diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch deleted file mode 100644 index 5393063c56..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch +++ /dev/null | |||
@@ -1,90 +0,0 @@ | |||
1 | From 9d8aba8a7778721ae2cee6e4670a8e6be6590b05 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Andrews <marka@isc.org> | ||
3 | Date: Wed, 12 Oct 2016 19:52:59 +0900 | ||
4 | Subject: [PATCH] | ||
5 | 4406. [security] getrrsetbyname with a non absolute name could | ||
6 | trigger an infinite recursion bug in lwresd | ||
7 | and named with lwres configured if when combined | ||
8 | with a search list entry the resulting name is | ||
9 | too long. (CVE-2016-2775) [RT #42694] | ||
10 | |||
11 | Backport commit 38cc2d14e218e536e0102fa70deef99461354232 from the | ||
12 | v9.11.0_patch branch. | ||
13 | |||
14 | CVE: CVE-2016-2775 | ||
15 | Upstream-Status: Backport | ||
16 | |||
17 | Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> | ||
18 | |||
19 | --- | ||
20 | CHANGES | 6 ++++++ | ||
21 | bin/named/lwdgrbn.c | 16 ++++++++++------ | ||
22 | bin/tests/system/lwresd/lwtest.c | 9 ++++++++- | ||
23 | 3 files changed, 24 insertions(+), 7 deletions(-) | ||
24 | |||
25 | diff --git a/CHANGES b/CHANGES | ||
26 | index d2e3360..d0a9d12 100644 | ||
27 | --- a/CHANGES | ||
28 | +++ b/CHANGES | ||
29 | @@ -1,3 +1,9 @@ | ||
30 | +4406. [security] getrrsetbyname with a non absolute name could | ||
31 | + trigger an infinite recursion bug in lwresd | ||
32 | + and named with lwres configured if when combined | ||
33 | + with a search list entry the resulting name is | ||
34 | + too long. (CVE-2016-2775) [RT #42694] | ||
35 | + | ||
36 | 4322. [security] Duplicate EDNS COOKIE options in a response could | ||
37 | trigger an assertion failure. (CVE-2016-2088) | ||
38 | [RT #41809] | ||
39 | diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c | ||
40 | index 3e7b15b..e1e9adc 100644 | ||
41 | --- a/bin/named/lwdgrbn.c | ||
42 | +++ b/bin/named/lwdgrbn.c | ||
43 | @@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) { | ||
44 | INSIST(client->lookup == NULL); | ||
45 | |||
46 | dns_fixedname_init(&absname); | ||
47 | - result = ns_lwsearchctx_current(&client->searchctx, | ||
48 | - dns_fixedname_name(&absname)); | ||
49 | + | ||
50 | /* | ||
51 | - * This will return failure if relative name + suffix is too long. | ||
52 | - * In this case, just go on to the next entry in the search path. | ||
53 | + * Perform search across all search domains until success | ||
54 | + * is returned. Return in case of failure. | ||
55 | */ | ||
56 | - if (result != ISC_R_SUCCESS) | ||
57 | - start_lookup(client); | ||
58 | + while (ns_lwsearchctx_current(&client->searchctx, | ||
59 | + dns_fixedname_name(&absname)) != ISC_R_SUCCESS) { | ||
60 | + if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) { | ||
61 | + ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); | ||
62 | + return; | ||
63 | + } | ||
64 | + } | ||
65 | |||
66 | result = dns_lookup_create(cm->mctx, | ||
67 | dns_fixedname_name(&absname), | ||
68 | diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c | ||
69 | index ad9b551..3eb4a66 100644 | ||
70 | --- a/bin/tests/system/lwresd/lwtest.c | ||
71 | +++ b/bin/tests/system/lwresd/lwtest.c | ||
72 | @@ -768,7 +768,14 @@ main(void) { | ||
73 | test_getrrsetbyname("e.example1.", 1, 2, 1, 1, 1); | ||
74 | test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1); | ||
75 | test_getrrsetbyname("", 1, 1, 0, 0, 0); | ||
76 | - | ||
77 | + test_getrrsetbyname("123456789.123456789.123456789.123456789." | ||
78 | + "123456789.123456789.123456789.123456789." | ||
79 | + "123456789.123456789.123456789.123456789." | ||
80 | + "123456789.123456789.123456789.123456789." | ||
81 | + "123456789.123456789.123456789.123456789." | ||
82 | + "123456789.123456789.123456789.123456789." | ||
83 | + "123456789", 1, 1, 0, 0, 0); | ||
84 | + | ||
85 | if (fails == 0) | ||
86 | printf("I:ok\n"); | ||
87 | return (fails); | ||
88 | -- | ||
89 | 2.7.4 | ||
90 | |||