From 301132a6d0dbaf4b6d032681852fe1f4f3b776dc Mon Sep 17 00:00:00 2001
From: Li Zhou
Date: Wed, 2 Sep 2020 16:19:29 +0800
Subject: bind: Security Advisory - bind - CVE-2020-8622
Backport patch from to solve CVE-2020-8622.
(From OE-Core rev: 64a2b62c41574bf4d45dd8ed447ee3b6c05fbd84)
Signed-off-by: Li Zhou
Signed-off-by: Anuj Mittal
Signed-off-by: Richard Purdie
---
.../bind/bind/CVE-2020-8622.patch | 60 ++++++++++++++++++++++
1 file changed, 60 insertions(+)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
(limited to 'meta/recipes-connectivity/bind/bind')
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
new file mode 100644
index 0000000000..dec5672657
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
@@ -0,0 +1,60 @@
+From ca543240380475d888d660ea3296fc880ce52f35 Mon Sep 17 00:00:00 2001
+From: Mark Andrews
+Date: Wed, 15 Jul 2020 16:07:51 +1000
+Subject: [PATCH] bind: Always keep a copy of the message
+
+this allows it to be available even when dns_message_parse()
+returns a error.
+
+Upstream-Status: Backport
+CVE: CVE-2020-8622
+Signed-off-by: Li Zhou
+---
+ lib/dns/message.c | 24 +++++++++++++-----------
+ 1 file changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/lib/dns/message.c b/lib/dns/message.c
+index ac637a2..39ed80f 100644
+--- a/lib/dns/message.c
++++ b/lib/dns/message.c
+@@ -1679,6 +1679,19 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
+ msg->header_ok = 0;
+ msg->question_ok = 0;
+
++ if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0) {
++ isc_buffer_usedregion(&origsource, &msg->saved);
++ } else {
++ msg->saved.length = isc_buffer_usedlength(&origsource);
++ msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
++ if (msg->saved.base == NULL) {
++ return (ISC_R_NOMEMORY);
++ }
++ memmove(msg->saved.base, isc_buffer_base(&origsource),
++ msg->saved.length);
++ msg->free_saved = 1;
++ }
++
+ isc_buffer_remainingregion(source, &r);
+ if (r.length < DNS_MESSAGE_HEADERLEN)
+ return (ISC_R_UNEXPECTEDEND);
+@@ -1754,17 +1767,6 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
+ }
+
+ truncated:
+- if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0)
+- isc_buffer_usedregion(&origsource, &msg->saved);
+- else {
+- msg->saved.length = isc_buffer_usedlength(&origsource);
+- msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
+- if (msg->saved.base == NULL)
+- return (ISC_R_NOMEMORY);
+- memmove(msg->saved.base, isc_buffer_base(&origsource),
+- msg->saved.length);
+- msg->free_saved = 1;
+- }
+
+ if (ret == ISC_R_UNEXPECTEDEND && ignore_tc)
+ return (DNS_R_RECOVERABLE);
+--
+1.9.1
+
--
cgit v1.2.3-54-g00ecf