diff options
| author | Tudor Florea <tudor.florea@enea.com> | 2014-10-16 03:05:19 +0200 |
|---|---|---|
| committer | Tudor Florea <tudor.florea@enea.com> | 2014-10-16 03:05:19 +0200 |
| commit | c527fd1f14c27855a37f2e8ac5346ce8d940ced2 (patch) | |
| tree | bb002c1fdf011c41dbd2f0927bed23ecb5f83c97 /meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch | |
| download | poky-daisy-140929.tar.gz | |
initial commit for Enea Linux 4.0-140929daisy-140929
Migrated from the internal git server on the daisy-enea-point-release branch
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch')
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch new file mode 100644 index 0000000000..0abb475adc --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch | |||
| @@ -0,0 +1,119 @@ | |||
| 1 | bind_Fix_for_CVE-2012-5166 | ||
| 2 | |||
| 3 | Upstream-Status: Backport | ||
| 4 | |||
| 5 | Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg | ||
| 6 | -1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz | ||
| 7 | |||
| 8 | ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before | ||
| 9 | 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows | ||
| 10 | remote attackers to cause a denial of service (named daemon hang) | ||
| 11 | via unspecified combinations of resource records. | ||
| 12 | |||
| 13 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166 | ||
| 14 | |||
| 15 | Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> | ||
| 16 | diff -urpN a/bin/named/query.c b/bin/named/query.c | ||
| 17 | --- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800 | ||
| 18 | +++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800 | ||
| 19 | @@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d | ||
| 20 | mname = NULL; | ||
| 21 | } | ||
| 22 | |||
| 23 | - /* | ||
| 24 | - * If the dns_name_t we're looking up is already in the message, | ||
| 25 | - * we don't want to trigger the caller's name replacement logic. | ||
| 26 | - */ | ||
| 27 | - if (name == mname) | ||
| 28 | - mname = NULL; | ||
| 29 | - | ||
| 30 | *mnamep = mname; | ||
| 31 | |||
| 32 | CTRACE("query_isduplicate: false: done"); | ||
| 33 | @@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_ | ||
| 34 | if (dns_rdataset_isassociated(rdataset) && | ||
| 35 | !query_isduplicate(client, fname, type, &mname)) { | ||
| 36 | if (mname != NULL) { | ||
| 37 | + INSIST(mname != fname); | ||
| 38 | query_releasename(client, &fname); | ||
| 39 | fname = mname; | ||
| 40 | } else | ||
| 41 | @@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_ | ||
| 42 | mname = NULL; | ||
| 43 | if (!query_isduplicate(client, fname, | ||
| 44 | dns_rdatatype_a, &mname)) { | ||
| 45 | - if (mname != NULL) { | ||
| 46 | - query_releasename(client, &fname); | ||
| 47 | - fname = mname; | ||
| 48 | - } else | ||
| 49 | - need_addname = ISC_TRUE; | ||
| 50 | + if (mname != fname) { | ||
| 51 | + if (mname != NULL) { | ||
| 52 | + query_releasename(client, &fname); | ||
| 53 | + fname = mname; | ||
| 54 | + } else | ||
| 55 | + need_addname = ISC_TRUE; | ||
| 56 | + } | ||
| 57 | ISC_LIST_APPEND(fname->list, rdataset, link); | ||
| 58 | added_something = ISC_TRUE; | ||
| 59 | if (sigrdataset != NULL && | ||
| 60 | @@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_ | ||
| 61 | mname = NULL; | ||
| 62 | if (!query_isduplicate(client, fname, | ||
| 63 | dns_rdatatype_aaaa, &mname)) { | ||
| 64 | - if (mname != NULL) { | ||
| 65 | - query_releasename(client, &fname); | ||
| 66 | - fname = mname; | ||
| 67 | - } else | ||
| 68 | - need_addname = ISC_TRUE; | ||
| 69 | + if (mname != fname) { | ||
| 70 | + if (mname != NULL) { | ||
| 71 | + query_releasename(client, &fname); | ||
| 72 | + fname = mname; | ||
| 73 | + } else | ||
| 74 | + need_addname = ISC_TRUE; | ||
| 75 | + } | ||
| 76 | ISC_LIST_APPEND(fname->list, rdataset, link); | ||
| 77 | added_something = ISC_TRUE; | ||
| 78 | if (sigrdataset != NULL && | ||
| 79 | @@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name | ||
| 80 | crdataset->type == dns_rdatatype_aaaa) { | ||
| 81 | if (!query_isduplicate(client, fname, crdataset->type, | ||
| 82 | &mname)) { | ||
| 83 | - if (mname != NULL) { | ||
| 84 | - /* | ||
| 85 | - * A different type of this name is | ||
| 86 | - * already stored in the additional | ||
| 87 | - * section. We'll reuse the name. | ||
| 88 | - * Note that this should happen at most | ||
| 89 | - * once. Otherwise, fname->link could | ||
| 90 | - * leak below. | ||
| 91 | - */ | ||
| 92 | - INSIST(mname0 == NULL); | ||
| 93 | - | ||
| 94 | - query_releasename(client, &fname); | ||
| 95 | - fname = mname; | ||
| 96 | - mname0 = mname; | ||
| 97 | - } else | ||
| 98 | - need_addname = ISC_TRUE; | ||
| 99 | + if (mname != fname) { | ||
| 100 | + if (mname != NULL) { | ||
| 101 | + /* | ||
| 102 | + * A different type of this name is | ||
| 103 | + * already stored in the additional | ||
| 104 | + * section. We'll reuse the name. | ||
| 105 | + * Note that this should happen at most | ||
| 106 | + * once. Otherwise, fname->link could | ||
| 107 | + * leak below. | ||
| 108 | + */ | ||
| 109 | + INSIST(mname0 == NULL); | ||
| 110 | + | ||
| 111 | + query_releasename(client, &fname); | ||
| 112 | + fname = mname; | ||
| 113 | + mname0 = mname; | ||
| 114 | + } else | ||
| 115 | + need_addname = ISC_TRUE; | ||
| 116 | + } | ||
| 117 | ISC_LIST_UNLINK(cfname.list, crdataset, link); | ||
| 118 | ISC_LIST_APPEND(fname->list, crdataset, link); | ||
| 119 | added_something = ISC_TRUE; | ||