summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch92
1 files changed, 92 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
new file mode 100644
index 0000000..c441eab
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
@@ -0,0 +1,92 @@
1bind CVE-2012-1667
2
3Upstream-Status: Backport
4
5ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
6and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
7records with a zero-length RDATA section, which allows remote DNS servers to
8cause a denial of service (daemon crash or data corruption) or obtain
9sensitive information from process memory via a crafted record.
10
11http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
12
13The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
14
15Signed-off-by: Li Wang <li.wang@windriver.com>
16---
17 lib/dns/rdata.c | 8 ++++----
18 lib/dns/rdataslab.c | 11 ++++++++---
19 2 files changed, 12 insertions(+), 7 deletions(-)
20
21diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
22index 063b1f6..9337a80 100644
23--- a/lib/dns/rdata.c
24+++ b/lib/dns/rdata.c
25@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
26
27 REQUIRE(rdata1 != NULL);
28 REQUIRE(rdata2 != NULL);
29- REQUIRE(rdata1->data != NULL);
30- REQUIRE(rdata2->data != NULL);
31+ REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
32+ REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
33 REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
34 REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
35
36@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
37
38 REQUIRE(rdata1 != NULL);
39 REQUIRE(rdata2 != NULL);
40- REQUIRE(rdata1->data != NULL);
41- REQUIRE(rdata2->data != NULL);
42+ REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
43+ REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
44 REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
45 REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
46
47diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
48index a41f16f..ed13b30 100644
49--- a/lib/dns/rdataslab.c
50+++ b/lib/dns/rdataslab.c
51@@ -125,6 +125,11 @@ isc_result_t
52 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
53 isc_region_t *region, unsigned int reservelen)
54 {
55+ /*
56+ * Use &removed as a sentinal pointer for duplicate
57+ * rdata as rdata.data == NULL is valid.
58+ */
59+ static unsigned char removed;
60 struct xrdata *x;
61 unsigned char *rawbuf;
62 #if DNS_RDATASET_FIXED
63@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
64 INSIST(result == ISC_R_SUCCESS);
65 dns_rdata_init(&x[i].rdata);
66 dns_rdataset_current(rdataset, &x[i].rdata);
67+ INSIST(x[i].rdata.data != &removed);
68 #if DNS_RDATASET_FIXED
69 x[i].order = i;
70 #endif
71@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
72 */
73 for (i = 1; i < nalloc; i++) {
74 if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
75- x[i-1].rdata.data = NULL;
76- x[i-1].rdata.length = 0;
77+ x[i-1].rdata.data = &removed;
78 #if DNS_RDATASET_FIXED
79 /*
80 * Preserve the least order so A, B, A -> A, B
81@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
82 #endif
83
84 for (i = 0; i < nalloc; i++) {
85- if (x[i].rdata.data == NULL)
86+ if (x[i].rdata.data == &removed)
87 continue;
88 #if DNS_RDATASET_FIXED
89 offsettable[x[i].order] = rawbuf - offsetbase;
90--
911.7.0.5
92