summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch89
1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
new file mode 100644
index 0000000000..19d8df1c2d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
@@ -0,0 +1,89 @@
1The patch to fix CVE-2011-4313
2
3Upstream-Status: Backport
4
5Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
6
7query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
8through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
9through 9.9.0b1 allows remote attackers to cause a denial of service
10(assertion failure and named exit) via unknown vectors related to recursive DNS
11queries, error logging, and the caching of an invalid record by the resolver.
12
13Signed-off-by Ming Liu <ming.liu@windriver.com>
14---
15 bin/named/query.c | 19 ++++++++-----------
16 lib/dns/rbtdb.c | 4 ++--
17 2 files changed, 10 insertions(+), 13 deletions(-)
18
19--- a/bin/named/query.c
20+++ b/bin/named/query.c
21@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
22 goto addname;
23 if (result == DNS_R_NCACHENXRRSET) {
24 dns_rdataset_disassociate(rdataset);
25- /*
26- * Negative cache entries don't have sigrdatasets.
27- */
28- INSIST(sigrdataset == NULL ||
29- ! dns_rdataset_isassociated(sigrdataset));
30+ if (sigrdataset != NULL &&
31+ dns_rdataset_isassociated(sigrdataset))
32+ dns_rdataset_disassociate(sigrdataset);
33 }
34 if (result == ISC_R_SUCCESS) {
35 mname = NULL;
36@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
37 goto addname;
38 if (result == DNS_R_NCACHENXRRSET) {
39 dns_rdataset_disassociate(rdataset);
40- INSIST(sigrdataset == NULL ||
41- ! dns_rdataset_isassociated(sigrdataset));
42+ if (sigrdataset != NULL &&
43+ dns_rdataset_isassociated(sigrdataset))
44+ dns_rdataset_disassociate(sigrdataset);
45 }
46 if (result == ISC_R_SUCCESS) {
47 mname = NULL;
48@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
49 goto setcache;
50 if (result == DNS_R_NCACHENXRRSET) {
51 dns_rdataset_disassociate(rdataset);
52- /*
53- * Negative cache entries don't have sigrdatasets.
54- */
55- INSIST(! dns_rdataset_isassociated(sigrdataset));
56+ if (dns_rdataset_isassociated(sigrdataset))
57+ dns_rdataset_disassociate(sigrdataset);
58 }
59 if (result == ISC_R_SUCCESS) {
60 /* Remember the result as a cache */
61--- a/lib/dns/rbtdb.c
62+++ b/lib/dns/rbtdb.c
63@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
64 rdataset);
65 if (need_headerupdate(found, search.now))
66 update = found;
67- if (foundsig != NULL) {
68+ if (!NEGATIVE(found) && foundsig != NULL) {
69 bind_rdataset(search.rbtdb, node, foundsig, search.now,
70 sigrdataset);
71 if (need_headerupdate(foundsig, search.now))
72@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
73 }
74 if (found != NULL) {
75 bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
76- if (foundsig != NULL)
77+ if (!NEGATIVE(found) && foundsig != NULL)
78 bind_rdataset(rbtdb, rbtnode, foundsig, now,
79 sigrdataset);
80 }
81@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
82 }
83 if (found != NULL) {
84 bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
85- if (foundsig != NULL)
86+ if (!NEGATIVE(found) && foundsig != NULL)
87 bind_rdataset(rbtdb, rbtnode, foundsig, now,
88 sigrdataset);
89 }