diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000000..d5bf740e84 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | a buffer size check can cause denial of service under certain circumstances | ||
2 | |||
3 | [security] | ||
4 | The following flaw in BIND was reported by ISC: | ||
5 | |||
6 | A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. | ||
7 | |||
8 | A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | CVE: CVE-2015-8704 | ||
12 | |||
13 | [The patch is taken from BIND 9.10.3: | ||
14 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704] | ||
15 | |||
16 | Signed-off-by: Derek Straka <derek@asterius.io> | ||
17 | diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c | ||
18 | index bedd38e..28eb7f2 100644 | ||
19 | --- a/lib/dns/rdata/in_1/apl_42.c | ||
20 | +++ b/lib/dns/rdata/in_1/apl_42.c | ||
21 | @@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { | ||
22 | isc_uint8_t len; | ||
23 | isc_boolean_t neg; | ||
24 | unsigned char buf[16]; | ||
25 | - char txt[sizeof(" !64000")]; | ||
26 | + char txt[sizeof(" !64000:")]; | ||
27 | const char *sep = ""; | ||
28 | int n; | ||