bind: Security fix CVE-2015-8704

CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c (From OE-Core rev: 600c1d2beb64e23123e478051537b917f5d4a8a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-02-06 15:15:02 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-07 17:23:06 +0000
commit: db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8 (patch)
tree: 5427cd3b97ea22fff3e9890520425315a2680dc5
parent: 092903a2ef92627e93cd26dda4583db7bc0288a3 (diff)
download: poky-db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8.tar.gz
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000000..7f28e4496a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+https://bugzilla.redhat.com/attachment.cgi?id=1115781
+CVE: CVE-2015-8704
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
+++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+        isc_uint8_t len;
+        isc_boolean_t neg;
+        unsigned char buf[16];
+-       char txt[sizeof(" !64000")];
+       char txt[sizeof(" !64000:")];
+        const char *sep = "";
+        int n;
+ 
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+                isc_region_consume(&sr, 1);
+                INSIST(len <= sr.length);
+                n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-                            neg ? "!": "", afi);
+                            neg ? "!" : "", afi);
+                INSIST(n < (int)sizeof(txt));
+                RETERR(str_totext(txt, target));
+                switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 79b0397a56..a904d6ebbe 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
           file://CVE-2015-4620.patch \
           file://CVE-2015-5722.patch \
           file://CVE-2015-8000.patch \
+           file://CVE-2015-8704.patch \
           "
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
author	Armin Kuster <akuster@mvista.com>	2016-02-06 15:15:02 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:06 +0000
commit	db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8 (patch)
tree	5427cd3b97ea22fff3e9890520425315a2680dc5
parent	092903a2ef92627e93cd26dda4583db7bc0288a3 (diff)
download	poky-db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8.tar.gz

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000000..7f28e4496a --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,29 @@
		1	Upstream-Status: Backport
		2
		3	https://bugzilla.redhat.com/attachment.cgi?id=1115781
		4
		5	CVE: CVE-2015-8704
		6	Signed-off-by: Armin Kuster <akuster@mvista.com>
		7
		8	Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
		9	===================================================================
		10	--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
		11	+++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
		12	@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
		13	isc_uint8_t len;
		14	isc_boolean_t neg;
		15	unsigned char buf[16];
		16	- char txt[sizeof(" !64000")];
		17	+ char txt[sizeof(" !64000:")];
		18	const char *sep = "";
		19	int n;
		20
		21	@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
		22	isc_region_consume(&sr, 1);
		23	INSIST(len <= sr.length);
		24	n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
		25	- neg ? "!": "", afi);
		26	+ neg ? "!" : "", afi);
		27	INSIST(n < (int)sizeof(txt));
		28	RETERR(str_totext(txt, target));
		29	switch (afi) {


diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index 79b0397a56..a904d6ebbe 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
26	file://CVE-2015-4620.patch \	26	file://CVE-2015-4620.patch \
27	file://CVE-2015-5722.patch \	27	file://CVE-2015-5722.patch \
28	file://CVE-2015-8000.patch \	28	file://CVE-2015-8000.patch \
		29	file://CVE-2015-8704.patch \
29	"	30	"
30		31
31	SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"	32	SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"