summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind')
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch28
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch44
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000000..d5bf740e84
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,28 @@
1a buffer size check can cause denial of service under certain circumstances
2
3[security]
4The following flaw in BIND was reported by ISC:
5
6A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c.
7
8A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.
9
10Upstream-Status: Backport
11CVE: CVE-2015-8704
12
13[The patch is taken from BIND 9.10.3:
14https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704]
15
16Signed-off-by: Derek Straka <derek@asterius.io>
17diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
18index bedd38e..28eb7f2 100644
19--- a/lib/dns/rdata/in_1/apl_42.c
20+++ b/lib/dns/rdata/in_1/apl_42.c
21@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
22 isc_uint8_t len;
23 isc_boolean_t neg;
24 unsigned char buf[16];
25- char txt[sizeof(" !64000")];
26+ char txt[sizeof(" !64000:")];
27 const char *sep = "";
28 int n;
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch
new file mode 100644
index 0000000000..c4a052d7b6
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch
@@ -0,0 +1,44 @@
1a crash or assertion failure can during format processing
2
3[security]
4The following flaw in BIND was reported by ISC:
5
6In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the issue may result in a REQUIRE assertion failure in buffer.c.
7
8This issue can affect both authoritative and recursive servers if they are performing debug logging. (It may also crash related tools which use the same code, such as dig or delv.)
9
10A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.
11
12Upstream-Status: Backport
13CVE: CVE-2015-8705
14
15[The patch is taken from BIND 9.10.3:
16https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8705]
17
18Signed-off-by: Derek Straka <derek@asterius.io>
19diff --git a/lib/dns/message.c b/lib/dns/message.c
20index ea7b93a..810c58e 100644
21--- a/lib/dns/message.c
22+++ b/lib/dns/message.c
23@@ -3310,9 +3310,19 @@
24 } else if (optcode == DNS_OPT_SIT) {
25 ADD_STRING(target, "; SIT");
26 } else if (optcode == DNS_OPT_CLIENT_SUBNET) {
27+ isc_buffer_t ecsbuf;
28 ADD_STRING(target, "; CLIENT-SUBNET: ");
29- render_ecs(&optbuf, target);
30- ADD_STRING(target, "\n");
31+ isc_buffer_init(&ecsbuf,
32+ isc_buffer_current(&optbuf),
33+ optlen);
34+ isc_buffer_add(&ecsbuf, optlen);
35+ result = render_ecs(&ecsbuf, target);
36+ if (result == ISC_R_NOSPACE)
37+ return (result);
38+ if (result == ISC_R_SUCCESS) {
39+ isc_buffer_forward(&optbuf, optlen);
40+ ADD_STRING(target, "\n");
41+ }
42 continue;
43 } else if (optcode == DNS_OPT_EXPIRE) {
44 if (optlen == 4) {