6 files changed, 522 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch
new file mode 100644
index 0000000000..0abb475adc
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch
@@ -0,0 +1,119 @@
+bind_Fix_for_CVE-2012-5166
+Upstream-Status: Backport
+Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
+-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
+ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
+9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
+remote attackers to cause a denial of service (named daemon hang)
+via unspecified combinations of resource records.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/bin/named/query.c b/bin/named/query.c
+--- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800
+++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800
+@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
+                mname = NULL;
+        }
+ 
+-       /*
+-        * If the dns_name_t we're looking up is already in the message,
+-        * we don't want to trigger the caller's name replacement logic.
+-        */
+-       if (name == mname)
+-               mname = NULL;
+-
+        *mnamep = mname;
+ 
+        CTRACE("query_isduplicate: false: done");
+@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
+        if (dns_rdataset_isassociated(rdataset) &&
+            !query_isduplicate(client, fname, type, &mname)) {
+                if (mname != NULL) {
+                       INSIST(mname != fname);
+                        query_releasename(client, &fname);
+                        fname = mname;
+                } else
+@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
+                        mname = NULL;
+                        if (!query_isduplicate(client, fname,
+                                               dns_rdatatype_a, &mname)) {
+-                               if (mname != NULL) {
+-                                       query_releasename(client, &fname);
+-                                       fname = mname;
+-                               } else
+-                                       need_addname = ISC_TRUE;
+                               if (mname != fname) {
+                                       if (mname != NULL) {
+                                               query_releasename(client, &fname);
+                                               fname = mname;
+                                       } else
+                                               need_addname = ISC_TRUE;
+                               }
+                                ISC_LIST_APPEND(fname->list, rdataset, link);
+                                added_something = ISC_TRUE;
+                                if (sigrdataset != NULL &&
+@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
+                        mname = NULL;
+                        if (!query_isduplicate(client, fname,
+                                               dns_rdatatype_aaaa, &mname)) {
+-                               if (mname != NULL) {
+-                                       query_releasename(client, &fname);
+-                                       fname = mname;
+-                               } else
+-                                       need_addname = ISC_TRUE;
+                               if (mname != fname) {
+                                       if (mname != NULL) {
+                                               query_releasename(client, &fname);
+                                               fname = mname;
+                                       } else
+                                               need_addname = ISC_TRUE;
+                               }
+                                ISC_LIST_APPEND(fname->list, rdataset, link);
+                                added_something = ISC_TRUE;
+                                if (sigrdataset != NULL &&
+@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
+                    crdataset->type == dns_rdatatype_aaaa) {
+                        if (!query_isduplicate(client, fname, crdataset->type,
+                                               &mname)) {
+-                               if (mname != NULL) {
+-                                       /*
+-                                        * A different type of this name is
+-                                        * already stored in the additional
+-                                        * section.  We'll reuse the name.
+-                                        * Note that this should happen at most
+-                                        * once.  Otherwise, fname->link could
+-                                        * leak below.
+-                                        */
+-                                       INSIST(mname0 == NULL);
+-
+-                                       query_releasename(client, &fname);
+-                                       fname = mname;
+-                                       mname0 = mname;
+-                               } else
+-                                       need_addname = ISC_TRUE;
+                               if (mname != fname) {
+                                       if (mname != NULL) {
+                                               /*
+                                                * A different type of this name is
+                                                * already stored in the additional
+                                                * section.  We'll reuse the name.
+                                                * Note that this should happen at most
+                                                * once.  Otherwise, fname->link could
+                                                * leak below.
+                                                */
+                                               INSIST(mname0 == NULL);
+
+                                               query_releasename(client, &fname);
+                                               fname = mname;
+                                               mname0 = mname;
+                                       } else
+                                               need_addname = ISC_TRUE;
+                               }
+                                ISC_LIST_UNLINK(cfname.list, crdataset, link);
+                                ISC_LIST_APPEND(fname->list, crdataset, link);
+                                added_something = ISC_TRUE;
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch
new file mode 100644
index 0000000000..19d8df1c2d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch
@@ -0,0 +1,89 @@
+The patch to fix CVE-2011-4313
+Upstream-Status: Backport
+Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
+query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
+through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
+through 9.9.0b1 allows remote attackers to cause a denial of service
+(assertion failure and named exit) via unknown vectors related to recursive DNS
+queries, error logging, and the caching of an invalid record by the resolver.
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ bin/named/query.c |   19 ++++++++-----------
+ lib/dns/rbtdb.c   |    4 ++--
+ 2 files changed, 10 insertions(+), 13 deletions(-)
+--- a/bin/named/query.c
+++ b/bin/named/query.c
+@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
+                        goto addname;
+                if (result == DNS_R_NCACHENXRRSET) {
+                        dns_rdataset_disassociate(rdataset);
+-                       /*
+-                        * Negative cache entries don't have sigrdatasets.
+-                        */
+-                       INSIST(sigrdataset == NULL ||
+-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
+                }
+                if (result == ISC_R_SUCCESS) {
+                        mname = NULL;
+@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
+                        goto addname;
+                if (result == DNS_R_NCACHENXRRSET) {
+                        dns_rdataset_disassociate(rdataset);
+-                       INSIST(sigrdataset == NULL ||
+-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
+                }
+                if (result == ISC_R_SUCCESS) {
+                        mname = NULL;
+@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
+                goto setcache;
+        if (result == DNS_R_NCACHENXRRSET) {
+                dns_rdataset_disassociate(rdataset);
+-               /*
+-                * Negative cache entries don't have sigrdatasets.
+-                */
+-               INSIST(! dns_rdataset_isassociated(sigrdataset));
+               if (dns_rdataset_isassociated(sigrdataset))
+                       dns_rdataset_disassociate(sigrdataset);
+        }
+        if (result == ISC_R_SUCCESS) {
+                /* Remember the result as a cache */
+--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
+@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
+                              rdataset);
+                if (need_headerupdate(found, search.now))
+                        update = found;
+-               if (foundsig != NULL) {
+               if (!NEGATIVE(found) && foundsig != NULL) {
+                        bind_rdataset(search.rbtdb, node, foundsig, search.now,
+                                      sigrdataset);
+                        if (need_headerupdate(foundsig, search.now))
+@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
+        }
+        if (found != NULL) {
+                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-               if (foundsig != NULL)
+               if (!NEGATIVE(found) && foundsig != NULL)
+                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
+                                      sigrdataset);
+        }
+@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
+        }
+        if (found != NULL) {
+                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-               if (foundsig != NULL)
+               if (!NEGATIVE(found) && foundsig != NULL)
+                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
+                                      sigrdataset);
+        }
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch
new file mode 100644
index 0000000000..c441eab65d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch
@@ -0,0 +1,92 @@
+bind CVE-2012-1667
+Upstream-Status: Backport
+ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
+and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
+records with a zero-length RDATA section, which allows remote DNS servers to
+cause a denial of service (daemon crash or data corruption) or obtain
+sensitive information from process memory via a crafted record.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
+The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ lib/dns/rdata.c     |    8 ++++----
+ lib/dns/rdataslab.c |   11 ++++++++---
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
+index 063b1f6..9337a80 100644
+--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
+@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+        REQUIRE(rdata1 != NULL);
+        REQUIRE(rdata2 != NULL);
+-       REQUIRE(rdata1->data != NULL);
+-       REQUIRE(rdata2->data != NULL);
+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+        REQUIRE(rdata1 != NULL);
+        REQUIRE(rdata2 != NULL);
+-       REQUIRE(rdata1->data != NULL);
+-       REQUIRE(rdata2->data != NULL);
+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+index a41f16f..ed13b30 100644
+--- a/lib/dns/rdataslab.c
+++ b/lib/dns/rdataslab.c
+@@ -125,6 +125,11 @@ isc_result_t
+ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+                           isc_region_t *region, unsigned int reservelen)
+ {
+       /*
+        * Use &removed as a sentinal pointer for duplicate
+        * rdata as rdata.data == NULL is valid.
+        */
+       static unsigned char removed;
+        struct xrdata  *x;
+        unsigned char  *rawbuf;
+ #if DNS_RDATASET_FIXED
+@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+                INSIST(result == ISC_R_SUCCESS);
+                dns_rdata_init(&x[i].rdata);
+                dns_rdataset_current(rdataset, &x[i].rdata);
+               INSIST(x[i].rdata.data != &removed);
+ #if DNS_RDATASET_FIXED
+                x[i].order = i;
+ #endif
+@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+         */
+        for (i = 1; i < nalloc; i++) {
+                if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
+-                       x[i-1].rdata.data = NULL;
+-                       x[i-1].rdata.length = 0;
+                       x[i-1].rdata.data = &removed;
+ #if DNS_RDATASET_FIXED
+                        /*
+                         * Preserve the least order so A, B, A -> A, B
+@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ #endif
+ 
+        for (i = 0; i < nalloc; i++) {
+-               if (x[i].rdata.data == NULL)
+               if (x[i].rdata.data == &removed)
+                        continue;
+ #if DNS_RDATASET_FIXED
+                offsettable[x[i].order] = rawbuf - offsetbase;
+-- 
+1.7.0.5
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch
new file mode 100644
index 0000000000..1e159bd2f8
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch
@@ -0,0 +1,40 @@
+bind: fix for CVE-2012-3817
+Upstream-Status: Backport
+ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2;
+9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation
+is enabled, does not properly initialize the failing-query cache, which allows
+remote attackers to cause a denial of service (assertion failure and daemon exit)
+by sending many queries.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817
+This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package.
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ resolver.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
+@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t 
+                        goto cleanup;
+                bad->type = type;
+                bad->hashval = hashval;
+               bad->expire = *expire;
+                isc_buffer_init(&buffer, bad + 1, name->length);
+                dns_name_init(&bad->name, NULL);
+                dns_name_copy(name, &bad->name, &buffer);
+@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t 
+                if (resolver->badcount < resolver->badhash * 2 &&
+                    resolver->badhash > DNS_BADCACHE_SIZE)
+                        resizehash(resolver, &now, ISC_FALSE);
+-       }
+-       bad->expire = *expire;
+       } else
+               bad->expire = *expire;
+  cleanup:
+        UNLOCK(&resolver->lock);
+ }
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch
new file mode 100644
index 0000000000..7ec6deb714
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch
@@ -0,0 +1,41 @@
+bind: fix for CVE-2013-2266
+Upstream-Status: Backport
+libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
+9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
+remote attackers to cause a denial of service (memory consumption) via a
+crafted regular expression, as demonstrated by a memory-exhaustion attack
+against a machine running a named process.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ config.h.in  |    3 ---
+ configure.in |    2 +-
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+--- a/config.h.in
+++ b/config.h.in
+@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
+ /* Define if your OpenSSL version supports GOST. */
+ #undef HAVE_OPENSSL_GOST
+ 
+-/* Define to 1 if you have the <regex.h> header file. */
+-#undef HAVE_REGEX_H
+-
+ /* Define to 1 if you have the `setegid' function. */
+ #undef HAVE_SETEGID
+ 
+--- a/configure.in
+++ b/configure.in
+@@ -279,7 +279,7 @@ esac
+ 
+ AC_HEADER_STDC
+ 
+-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+ [$ac_includes_default
+ #ifdef HAVE_SYS_PARAM_H
+ # include <sys/param.h>
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch
new file mode 100644
index 0000000000..5dd6f69e45
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch
@@ -0,0 +1,141 @@
+bind_Fix_for_CVE-2012-4244
+Upstream-Status: Backport
+Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
+ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
+ and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
+cause a denial of service (assertion failure and named daemon exit) via
+a query for a long resource record.
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
+--- a/lib/dns/include/dns/rdata.h       2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/include/dns/rdata.h       2012-10-08 11:26:43.000000000 +0800
+@@ -147,6 +147,17 @@ struct dns_rdata {
+        (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
+ 
+ /*
+ * The maximum length of a RDATA that can be sent on the wire.
+ * Max packet size (65535) less header (12), less name (1), type (2),
+ * class (2), ttl(4), length (2).
+ *
+ * None of the defined types that support name compression can exceed
+ * this and all new types are to be sent uncompressed.
+ */
+
+#define DNS_RDATA_MAXLENGTH    65512U
+
+/*
+  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
+  * are used by masterfile-level formatting and defined elsewhere.
+  * See additional comments at dns_rdata_tofmttext().
+diff -urpN a/lib/dns/master.c b/lib/dns/master.c
+--- a/lib/dns/master.c  2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/master.c  2012-10-08 11:27:06.000000000 +0800
+@@ -75,7 +75,7 @@
+ /*%
+  * max message size - header - root - type - class - ttl - rdlen
+  */
+-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
+#define MINTSIZ DNS_RDATA_MAXLENGTH 
+ /*%
+  * Size for tokens in the presentation format,
+  * The largest tokens are the base64 blocks in KEY and CERT records,
+diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
+--- a/lib/dns/rdata.c   2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/rdata.c   2012-10-08 11:27:27.000000000 +0800
+@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+        isc_buffer_t st;
+        isc_boolean_t use_default = ISC_FALSE;
+        isc_uint32_t activelength;
+       size_t length;
+ 
+        REQUIRE(dctx != NULL);
+        if (rdata != NULL) {
+@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+        }
+ 
+        /*
+        * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
+        * as we cannot transmit it.
+        */
+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+               result = DNS_R_FORMERR;
+
+       /*
+         * We should have consumed all of our buffer.
+         */
+        if (result == ISC_R_SUCCESS && !buffer_empty(source))
+@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 
+        if (rdata != NULL && result == ISC_R_SUCCESS) {
+                region.base = isc_buffer_used(&st);
+-               region.length = isc_buffer_usedlength(target) -
+-                               isc_buffer_usedlength(&st);
+               region.length = length;
+                dns_rdata_fromregion(rdata, rdclass, type, &region);
+        }
+ 
+@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+        unsigned long line;
+        void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
+        isc_result_t tresult;
+       size_t length;
+ 
+        REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
+        if (rdata != NULL) {
+@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+                }
+        } while (1);
+ 
+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+               result = ISC_R_NOSPACE;
+
+        if (rdata != NULL && result == ISC_R_SUCCESS) {
+                region.base = isc_buffer_used(&st);
+-               region.length = isc_buffer_usedlength(target) -
+-                               isc_buffer_usedlength(&st);
+               region.length = length;
+                dns_rdata_fromregion(rdata, rdclass, type, &region);
+        }
+        if (result != ISC_R_SUCCESS) {
+@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+        isc_buffer_t st;
+        isc_region_t region;
+        isc_boolean_t use_default = ISC_FALSE;
+       size_t length;
+ 
+        REQUIRE(source != NULL);
+        if (rdata != NULL) {
+@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+        if (use_default)
+                (void)NULL;
+ 
+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+               result = ISC_R_NOSPACE;
+
+        if (rdata != NULL && result == ISC_R_SUCCESS) {
+                region.base = isc_buffer_used(&st);
+-               region.length = isc_buffer_usedlength(target) -
+-                               isc_buffer_usedlength(&st);
+               region.length = length;
+                dns_rdata_fromregion(rdata, rdclass, type, &region);
+        }
+        if (result != ISC_R_SUCCESS)
+diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+--- a/lib/dns/rdataslab.c       2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/rdataslab.c       2012-10-08 11:27:54.000000000 +0800
+@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
+                length = x[i].rdata.length;
+                if (rdataset->type == dns_rdatatype_rrsig)
+                        length++;
+               INSIST(length <= 0xffff);
+                *rawbuf++ = (length & 0xff00) >> 8;
+                *rawbuf++ = (length & 0x00ff);
+ #if DNS_RDATASET_FIXED

diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch new file mode 100644 index 0000000000..0abb475adc --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-9.8.1-CVE-2012-5166.patch
@@ -0,0 +1,119 @@
	1	bind_Fix_for_CVE-2012-5166
	2
	3	Upstream-Status: Backport
	4
	5	Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
	6	-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
	7
	8	ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
	9	9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
	10	remote attackers to cause a denial of service (named daemon hang)
	11	via unspecified combinations of resource records.
	12
	13	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
	14
	15	Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
	16	diff -urpN a/bin/named/query.c b/bin/named/query.c
	17	--- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800
	18	+++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800
	19	@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
	20	mname = NULL;
	21	}
	22
	23	- /*
	24	- * If the dns_name_t we're looking up is already in the message,
	25	- * we don't want to trigger the caller's name replacement logic.
	26	- */
	27	- if (name == mname)
	28	- mname = NULL;
	29	-
	30	*mnamep = mname;
	31
	32	CTRACE("query_isduplicate: false: done");
	33	@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
	34	if (dns_rdataset_isassociated(rdataset) &&
	35	!query_isduplicate(client, fname, type, &mname)) {
	36	if (mname != NULL) {
	37	+ INSIST(mname != fname);
	38	query_releasename(client, &fname);
	39	fname = mname;
	40	} else
	41	@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
	42	mname = NULL;
	43	if (!query_isduplicate(client, fname,
	44	dns_rdatatype_a, &mname)) {
	45	- if (mname != NULL) {
	46	- query_releasename(client, &fname);
	47	- fname = mname;
	48	- } else
	49	- need_addname = ISC_TRUE;
	50	+ if (mname != fname) {
	51	+ if (mname != NULL) {
	52	+ query_releasename(client, &fname);
	53	+ fname = mname;
	54	+ } else
	55	+ need_addname = ISC_TRUE;
	56	+ }
	57	ISC_LIST_APPEND(fname->list, rdataset, link);
	58	added_something = ISC_TRUE;
	59	if (sigrdataset != NULL &&
	60	@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
	61	mname = NULL;
	62	if (!query_isduplicate(client, fname,
	63	dns_rdatatype_aaaa, &mname)) {
	64	- if (mname != NULL) {
	65	- query_releasename(client, &fname);
	66	- fname = mname;
	67	- } else
	68	- need_addname = ISC_TRUE;
	69	+ if (mname != fname) {
	70	+ if (mname != NULL) {
	71	+ query_releasename(client, &fname);
	72	+ fname = mname;
	73	+ } else
	74	+ need_addname = ISC_TRUE;
	75	+ }
	76	ISC_LIST_APPEND(fname->list, rdataset, link);
	77	added_something = ISC_TRUE;
	78	if (sigrdataset != NULL &&
	79	@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
	80	crdataset->type == dns_rdatatype_aaaa) {
	81	if (!query_isduplicate(client, fname, crdataset->type,
	82	&mname)) {
	83	- if (mname != NULL) {
	84	- /*
	85	- * A different type of this name is
	86	- * already stored in the additional
	87	- * section. We'll reuse the name.
	88	- * Note that this should happen at most
	89	- * once. Otherwise, fname->link could
	90	- * leak below.
	91	- */
	92	- INSIST(mname0 == NULL);
	93	-
	94	- query_releasename(client, &fname);
	95	- fname = mname;
	96	- mname0 = mname;
	97	- } else
	98	- need_addname = ISC_TRUE;
	99	+ if (mname != fname) {
	100	+ if (mname != NULL) {
	101	+ /*
	102	+ * A different type of this name is
	103	+ * already stored in the additional
	104	+ * section. We'll reuse the name.
	105	+ * Note that this should happen at most
	106	+ * once. Otherwise, fname->link could
	107	+ * leak below.
	108	+ */
	109	+ INSIST(mname0 == NULL);
	110	+
	111	+ query_releasename(client, &fname);
	112	+ fname = mname;
	113	+ mname0 = mname;
	114	+ } else
	115	+ need_addname = ISC_TRUE;
	116	+ }
	117	ISC_LIST_UNLINK(cfname.list, crdataset, link);
	118	ISC_LIST_APPEND(fname->list, crdataset, link);
	119	added_something = ISC_TRUE;


diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch new file mode 100644 index 0000000000..19d8df1c2d --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2011-4313.patch
@@ -0,0 +1,89 @@
	1	The patch to fix CVE-2011-4313
	2
	3	Upstream-Status: Backport
	4
	5	Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
	6
	7	query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
	8	through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
	9	through 9.9.0b1 allows remote attackers to cause a denial of service
	10	(assertion failure and named exit) via unknown vectors related to recursive DNS
	11	queries, error logging, and the caching of an invalid record by the resolver.
	12
	13	Signed-off-by Ming Liu <ming.liu@windriver.com>
	14	---
	15	bin/named/query.c \| 19 ++++++++-----------
	16	lib/dns/rbtdb.c \| 4 ++--
	17	2 files changed, 10 insertions(+), 13 deletions(-)
	18
	19	--- a/bin/named/query.c
	20	+++ b/bin/named/query.c
	21	@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
	22	goto addname;
	23	if (result == DNS_R_NCACHENXRRSET) {
	24	dns_rdataset_disassociate(rdataset);
	25	- /*
	26	- * Negative cache entries don't have sigrdatasets.
	27	- */
	28	- INSIST(sigrdataset == NULL \|\|
	29	- ! dns_rdataset_isassociated(sigrdataset));
	30	+ if (sigrdataset != NULL &&
	31	+ dns_rdataset_isassociated(sigrdataset))
	32	+ dns_rdataset_disassociate(sigrdataset);
	33	}
	34	if (result == ISC_R_SUCCESS) {
	35	mname = NULL;
	36	@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
	37	goto addname;
	38	if (result == DNS_R_NCACHENXRRSET) {
	39	dns_rdataset_disassociate(rdataset);
	40	- INSIST(sigrdataset == NULL \|\|
	41	- ! dns_rdataset_isassociated(sigrdataset));
	42	+ if (sigrdataset != NULL &&
	43	+ dns_rdataset_isassociated(sigrdataset))
	44	+ dns_rdataset_disassociate(sigrdataset);
	45	}
	46	if (result == ISC_R_SUCCESS) {
	47	mname = NULL;
	48	@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
	49	goto setcache;
	50	if (result == DNS_R_NCACHENXRRSET) {
	51	dns_rdataset_disassociate(rdataset);
	52	- /*
	53	- * Negative cache entries don't have sigrdatasets.
	54	- */
	55	- INSIST(! dns_rdataset_isassociated(sigrdataset));
	56	+ if (dns_rdataset_isassociated(sigrdataset))
	57	+ dns_rdataset_disassociate(sigrdataset);
	58	}
	59	if (result == ISC_R_SUCCESS) {
	60	/* Remember the result as a cache */
	61	--- a/lib/dns/rbtdb.c
	62	+++ b/lib/dns/rbtdb.c
	63	@@ -5053,7 +5053,7 @@ cache_find(dns_db_t db, dns_name_t nam
	64	rdataset);
	65	if (need_headerupdate(found, search.now))
	66	update = found;
	67	- if (foundsig != NULL) {
	68	+ if (!NEGATIVE(found) && foundsig != NULL) {
	69	bind_rdataset(search.rbtdb, node, foundsig, search.now,
	70	sigrdataset);
	71	if (need_headerupdate(foundsig, search.now))
	72	@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
	73	}
	74	if (found != NULL) {
	75	bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
	76	- if (foundsig != NULL)
	77	+ if (!NEGATIVE(found) && foundsig != NULL)
	78	bind_rdataset(rbtdb, rbtnode, foundsig, now,
	79	sigrdataset);
	80	}
	81	@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
	82	}
	83	if (found != NULL) {
	84	bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
	85	- if (foundsig != NULL)
	86	+ if (!NEGATIVE(found) && foundsig != NULL)
	87	bind_rdataset(rbtdb, rbtnode, foundsig, now,
	88	sigrdataset);
	89	}


diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch new file mode 100644 index 0000000000..c441eab65d --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch
@@ -0,0 +1,92 @@
	1	bind CVE-2012-1667
	2
	3	Upstream-Status: Backport
	4
	5	ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
	6	and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
	7	records with a zero-length RDATA section, which allows remote DNS servers to
	8	cause a denial of service (daemon crash or data corruption) or obtain
	9	sensitive information from process memory via a crafted record.
	10
	11	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
	12
	13	The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
	14
	15	Signed-off-by: Li Wang <li.wang@windriver.com>
	16	---
	17	lib/dns/rdata.c \| 8 ++++----
	18	lib/dns/rdataslab.c \| 11 ++++++++---
	19	2 files changed, 12 insertions(+), 7 deletions(-)
	20
	21	diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
	22	index 063b1f6..9337a80 100644
	23	--- a/lib/dns/rdata.c
	24	+++ b/lib/dns/rdata.c
	25	@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t rdata1, const dns_rdata_t rdata2) {
	26
	27	REQUIRE(rdata1 != NULL);
	28	REQUIRE(rdata2 != NULL);
	29	- REQUIRE(rdata1->data != NULL);
	30	- REQUIRE(rdata2->data != NULL);
	31	+ REQUIRE(rdata1->length == 0 \|\| rdata1->data != NULL);
	32	+ REQUIRE(rdata2->length == 0 \|\| rdata2->data != NULL);
	33	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
	34	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
	35
	36	@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t rdata1, const dns_rdata_t rdata2) {
	37
	38	REQUIRE(rdata1 != NULL);
	39	REQUIRE(rdata2 != NULL);
	40	- REQUIRE(rdata1->data != NULL);
	41	- REQUIRE(rdata2->data != NULL);
	42	+ REQUIRE(rdata1->length == 0 \|\| rdata1->data != NULL);
	43	+ REQUIRE(rdata2->length == 0 \|\| rdata2->data != NULL);
	44	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
	45	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
	46
	47	diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
	48	index a41f16f..ed13b30 100644
	49	--- a/lib/dns/rdataslab.c
	50	+++ b/lib/dns/rdataslab.c
	51	@@ -125,6 +125,11 @@ isc_result_t
	52	dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
	53	isc_region_t *region, unsigned int reservelen)
	54	{
	55	+ /*
	56	+ * Use &removed as a sentinal pointer for duplicate
	57	+ * rdata as rdata.data == NULL is valid.
	58	+ */
	59	+ static unsigned char removed;
	60	struct xrdata *x;
	61	unsigned char *rawbuf;
	62	#if DNS_RDATASET_FIXED
	63	@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
	64	INSIST(result == ISC_R_SUCCESS);
	65	dns_rdata_init(&x[i].rdata);
	66	dns_rdataset_current(rdataset, &x[i].rdata);
	67	+ INSIST(x[i].rdata.data != &removed);
	68	#if DNS_RDATASET_FIXED
	69	x[i].order = i;
	70	#endif
	71	@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
	72	*/
	73	for (i = 1; i < nalloc; i++) {
	74	if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
	75	- x[i-1].rdata.data = NULL;
	76	- x[i-1].rdata.length = 0;
	77	+ x[i-1].rdata.data = &removed;
	78	#if DNS_RDATASET_FIXED
	79	/*
	80	* Preserve the least order so A, B, A -> A, B
	81	@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
	82	#endif
	83
	84	for (i = 0; i < nalloc; i++) {
	85	- if (x[i].rdata.data == NULL)
	86	+ if (x[i].rdata.data == &removed)
	87	continue;
	88	#if DNS_RDATASET_FIXED
	89	offsettable[x[i].order] = rawbuf - offsetbase;
	90	--
	91	1.7.0.5
	92


diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch new file mode 100644 index 0000000000..1e159bd2f8 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-3817.patch
@@ -0,0 +1,40 @@
	1	bind: fix for CVE-2012-3817
	2
	3	Upstream-Status: Backport
	4
	5	ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2;
	6	9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation
	7	is enabled, does not properly initialize the failing-query cache, which allows
	8	remote attackers to cause a denial of service (assertion failure and daemon exit)
	9	by sending many queries.
	10
	11	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817
	12
	13	This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package.
	14
	15	Signed-off-by: Ming Liu <ming.liu@windriver.com>
	16	---
	17	resolver.c \| 5 +++--
	18	1 file changed, 3 insertions(+), 2 deletions(-)
	19
	20	--- a/lib/dns/resolver.c
	21	+++ b/lib/dns/resolver.c
	22	@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t
	23	goto cleanup;
	24	bad->type = type;
	25	bad->hashval = hashval;
	26	+ bad->expire = *expire;
	27	isc_buffer_init(&buffer, bad + 1, name->length);
	28	dns_name_init(&bad->name, NULL);
	29	dns_name_copy(name, &bad->name, &buffer);
	30	@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t
	31	if (resolver->badcount < resolver->badhash * 2 &&
	32	resolver->badhash > DNS_BADCACHE_SIZE)
	33	resizehash(resolver, &now, ISC_FALSE);
	34	- }
	35	- bad->expire = *expire;
	36	+ } else
	37	+ bad->expire = *expire;
	38	cleanup:
	39	UNLOCK(&resolver->lock);
	40	}


diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch new file mode 100644 index 0000000000..7ec6deb714 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2013-2266.patch
@@ -0,0 +1,41 @@
	1	bind: fix for CVE-2013-2266
	2
	3	Upstream-Status: Backport
	4
	5	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
	6	9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
	7	remote attackers to cause a denial of service (memory consumption) via a
	8	crafted regular expression, as demonstrated by a memory-exhaustion attack
	9	against a machine running a named process.
	10
	11	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
	12
	13	Signed-off-by Ming Liu <ming.liu@windriver.com>
	14	---
	15	config.h.in \| 3 ---
	16	configure.in \| 2 +-
	17	2 files changed, 1 insertion(+), 4 deletions(-)
	18
	19	--- a/config.h.in
	20	+++ b/config.h.in
	21	@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
	22	/* Define if your OpenSSL version supports GOST. */
	23	#undef HAVE_OPENSSL_GOST
	24
	25	-/* Define to 1 if you have the <regex.h> header file. */
	26	-#undef HAVE_REGEX_H
	27	-
	28	/* Define to 1 if you have the `setegid' function. */
	29	#undef HAVE_SETEGID
	30
	31	--- a/configure.in
	32	+++ b/configure.in
	33	@@ -279,7 +279,7 @@ esac
	34
	35	AC_HEADER_STDC
	36
	37	-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
	38	+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
	39	[$ac_includes_default
	40	#ifdef HAVE_SYS_PARAM_H
	41	# include <sys/param.h>


diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch new file mode 100644 index 0000000000..5dd6f69e45 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-Fix-CVE-2012-4244.patch
@@ -0,0 +1,141 @@
	1	bind_Fix_for_CVE-2012-4244
	2
	3	Upstream-Status: Backport
	4
	5	Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
	6
	7	ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
	8	and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
	9	cause a denial of service (assertion failure and named daemon exit) via
	10	a query for a long resource record.
	11
	12	Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
	13
	14	diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
	15	--- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800
	16	+++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800
	17	@@ -147,6 +147,17 @@ struct dns_rdata {
	18	(((rdata)->flags & ~(DNS_RDATA_UPDATE\|DNS_RDATA_OFFLINE)) == 0)
	19
	20	/*
	21	+ * The maximum length of a RDATA that can be sent on the wire.
	22	+ * Max packet size (65535) less header (12), less name (1), type (2),
	23	+ * class (2), ttl(4), length (2).
	24	+ *
	25	+ * None of the defined types that support name compression can exceed
	26	+ * this and all new types are to be sent uncompressed.
	27	+ */
	28	+
	29	+#define DNS_RDATA_MAXLENGTH 65512U
	30	+
	31	+/*
	32	* Flags affecting rdata formatting style. Flags 0xFFFF0000
	33	* are used by masterfile-level formatting and defined elsewhere.
	34	* See additional comments at dns_rdata_tofmttext().
	35	diff -urpN a/lib/dns/master.c b/lib/dns/master.c
	36	--- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800
	37	+++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800
	38	@@ -75,7 +75,7 @@
	39	/*%
	40	* max message size - header - root - type - class - ttl - rdlen
	41	*/
	42	-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
	43	+#define MINTSIZ DNS_RDATA_MAXLENGTH
	44	/*%
	45	* Size for tokens in the presentation format,
	46	* The largest tokens are the base64 blocks in KEY and CERT records,
	47	diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
	48	--- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800
	49	+++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800
	50	@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
	51	isc_buffer_t st;
	52	isc_boolean_t use_default = ISC_FALSE;
	53	isc_uint32_t activelength;
	54	+ size_t length;
	55
	56	REQUIRE(dctx != NULL);
	57	if (rdata != NULL) {
	58	@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
	59	}
	60
	61	/*
	62	+ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
	63	+ * as we cannot transmit it.
	64	+ */
	65	+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
	66	+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
	67	+ result = DNS_R_FORMERR;
	68	+
	69	+ /*
	70	* We should have consumed all of our buffer.
	71	*/
	72	if (result == ISC_R_SUCCESS && !buffer_empty(source))
	73	@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
	74
	75	if (rdata != NULL && result == ISC_R_SUCCESS) {
	76	region.base = isc_buffer_used(&st);
	77	- region.length = isc_buffer_usedlength(target) -
	78	- isc_buffer_usedlength(&st);
	79	+ region.length = length;
	80	dns_rdata_fromregion(rdata, rdclass, type, &region);
	81	}
	82
	83	@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
	84	unsigned long line;
	85	void (callback)(dns_rdatacallbacks_t , const char *, ...);
	86	isc_result_t tresult;
	87	+ size_t length;
	88
	89	REQUIRE(origin == NULL \|\| dns_name_isabsolute(origin) == ISC_TRUE);
	90	if (rdata != NULL) {
	91	@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
	92	}
	93	} while (1);
	94
	95	+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
	96	+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
	97	+ result = ISC_R_NOSPACE;
	98	+
	99	if (rdata != NULL && result == ISC_R_SUCCESS) {
	100	region.base = isc_buffer_used(&st);
	101	- region.length = isc_buffer_usedlength(target) -
	102	- isc_buffer_usedlength(&st);
	103	+ region.length = length;
	104	dns_rdata_fromregion(rdata, rdclass, type, &region);
	105	}
	106	if (result != ISC_R_SUCCESS) {
	107	@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
	108	isc_buffer_t st;
	109	isc_region_t region;
	110	isc_boolean_t use_default = ISC_FALSE;
	111	+ size_t length;
	112
	113	REQUIRE(source != NULL);
	114	if (rdata != NULL) {
	115	@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
	116	if (use_default)
	117	(void)NULL;
	118
	119	+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
	120	+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
	121	+ result = ISC_R_NOSPACE;
	122	+
	123	if (rdata != NULL && result == ISC_R_SUCCESS) {
	124	region.base = isc_buffer_used(&st);
	125	- region.length = isc_buffer_usedlength(target) -
	126	- isc_buffer_usedlength(&st);
	127	+ region.length = length;
	128	dns_rdata_fromregion(rdata, rdclass, type, &region);
	129	}
	130	if (result != ISC_R_SUCCESS)
	131	diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
	132	--- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800
	133	+++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800
	134	@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
	135	length = x[i].rdata.length;
	136	if (rdataset->type == dns_rdatatype_rrsig)
	137	length++;
	138	+ INSIST(length <= 0xffff);
	139	*rawbuf++ = (length & 0xff00) >> 8;
	140	*rawbuf++ = (length & 0x00ff);
	141	#if DNS_RDATASET_FIXED