSona Sarmadi <sona.sarmadi@enea.com>2016-04-08 12:32:32 +0200
commit71129828ff4cfda3d66aa9378be3c5a53f2beb8b (patch)
tree7a71ee4e6376fd06a3678251c8f3f6e5d7617f9a
parent4ddc912615a690b7f612517ac5a5b345c9f89f8e (diff)
downloadpoky-daisy-enea.tar.gz
bind: CVE-2016-1285 CVE-2016-1286daisy-enea
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=31e4657cf246e41d4c5c890315cb6cf89a0db25a CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=ce3cd91caee698cb144e1350c6c78292c6be6339 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch141
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch78
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch318
-rw-r--r--meta/recipes-connectivity/bind/bind/fix-typo-in-CVE-2016-1285.patch31
-rw-r--r--meta/recipes-connectivity/bind/bind_9.9.5.bb4
5 files changed, 572 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
new file mode 100644
index 0000000000..638ac2377f
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
@@ -0,0 +1,141 @@
1From 31e4657cf246e41d4c5c890315cb6cf89a0db25a Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Thu, 18 Feb 2016 12:11:27 +1100
4Subject: [PATCH] 4318. [security] Malformed control messages can
5trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
6
7(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
8
9CVE: CVE-2016-1285
10Upstream-Status: Backport
11
12[Skipped CHANGES and doc/arm/notes.xml changes.]
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16 CHANGES | 3 +++
17 bin/named/control.c | 2 +-
18 bin/named/controlconf.c | 2 +-
19 bin/rndc/rndc.c | 8 ++++----
20 doc/arm/notes.xml | 8 ++++++++
21 lib/isccc/cc.c | 14 +++++++-------
22 6 files changed, 24 insertions(+), 13 deletions(-)
23
24diff --git a/bin/named/control.c b/bin/named/control.c
25index 01fbe35..b1b744f 100644
26--- a/bin/named/control.c
27+++ b/bin/named/control.c
28@@ -89,7 +89,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
29 #endif
30
31 data = isccc_alist_lookup(message, "_data");
32- if (data == NULL) {
33+ if (!isccc_alist_alistp(data)) {
34 /*
35 * No data section.
36 */
37diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
38index 95feaf5..31bdc48 100644
39--- a/bin/named/controlconf.c
40+++ b/bin/named/controlconf.c
41@@ -397,7 +397,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
42 * Limit exposure to replay attacks.
43 */
44 _ctrl = isccc_alist_lookup(request, "_ctrl");
45- if (_ctrl == NULL) {
46+ if (!isccc_alist_alistp(_ctrl)) {
47 log_invalid(&conn->ccmsg, ISC_R_FAILURE);
48 goto cleanup_request;
49 }
50diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
51index c7d8fe1..ba3ac3a 100644
52--- a/bin/rndc/rndc.c
53+++ b/bin/rndc/rndc.c
54@@ -249,8 +249,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
55 DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
56
57 data = isccc_alist_lookup(response, "_data");
58- if (data == NULL)
59- fatal("no data section in response");
60+ if (!isccc_alist_alistp(data))
61+ fatal("bad or missing data section in response");
62 result = isccc_cc_lookupstring(data, "err", &errormsg);
63 if (result == ISC_R_SUCCESS) {
64 failed = ISC_TRUE;
65@@ -313,8 +313,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
66 DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
67
68 _ctrl = isccc_alist_lookup(response, "_ctrl");
69- if (_ctrl == NULL)
70- fatal("_ctrl section missing");
71+ if (!isccc_alist_alistp(_ctrl))
72+ fatal("bad or missing ctrl section in response");
73 nonce = 0;
74 if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
75 nonce = 0;
76
77diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
78index 9915568..ffcd584 100644
79--- a/lib/isccc/cc.c
80+++ b/lib/isccc/cc.c
81@@ -284,10 +284,10 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
82 * Extract digest.
83 */
84 _auth = isccc_alist_lookup(alist, "_auth");
85- if (_auth == NULL)
86+ if (!isccc_alist_alistp(_auth))
87 return (ISC_R_FAILURE);
88 hmd5 = isccc_alist_lookup(_auth, "hmd5");
89- if (hmd5 == NULL)
90+ if (!isccc_sexpr_binaryp(hmac))
91 return (ISC_R_FAILURE);
92 /*
93 * Compute digest.
94@@ -540,7 +540,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
95 REQUIRE(ackp != NULL && *ackp == NULL);
96
97 _ctrl = isccc_alist_lookup(message, "_ctrl");
98- if (_ctrl == NULL ||
99+ if (!isccc_alist_alistp(_ctrl) ||
100 isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
101 isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
102 return (ISC_R_FAILURE);
103@@ -584,7 +584,7 @@ isccc_cc_isack(isccc_sexpr_t *message) {
104 isccc_sexpr_t *_ctrl;
105
106 _ctrl = isccc_alist_lookup(message, "_ctrl");
107- if (_ctrl == NULL)
108+ if (!isccc_alist_alistp(_ctrl))
109 return (ISC_FALSE);
110 if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
111 return (ISC_TRUE);
112@@ -596,7 +596,7 @@ isccc_cc_isreply(isccc_sexpr_t *message) {
113 isccc_sexpr_t *_ctrl;
114
115 _ctrl = isccc_alist_lookup(message, "_ctrl");
116- if (_ctrl == NULL)
117+ if (!isccc_alist_alistp(_ctrl))
118 return (ISC_FALSE);
119 if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
120 return (ISC_TRUE);
121@@ -616,7 +616,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
122
123 _ctrl = isccc_alist_lookup(message, "_ctrl");
124 _data = isccc_alist_lookup(message, "_data");
125- if (_ctrl == NULL || _data == NULL ||
126+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
127 isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
128 isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
129 return (ISC_R_FAILURE);
130@@ -797,7 +797,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
131 isccc_sexpr_t *_ctrl;
132
133 _ctrl = isccc_alist_lookup(message, "_ctrl");
134- if (_ctrl == NULL ||
135+ if (!isccc_alist_alistp(_ctrl) ||
136 isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
137 isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
138 return (ISC_R_FAILURE);
139--
1401.9.1
141
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
new file mode 100644
index 0000000000..4a2c15ffc7
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
@@ -0,0 +1,78 @@
1From 76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 Mon Sep 17 00:00:00 2001
2From: Mukund Sivaraman <muks@isc.org>
3Date: Mon, 22 Feb 2016 12:22:43 +0530
4Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
5 (CVE-2016-1286) (#41753)
6
7(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
8(cherry picked from commit 456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3)
9
10CVE: CVE-2016-1286
11Upstream-Status: Backport
12
13[Skipped CHANGES and doc/arm/notes.xml changes.]
14
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16---
17 CHANGES | 4 ++++
18 doc/arm/notes.xml | 7 +++++++
19 lib/dns/resolver.c | 33 ++++++++++++++++++---------------
20 3 files changed, 29 insertions(+), 15 deletions(-)
21
22diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
23index 735f7d2..0602070 100644
24--- a/lib/dns/resolver.c
25+++ b/lib/dns/resolver.c
26@@ -6701,21 +6701,26 @@ answer_response(fetchctx_t *fctx) {
27 isc_boolean_t found_dname = ISC_FALSE;
28 dns_name_t *dname_name;
29
30+ /*
31+ * Only pass DNAME or RRSIG(DNAME).
32+ */
33+ if (rdataset->type != dns_rdatatype_dname &&
34+ (rdataset->type != dns_rdatatype_rrsig ||
35+ rdataset->covers != dns_rdatatype_dname))
36+ continue;
37+
38+ /*
39+ * If we're not chaining, then the DNAME and
40+ * its signature should not be external.
41+ */
42+ if (!chaining && external) {
43+ log_formerr(fctx, "external DNAME");
44+ return (DNS_R_FORMERR);
45+ }
46+
47 found = ISC_FALSE;
48 aflag = 0;
49 if (rdataset->type == dns_rdatatype_dname) {
50- /*
51- * We're looking for something else,
52- * but we found a DNAME.
53- *
54- * If we're not chaining, then the
55- * DNAME should not be external.
56- */
57- if (!chaining && external) {
58- log_formerr(fctx,
59- "external DNAME");
60- return (DNS_R_FORMERR);
61- }
62 found = ISC_TRUE;
63 want_chaining = ISC_TRUE;
64 POST(want_chaining);
65@@ -6744,9 +6749,7 @@ answer_response(fetchctx_t *fctx) {
66 &fctx->domain)) {
67 return (DNS_R_SERVFAIL);
68 }
69- } else if (rdataset->type == dns_rdatatype_rrsig
70- && rdataset->covers ==
71- dns_rdatatype_dname) {
72+ } else {
73 /*
74 * We've found a signature that
75 * covers the DNAME.
76--
771.9.1
78
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
new file mode 100644
index 0000000000..eba4ea3a67
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
@@ -0,0 +1,318 @@
1From ce3cd91caee698cb144e1350c6c78292c6be6339 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Mon, 29 Feb 2016 07:16:48 +1100
4Subject: [PATCH] Part 2 of: 4319. [security] Fix resolver assertion
5 failure due to improper DNAME handling when parsing
6 fetch reply messages. (CVE-2016-1286) [RT #41753]
7
8(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
9
10CVE: CVE-2016-1286
11Upstream-Status: Backport
12
13Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
14---
15 lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
16 1 file changed, 93 insertions(+), 99 deletions(-)
17
18diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
19index 0602070..273e06c 100644
20--- a/lib/dns/resolver.c
21+++ b/lib/dns/resolver.c
22@@ -5808,14 +5808,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
23 }
24
25 static inline isc_result_t
26-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
27- dns_name_t *oname, dns_fixedname_t *fixeddname)
28+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
29+ unsigned int nlabels, dns_fixedname_t *fixeddname)
30 {
31 isc_result_t result;
32 dns_rdata_t rdata = DNS_RDATA_INIT;
33- unsigned int nlabels;
34- int order;
35- dns_namereln_t namereln;
36 dns_rdata_dname_t dname;
37 dns_fixedname_t prefix;
38
39@@ -5830,21 +5827,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
40 if (result != ISC_R_SUCCESS)
41 return (result);
42
43- /*
44- * Get the prefix of qname.
45- */
46- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
47- if (namereln != dns_namereln_subdomain) {
48- char qbuf[DNS_NAME_FORMATSIZE];
49- char obuf[DNS_NAME_FORMATSIZE];
50-
51- dns_rdata_freestruct(&dname);
52- dns_name_format(qname, qbuf, sizeof(qbuf));
53- dns_name_format(oname, obuf, sizeof(obuf));
54- log_formerr(fctx, "unrelated DNAME in answer: "
55- "%s is not in %s", qbuf, obuf);
56- return (DNS_R_FORMERR);
57- }
58 dns_fixedname_init(&prefix);
59 dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
60 dns_fixedname_init(fixeddname);
61@@ -6470,13 +6452,13 @@ static isc_result_t
62 answer_response(fetchctx_t *fctx) {
63 isc_result_t result;
64 dns_message_t *message;
65- dns_name_t *name, *qname, tname, *ns_name;
66+ dns_name_t *name, *dname, *qname, tname, *ns_name;
67 dns_rdataset_t *rdataset, *ns_rdataset;
68 isc_boolean_t done, external, chaining, aa, found, want_chaining;
69 isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
70 unsigned int aflag;
71 dns_rdatatype_t type;
72- dns_fixedname_t dname, fqname;
73+ dns_fixedname_t fdname, fqname;
74 dns_view_t *view;
75
76 FCTXTRACE("answer_response");
77@@ -6504,10 +6486,15 @@ answer_response(fetchctx_t *fctx) {
78 view = fctx->res->view;
79 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
80 while (!done && result == ISC_R_SUCCESS) {
81+ dns_namereln_t namereln;
82+ int order;
83+ unsigned int nlabels;
84+
85 name = NULL;
86 dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
87 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
88- if (dns_name_equal(name, qname)) {
89+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
90+ if (namereln == dns_namereln_equal) {
91 wanted_chaining = ISC_FALSE;
92 for (rdataset = ISC_LIST_HEAD(name->list);
93 rdataset != NULL;
94@@ -6632,10 +6619,11 @@ answer_response(fetchctx_t *fctx) {
95 */
96 INSIST(!external);
97 if (aflag ==
98- DNS_RDATASETATTR_ANSWER)
99+ DNS_RDATASETATTR_ANSWER) {
100 have_answer = ISC_TRUE;
101- name->attributes |=
102- DNS_NAMEATTR_ANSWER;
103+ name->attributes |=
104+ DNS_NAMEATTR_ANSWER;
105+ }
106 rdataset->attributes |= aflag;
107 if (aa)
108 rdataset->trust =
109@@ -6690,6 +6678,8 @@ answer_response(fetchctx_t *fctx) {
110 if (wanted_chaining)
111 chaining = ISC_TRUE;
112 } else {
113+ dns_rdataset_t *dnameset = NULL;
114+
115 /*
116 * Look for a DNAME (or its SIG). Anything else is
117 * ignored.
118@@ -6697,10 +6687,8 @@ answer_response(fetchctx_t *fctx) {
119 wanted_chaining = ISC_FALSE;
120 for (rdataset = ISC_LIST_HEAD(name->list);
121 rdataset != NULL;
122- rdataset = ISC_LIST_NEXT(rdataset, link)) {
123- isc_boolean_t found_dname = ISC_FALSE;
124- dns_name_t *dname_name;
125-
126+ rdataset = ISC_LIST_NEXT(rdataset, link))
127+ {
128 /*
129 * Only pass DNAME or RRSIG(DNAME).
130 */
131@@ -6714,20 +6702,41 @@ answer_response(fetchctx_t *fctx) {
132 * its signature should not be external.
133 */
134 if (!chaining && external) {
135- log_formerr(fctx, "external DNAME");
136+ char qbuf[DNS_NAME_FORMATSIZE];
137+ char obuf[DNS_NAME_FORMATSIZE];
138+
139+ dns_name_format(name, qbuf,
140+ sizeof(qbuf));
141+ dns_name_format(&fctx->domain, obuf,
142+ sizeof(obuf));
143+ log_formerr(fctx, "external DNAME or "
144+ "RRSIG covering DNAME "
145+ "in answer: %s is "
146+ "not in %s", qbuf, obuf);
147+ return (DNS_R_FORMERR);
148+ }
149+
150+ if (namereln != dns_namereln_subdomain) {
151+ char qbuf[DNS_NAME_FORMATSIZE];
152+ char obuf[DNS_NAME_FORMATSIZE];
153+
154+ dns_name_format(qname, qbuf,
155+ sizeof(qbuf));
156+ dns_name_format(name, obuf,
157+ sizeof(obuf));
158+ log_formerr(fctx, "unrelated DNAME "
159+ "in answer: %s is "
160+ "not in %s", qbuf, obuf);
161 return (DNS_R_FORMERR);
162 }
163
164- found = ISC_FALSE;
165 aflag = 0;
166 if (rdataset->type == dns_rdatatype_dname) {
167- found = ISC_TRUE;
168 want_chaining = ISC_TRUE;
169 POST(want_chaining);
170 aflag = DNS_RDATASETATTR_ANSWER;
171- result = dname_target(fctx, rdataset,
172- qname, name,
173- &dname);
174+ result = dname_target(rdataset, qname,
175+ nlabels, &fdname);
176 if (result == ISC_R_NOSPACE) {
177 /*
178 * We can't construct the
179@@ -6739,14 +6748,12 @@ answer_response(fetchctx_t *fctx) {
180 } else if (result != ISC_R_SUCCESS)
181 return (result);
182 else
183- found_dname = ISC_TRUE;
184+ dnameset = rdataset;
185
186- dname_name = dns_fixedname_name(&dname);
187+ dname = dns_fixedname_name(&fdname);
188 if (!is_answertarget_allowed(view,
189- qname,
190- rdataset->type,
191- dname_name,
192- &fctx->domain)) {
193+ qname, rdataset->type,
194+ dname, &fctx->domain)) {
195 return (DNS_R_SERVFAIL);
196 }
197 } else {
198@@ -6754,73 +6761,60 @@ answer_response(fetchctx_t *fctx) {
199 * We've found a signature that
200 * covers the DNAME.
201 */
202- found = ISC_TRUE;
203 aflag = DNS_RDATASETATTR_ANSWERSIG;
204 }
205
206- if (found) {
207+ /*
208+ * We've found an answer to our
209+ * question.
210+ */
211+ name->attributes |= DNS_NAMEATTR_CACHE;
212+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
213+ rdataset->trust = dns_trust_answer;
214+ if (!chaining) {
215 /*
216- * We've found an answer to our
217- * question.
218+ * This data is "the" answer to
219+ * our question only if we're
220+ * not chaining.
221 */
222- name->attributes |=
223- DNS_NAMEATTR_CACHE;
224- rdataset->attributes |=
225- DNS_RDATASETATTR_CACHE;
226- rdataset->trust = dns_trust_answer;
227- if (!chaining) {
228- /*
229- * This data is "the" answer
230- * to our question only if
231- * we're not chaining.
232- */
233- INSIST(!external);
234- if (aflag ==
235- DNS_RDATASETATTR_ANSWER)
236- have_answer = ISC_TRUE;
237+ INSIST(!external);
238+ if (aflag == DNS_RDATASETATTR_ANSWER) {
239+ have_answer = ISC_TRUE;
240 name->attributes |=
241 DNS_NAMEATTR_ANSWER;
242- rdataset->attributes |= aflag;
243- if (aa)
244- rdataset->trust =
245- dns_trust_authanswer;
246- } else if (external) {
247- rdataset->attributes |=
248- DNS_RDATASETATTR_EXTERNAL;
249- }
250-
251- /*
252- * DNAME chaining.
253- */
254- if (found_dname) {
255- /*
256- * Copy the dname into the
257- * qname fixed name.
258- *
259- * Although we check for
260- * failure of the copy
261- * operation, in practice it
262- * should never fail since
263- * we already know that the
264- * result fits in a fixedname.
265- */
266- dns_fixedname_init(&fqname);
267- result = dns_name_copy(
268- dns_fixedname_name(&dname),
269- dns_fixedname_name(&fqname),
270- NULL);
271- if (result != ISC_R_SUCCESS)
272- return (result);
273- wanted_chaining = ISC_TRUE;
274- name->attributes |=
275- DNS_NAMEATTR_CHAINING;
276- rdataset->attributes |=
277- DNS_RDATASETATTR_CHAINING;
278- qname = dns_fixedname_name(
279- &fqname);
280 }
281+ rdataset->attributes |= aflag;
282+ if (aa)
283+ rdataset->trust =
284+ dns_trust_authanswer;
285+ } else if (external) {
286+ rdataset->attributes |=
287+ DNS_RDATASETATTR_EXTERNAL;
288 }
289 }
290+
291+ /*
292+ * DNAME chaining.
293+ */
294+ if (dnameset != NULL) {
295+ /*
296+ * Copy the dname into the qname fixed name.
297+ *
298+ * Although we check for failure of the copy
299+ * operation, in practice it should never fail
300+ * since we already know that the result fits
301+ * in a fixedname.
302+ */
303+ dns_fixedname_init(&fqname);
304+ qname = dns_fixedname_name(&fqname);
305+ result = dns_name_copy(dname, qname, NULL);
306+ if (result != ISC_R_SUCCESS)
307+ return (result);
308+ wanted_chaining = ISC_TRUE;
309+ name->attributes |= DNS_NAMEATTR_CHAINING;
310+ dnameset->attributes |=
311+ DNS_RDATASETATTR_CHAINING;
312+ }
313 if (wanted_chaining)
314 chaining = ISC_TRUE;
315 }
316--
3171.9.1
318
diff --git a/meta/recipes-connectivity/bind/bind/fix-typo-in-CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/fix-typo-in-CVE-2016-1285.patch
new file mode 100644
index 0000000000..5858c805df
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/fix-typo-in-CVE-2016-1285.patch
@@ -0,0 +1,31 @@
1From a078c9eeae8c2db7edf2b15ff1d25a3a297c7512 Mon Sep 17 00:00:00 2001
2From: Evan Hunt <each@isc.org>
3Date: Wed, 17 Feb 2016 19:13:22 -0800
4Subject: [PATCH] [v9_9] fix backport error
5
6This fixes typo in the:
7CVE-2016-1285.patch [upstream commit 31e4657cf246e41d4c5c890315cb6cf89a0db25a]
8
9Upstream-Status: Backport
10
11Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
12---
13 lib/isccc/cc.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
17index ffcd584..9c7d18c 100644
18--- a/lib/isccc/cc.c
19+++ b/lib/isccc/cc.c
20@@ -287,7 +287,7 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
21 if (!isccc_alist_alistp(_auth))
22 return (ISC_R_FAILURE);
23 hmd5 = isccc_alist_lookup(_auth, "hmd5");
24- if (!isccc_sexpr_binaryp(hmac))
25+ if (!isccc_sexpr_binaryp(hmd5))
26 return (ISC_R_FAILURE);
27 /*
28 * Compute digest.
29--
301.9.1
31
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 68f5367a4b..80e2ca6cf5 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -21,6 +21,10 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
21 file://CVE-2015-8000.patch \ 21 file://CVE-2015-8000.patch \
22 file://CVE-2015-8704.patch \ 22 file://CVE-2015-8704.patch \
23 file://CVE-2015-8461.patch \ 23 file://CVE-2015-8461.patch \
24 file://CVE-2016-1285.patch \
25 file://fix-typo-in-CVE-2016-1285.patch \
26 file://CVE-2016-1286_1.patch \
27 file://CVE-2016-1286_2.patch \
24 " 28 "
25 29
26SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" 30SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"