summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorChangqing Li <changqing.li@windriver.com>2018-09-10 17:18:46 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-11 09:05:35 +0100
commitea8dfcf2d1739f1f539b6201ec42cfa91877ec04 (patch)
tree585ecb4dfdaec9e8b6499ea330019abd6b87cc5c /meta/recipes-connectivity
parentc0f6e29c2146c66dffee65d7d650fc906a57a26c (diff)
downloadpoky-ea8dfcf2d1739f1f539b6201ec42cfa91877ec04.tar.gz
bind: patch for CVE-2018-5740
(From OE-Core rev: bf81b4e5327134e131e3198adad68c74afb5e259) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch72
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.4.bb1
2 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
new file mode 100644
index 0000000000..7a2ba7eab6
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
@@ -0,0 +1,72 @@
1Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740]
2
3CVE: CVE-2018-5740
4
5Signed-off-by: Changqing Li <changqing.li@windriver.com>
6
7diff --git a/CHANGES b/CHANGES
8index 750b600..3d8d655 100644
9--- a/CHANGES
10+++ b/CHANGES
11@@ -1,3 +1,9 @@
12+ --- 9.11.4-P1 released ---
13+
14+4997. [security] named could crash during recursive processing
15+ of DNAME records when "deny-answer-aliases" was
16+ in use. (CVE-2018-5740) [GL #387]
17+
18 --- 9.11.4 released ---
19
20 --- 9.11.4rc2 released ---
21diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
22index 8f674a2..41d1385 100644
23--- a/lib/dns/resolver.c
24+++ b/lib/dns/resolver.c
25@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
26 unsigned int nlabels;
27 dns_fixedname_t fixed;
28 dns_name_t prefix;
29+ int order;
30
31 REQUIRE(rdataset != NULL);
32 REQUIRE(rdataset->type == dns_rdatatype_cname ||
33@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
34 tname = &cname.cname;
35 break;
36 case dns_rdatatype_dname:
37+ if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
38+ dns_namereln_subdomain)
39+ {
40+ return (ISC_TRUE);
41+ }
42 result = dns_rdata_tostruct(&rdata, &dname, NULL);
43 RUNTIME_CHECK(result == ISC_R_SUCCESS);
44 dns_name_init(&prefix, NULL);
45 tname = dns_fixedname_initname(&fixed);
46- nlabels = dns_name_countlabels(qname) -
47- dns_name_countlabels(rname);
48+ nlabels = dns_name_countlabels(rname);
49 dns_name_split(qname, nlabels, &prefix, NULL);
50 result = dns_name_concatenate(&prefix, &dname.dname, tname,
51 NULL);
52- if (result == DNS_R_NAMETOOLONG)
53+ if (result == DNS_R_NAMETOOLONG) {
54+ if (chainingp != NULL) {
55+ *chainingp = ISC_TRUE;
56+ }
57 return (ISC_TRUE);
58+ }
59 RUNTIME_CHECK(result == ISC_R_SUCCESS);
60 break;
61 default:
62@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) {
63 }
64 if ((ardataset->type == dns_rdatatype_cname ||
65 ardataset->type == dns_rdatatype_dname) &&
66- !is_answertarget_allowed(fctx, qname, aname, ardataset,
67+ type != ardataset->type &&
68+ type != dns_rdatatype_any &&
69+ !is_answertarget_allowed(fctx, qname, aname, ardataset,
70 NULL))
71 {
72 return (DNS_R_SERVFAIL);
diff --git a/meta/recipes-connectivity/bind/bind_9.11.4.bb b/meta/recipes-connectivity/bind/bind_9.11.4.bb
index d27068c64f..23c3aadf9c 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.4.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
19 file://0001-lib-dns-gen.c-fix-too-long-error.patch \ 19 file://0001-lib-dns-gen.c-fix-too-long-error.patch \
20 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ 20 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
21 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ 21 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
22 file://CVE-2018-5740.patch \
22" 23"
23 24
24SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36" 25SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36"