summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-01-22 08:38:51 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-01-22 16:20:44 (GMT)
commit36009b0af396f7a0920d5508e67cf58ff955478e (patch)
tree928a7a16f0481060a3b4676b3d58bb5a6c23f2f4
parent791bb999eef6da39d2160701f7d308e86113eefd (diff)
downloadpoky-36009b0af396f7a0920d5508e67cf58ff955478e.tar.gz
bind: CVE-2015-8704
A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. References: https://kb.isc.org/article/AA-01335 https://kb.isc.org/article/AA-00913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch48
-rw-r--r--meta/recipes-connectivity/bind/bind_9.9.5.bb1
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000..d3b8988
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,48 @@
1commit ea75187b4a656477f1f50ecc407e3352614a06f8
2Author: Mark Andrews <marka@isc.org>
3Date: Thu Dec 31 13:43:21 2015 +1100
4
5 4285. [security] Specific APL data could trigger a INSIST.
6 (CVE-2015-8704) [RT #41396]
7
8 (cherry picked from commit 1b3d21180244529f0099894fe9d29beb3f11efb3)
9
10Fixes: CVE-2015-8704
11Upstream Status: Backport from bind 9.9.8:
12 [ea75187b4a656477f1f50ecc407e3352614a06f8]
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16diff -ruN a/CHANGES b/CHANGES
17--- a/CHANGES 2016-01-20 08:25:33.023218819 +0100
18+++ b/CHANGES 2016-01-20 08:38:22.270736131 +0100
19@@ -1,5 +1,8 @@
20 --- 9.9.6-P2 released ---
21
22+4285. [security] Specific APL data could trigger a INSIST.
23+ (CVE-2015-8704) [RT #41396]
24+
25 4053. [security] Revoking a managed trust anchor and supplying
26 an untrusted replacement could cause named
27 to crash with an assertion failure.
28diff -ruN a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
29--- a/lib/dns/rdata/in_1/apl_42.c 2016-01-20 08:36:01.580676442 +0100
30+++ b/lib/dns/rdata/in_1/apl_42.c 2016-01-20 08:37:18.149443474 +0100
31@@ -116,7 +116,7 @@
32 isc_uint8_t len;
33 isc_boolean_t neg;
34 unsigned char buf[16];
35- char txt[sizeof(" !64000")];
36+ char txt[sizeof(" !64000:")];
37 const char *sep = "";
38 int n;
39
40@@ -140,7 +140,7 @@
41 isc_region_consume(&sr, 1);
42 INSIST(len <= sr.length);
43 n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
44- neg ? "!": "", afi);
45+ neg ? "!" : "", afi);
46 INSIST(n < (int)sizeof(txt));
47 RETERR(str_totext(txt, target));
48 switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 6e4878d..f8d28a4 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
23 file://CVE-2015-4620.patch \ 23 file://CVE-2015-4620.patch \
24 file://CVE-2015-5722.patch \ 24 file://CVE-2015-5722.patch \
25 file://CVE-2015-8000.patch \ 25 file://CVE-2015-8000.patch \
26 file://CVE-2015-8704.patch \
26 " 27 "
27 28
28SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" 29SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"