summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLi Zhou <li.zhou@windriver.com>2020-09-02 08:19:29 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-10 12:21:41 (GMT)
commit301132a6d0dbaf4b6d032681852fe1f4f3b776dc (patch)
tree6677236d4d7e0a23a7ad7fb42029a30c87a263fb
parentdc4767f775a31c3d04ae868ea22ed9e747c6d83c (diff)
downloadpoky-301132a6d0dbaf4b6d032681852fe1f4f3b776dc.tar.gz
bind: Security Advisory - bind - CVE-2020-8622
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/6ed167ad0a647dff20c8cb08c944a7967df2d415> to solve CVE-2020-8622. (From OE-Core rev: 64a2b62c41574bf4d45dd8ed447ee3b6c05fbd84) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch60
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.19.bb1
2 files changed, 61 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
new file mode 100644
index 0000000..dec5672
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
@@ -0,0 +1,60 @@
1From ca543240380475d888d660ea3296fc880ce52f35 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Wed, 15 Jul 2020 16:07:51 +1000
4Subject: [PATCH] bind: Always keep a copy of the message
5
6this allows it to be available even when dns_message_parse()
7returns a error.
8
9Upstream-Status: Backport
10CVE: CVE-2020-8622
11Signed-off-by: Li Zhou <li.zhou@windriver.com>
12---
13 lib/dns/message.c | 24 +++++++++++++-----------
14 1 file changed, 13 insertions(+), 11 deletions(-)
15
16diff --git a/lib/dns/message.c b/lib/dns/message.c
17index ac637a2..39ed80f 100644
18--- a/lib/dns/message.c
19+++ b/lib/dns/message.c
20@@ -1679,6 +1679,19 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
21 msg->header_ok = 0;
22 msg->question_ok = 0;
23
24+ if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0) {
25+ isc_buffer_usedregion(&origsource, &msg->saved);
26+ } else {
27+ msg->saved.length = isc_buffer_usedlength(&origsource);
28+ msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
29+ if (msg->saved.base == NULL) {
30+ return (ISC_R_NOMEMORY);
31+ }
32+ memmove(msg->saved.base, isc_buffer_base(&origsource),
33+ msg->saved.length);
34+ msg->free_saved = 1;
35+ }
36+
37 isc_buffer_remainingregion(source, &r);
38 if (r.length < DNS_MESSAGE_HEADERLEN)
39 return (ISC_R_UNEXPECTEDEND);
40@@ -1754,17 +1767,6 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
41 }
42
43 truncated:
44- if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0)
45- isc_buffer_usedregion(&origsource, &msg->saved);
46- else {
47- msg->saved.length = isc_buffer_usedlength(&origsource);
48- msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
49- if (msg->saved.base == NULL)
50- return (ISC_R_NOMEMORY);
51- memmove(msg->saved.base, isc_buffer_base(&origsource),
52- msg->saved.length);
53- msg->free_saved = 1;
54- }
55
56 if (ret == ISC_R_UNEXPECTEDEND && ignore_tc)
57 return (DNS_R_RECOVERABLE);
58--
591.9.1
60
diff --git a/meta/recipes-connectivity/bind/bind_9.11.19.bb b/meta/recipes-connectivity/bind/bind_9.11.19.bb
index a77be86..0bfd579 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.19.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.19.bb
@@ -18,6 +18,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
18 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ 18 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
19 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ 19 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
20 file://0001-avoid-start-failure-with-bind-user.patch \ 20 file://0001-avoid-start-failure-with-bind-user.patch \
21 file://CVE-2020-8622.patch \
21 " 22 "
22 23
23SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329" 24SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329"