diff options
author | Armin Kuster <akuster@mvista.com> | 2015-09-12 15:17:26 -0700 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-11-12 11:01:18 +0100 |
commit | b6105680bfb85915e0012c456118441c4c74463d (patch) | |
tree | 179e8ae4340a8e0e7cedb2ca63590b907791a12d /meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch | |
parent | bf6c30908948b7bc9be1206fe88c09dc3f526387 (diff) | |
download | poky-b6105680bfb85915e0012c456118441c4c74463d.tar.gz |
bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722
three security fixes.
(From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch new file mode 100644 index 0000000000..1a5051e638 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned() | ||
2 | |||
3 | issue introduced by git commit | ||
4 | |||
5 | https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d | ||
6 | |||
7 | which is in this version of bind. | ||
8 | |||
9 | Upstream Status: Backport from Redhat | ||
10 | |||
11 | https://bugzilla.redhat.com/attachment.cgi?id=1044719 | ||
12 | |||
13 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
14 | |||
15 | Index: bind-9.9.5/lib/dns/validator.c | ||
16 | =================================================================== | ||
17 | --- bind-9.9.5.orig/lib/dns/validator.c | ||
18 | +++ bind-9.9.5/lib/dns/validator.c | ||
19 | @@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r | ||
20 | */ | ||
21 | static isc_boolean_t | ||
22 | isselfsigned(dns_validator_t *val) { | ||
23 | - dns_fixedname_t fixed; | ||
24 | dns_rdataset_t *rdataset, *sigrdataset; | ||
25 | dns_rdata_t rdata = DNS_RDATA_INIT; | ||
26 | dns_rdata_t sigrdata = DNS_RDATA_INIT; | ||
27 | @@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) { | ||
28 | result = dns_dnssec_verify3(name, rdataset, dstkey, | ||
29 | ISC_TRUE, | ||
30 | val->view->maxbits, | ||
31 | - mctx, &sigrdata, | ||
32 | - dns_fixedname_name(&fixed)); | ||
33 | + mctx, &sigrdata, NULL); | ||
34 | dst_key_free(&dstkey); | ||
35 | if (result != ISC_R_SUCCESS) | ||
36 | continue; | ||