1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch b/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch
new file mode 100644
index 0000000000..0ef87fd260
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch
@@ -0,0 +1,31 @@
+From ef3d1a84ff807eea27b4fef601a15932c5ffbfbf Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Thu, 11 Aug 2022 15:15:34 +1000
+Subject: [PATCH 2/3] Free eckey on siglen mismatch
+Upstream-Status: Backport
+CVE: CVE-2022-38177
+Reference to upstream patch:
+https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590
+Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
+---
+ lib/dns/opensslecdsa_link.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
+index 83b5b51cd78c..7576e04ac635 100644
+--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
+@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
+                siglen = DNS_SIG_ECDSA384SIZE;
+ 
+        if (sig->length != siglen)
+-               return (DST_R_VERIFYFAILURE);
+               DST_RET(DST_R_VERIFYFAILURE);
+ 
+        if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
+                DST_RET (dst__openssl_toresult3(dctx->category,
+-- 
+2.34.1

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch b/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch new file mode 100644 index 0000000000..0ef87fd260 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch
@@ -0,0 +1,31 @@
	1	From ef3d1a84ff807eea27b4fef601a15932c5ffbfbf Mon Sep 17 00:00:00 2001
	2	From: Mark Andrews <marka@isc.org>
	3	Date: Thu, 11 Aug 2022 15:15:34 +1000
	4	Subject: [PATCH 2/3] Free eckey on siglen mismatch
	5
	6	Upstream-Status: Backport
	7	CVE: CVE-2022-38177
	8	Reference to upstream patch:
	9	https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590
	10
	11	Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
	12	---
	13	lib/dns/opensslecdsa_link.c \| 2 +-
	14	1 file changed, 1 insertion(+), 1 deletion(-)
	15
	16	diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
	17	index 83b5b51cd78c..7576e04ac635 100644
	18	--- a/lib/dns/opensslecdsa_link.c
	19	+++ b/lib/dns/opensslecdsa_link.c
	20	@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t dctx, const isc_region_t sig) {
	21	siglen = DNS_SIG_ECDSA384SIZE;
	22
	23	if (sig->length != siglen)
	24	- return (DST_R_VERIFYFAILURE);
	25	+ DST_RET(DST_R_VERIFYFAILURE);
	26
	27	if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
	28	DST_RET (dst__openssl_toresult3(dctx->category,
	29	--
	30	2.34.1
	31