From c527fd1f14c27855a37f2e8ac5346ce8d940ced2 Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Thu, 16 Oct 2014 03:05:19 +0200 Subject: initial commit for Enea Linux 4.0-140929 Migrated from the internal git server on the daisy-enea-point-release branch Signed-off-by: Tudor Florea --- .../bind/bind/bind-CVE-2011-4313.patch | 89 ++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch') diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch new file mode 100644 index 0000000000..19d8df1c2d --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch @@ -0,0 +1,89 @@ +The patch to fix CVE-2011-4313 + +Upstream-Status: Backport + +Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html + +query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV +through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 +through 9.9.0b1 allows remote attackers to cause a denial of service +(assertion failure and named exit) via unknown vectors related to recursive DNS +queries, error logging, and the caching of an invalid record by the resolver. + +Signed-off-by Ming Liu +--- + bin/named/query.c | 19 ++++++++----------- + lib/dns/rbtdb.c | 4 ++-- + 2 files changed, 10 insertions(+), 13 deletions(-) + +--- a/bin/named/query.c ++++ b/bin/named/query.c +@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ + goto addname; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); +- /* +- * Negative cache entries don't have sigrdatasets. +- */ +- INSIST(sigrdataset == NULL || +- ! dns_rdataset_isassociated(sigrdataset)); ++ if (sigrdataset != NULL && ++ dns_rdataset_isassociated(sigrdataset)) ++ dns_rdataset_disassociate(sigrdataset); + } + if (result == ISC_R_SUCCESS) { + mname = NULL; +@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ + goto addname; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); +- INSIST(sigrdataset == NULL || +- ! dns_rdataset_isassociated(sigrdataset)); ++ if (sigrdataset != NULL && ++ dns_rdataset_isassociated(sigrdataset)) ++ dns_rdataset_disassociate(sigrdataset); + } + if (result == ISC_R_SUCCESS) { + mname = NULL; +@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name + goto setcache; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); +- /* +- * Negative cache entries don't have sigrdatasets. +- */ +- INSIST(! dns_rdataset_isassociated(sigrdataset)); ++ if (dns_rdataset_isassociated(sigrdataset)) ++ dns_rdataset_disassociate(sigrdataset); + } + if (result == ISC_R_SUCCESS) { + /* Remember the result as a cache */ +--- a/lib/dns/rbtdb.c ++++ b/lib/dns/rbtdb.c +@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam + rdataset); + if (need_headerupdate(found, search.now)) + update = found; +- if (foundsig != NULL) { ++ if (!NEGATIVE(found) && foundsig != NULL) { + bind_rdataset(search.rbtdb, node, foundsig, search.now, + sigrdataset); + if (need_headerupdate(foundsig, search.now)) +@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno + } + if (found != NULL) { + bind_rdataset(rbtdb, rbtnode, found, now, rdataset); +- if (foundsig != NULL) ++ if (!NEGATIVE(found) && foundsig != NULL) + bind_rdataset(rbtdb, rbtnode, foundsig, now, + sigrdataset); + } +@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn + } + if (found != NULL) { + bind_rdataset(rbtdb, rbtnode, found, now, rdataset); +- if (foundsig != NULL) ++ if (!NEGATIVE(found) && foundsig != NULL) + bind_rdataset(rbtdb, rbtnode, foundsig, now, + sigrdataset); + } -- cgit v1.2.3-54-g00ecf