summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
new file mode 100644
index 0000000000..1a5051e638
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
@@ -0,0 +1,36 @@
1CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
2
3issue introduced by git commit
4
5https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d
6
7which is in this version of bind.
8
9Upstream Status: Backport from Redhat
10
11https://bugzilla.redhat.com/attachment.cgi?id=1044719
12
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15Index: bind-9.9.5/lib/dns/validator.c
16===================================================================
17--- bind-9.9.5.orig/lib/dns/validator.c
18+++ bind-9.9.5/lib/dns/validator.c
19@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
20 */
21 static isc_boolean_t
22 isselfsigned(dns_validator_t *val) {
23- dns_fixedname_t fixed;
24 dns_rdataset_t *rdataset, *sigrdataset;
25 dns_rdata_t rdata = DNS_RDATA_INIT;
26 dns_rdata_t sigrdata = DNS_RDATA_INIT;
27@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
28 result = dns_dnssec_verify3(name, rdataset, dstkey,
29 ISC_TRUE,
30 val->view->maxbits,
31- mctx, &sigrdata,
32- dns_fixedname_name(&fixed));
33+ mctx, &sigrdata, NULL);
34 dst_key_free(&dstkey);
35 if (result != ISC_R_SUCCESS)
36 continue;