From 972dcfcdbfe75dcfeb777150c136576cf1a71e99 Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Fri, 9 Oct 2015 22:59:03 +0200 Subject: initial commit for Enea Linux 5.0 arm Signed-off-by: Tudor Florea --- .../bind/bind/bind-Fix-CVE-2012-4244.patch | 141 +++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch (limited to 'meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch') diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch new file mode 100644 index 0000000000..5dd6f69e45 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch @@ -0,0 +1,141 @@ +bind_Fix_for_CVE-2012-4244 + +Upstream-Status: Backport + +Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit + +ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, + and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to +cause a denial of service (assertion failure and named daemon exit) via +a query for a long resource record. + +Signed-off-by: yanjun.zhu + +diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h +--- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800 +@@ -147,6 +147,17 @@ struct dns_rdata { + (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0) + + /* ++ * The maximum length of a RDATA that can be sent on the wire. ++ * Max packet size (65535) less header (12), less name (1), type (2), ++ * class (2), ttl(4), length (2). ++ * ++ * None of the defined types that support name compression can exceed ++ * this and all new types are to be sent uncompressed. ++ */ ++ ++#define DNS_RDATA_MAXLENGTH 65512U ++ ++/* + * Flags affecting rdata formatting style. Flags 0xFFFF0000 + * are used by masterfile-level formatting and defined elsewhere. + * See additional comments at dns_rdata_tofmttext(). +diff -urpN a/lib/dns/master.c b/lib/dns/master.c +--- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800 +@@ -75,7 +75,7 @@ + /*% + * max message size - header - root - type - class - ttl - rdlen + */ +-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2) ++#define MINTSIZ DNS_RDATA_MAXLENGTH + /*% + * Size for tokens in the presentation format, + * The largest tokens are the base64 blocks in KEY and CERT records, +diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c +--- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800 +@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d + isc_buffer_t st; + isc_boolean_t use_default = ISC_FALSE; + isc_uint32_t activelength; ++ size_t length; + + REQUIRE(dctx != NULL); + if (rdata != NULL) { +@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d + } + + /* ++ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH ++ * as we cannot transmit it. ++ */ ++ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); ++ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) ++ result = DNS_R_FORMERR; ++ ++ /* + * We should have consumed all of our buffer. + */ + if (result == ISC_R_SUCCESS && !buffer_empty(source)) +@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d + + if (rdata != NULL && result == ISC_R_SUCCESS) { + region.base = isc_buffer_used(&st); +- region.length = isc_buffer_usedlength(target) - +- isc_buffer_usedlength(&st); ++ region.length = length; + dns_rdata_fromregion(rdata, rdclass, type, ®ion); + } + +@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d + unsigned long line; + void (*callback)(dns_rdatacallbacks_t *, const char *, ...); + isc_result_t tresult; ++ size_t length; + + REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); + if (rdata != NULL) { +@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d + } + } while (1); + ++ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); ++ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) ++ result = ISC_R_NOSPACE; ++ + if (rdata != NULL && result == ISC_R_SUCCESS) { + region.base = isc_buffer_used(&st); +- region.length = isc_buffer_usedlength(target) - +- isc_buffer_usedlength(&st); ++ region.length = length; + dns_rdata_fromregion(rdata, rdclass, type, ®ion); + } + if (result != ISC_R_SUCCESS) { +@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, + isc_buffer_t st; + isc_region_t region; + isc_boolean_t use_default = ISC_FALSE; ++ size_t length; + + REQUIRE(source != NULL); + if (rdata != NULL) { +@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, + if (use_default) + (void)NULL; + ++ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); ++ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) ++ result = ISC_R_NOSPACE; ++ + if (rdata != NULL && result == ISC_R_SUCCESS) { + region.base = isc_buffer_used(&st); +- region.length = isc_buffer_usedlength(target) - +- isc_buffer_usedlength(&st); ++ region.length = length; + dns_rdata_fromregion(rdata, rdclass, type, ®ion); + } + if (result != ISC_R_SUCCESS) +diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c +--- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800 ++++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800 +@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_ + length = x[i].rdata.length; + if (rdataset->type == dns_rdatatype_rrsig) + length++; ++ INSIST(length <= 0xffff); + *rawbuf++ = (length & 0xff00) >> 8; + *rawbuf++ = (length & 0x00ff); + #if DNS_RDATASET_FIXED -- cgit v1.2.3-54-g00ecf