From 36009b0af396f7a0920d5508e67cf58ff955478e Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Fri, 22 Jan 2016 09:38:51 +0100
Subject: bind: CVE-2015-8704

A buffer size check used to guard against overflow could
cause named to exit with an INSIST failure In apl_42.c.

References:
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-00913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 .../bind/bind/CVE-2015-8704.patch                  | 48 ++++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.9.5.bb       |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch

(limited to 'meta/recipes-connectivity/bind')

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000000..d3b89884b5
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,48 @@
+commit ea75187b4a656477f1f50ecc407e3352614a06f8
+Author: Mark Andrews <marka@isc.org>
+Date:   Thu Dec 31 13:43:21 2015 +1100
+
+    4285.   [security]      Specific APL data could trigger a INSIST.
+                            (CVE-2015-8704) [RT #41396]
+
+    (cherry picked from commit 1b3d21180244529f0099894fe9d29beb3f11efb3)
+
+Fixes: CVE-2015-8704
+Upstream Status: Backport from bind 9.9.8:
+    [ea75187b4a656477f1f50ecc407e3352614a06f8]
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES	2016-01-20 08:25:33.023218819 +0100
++++ b/CHANGES	2016-01-20 08:38:22.270736131 +0100
+@@ -1,5 +1,8 @@
+ 	--- 9.9.6-P2 released ---
+ 
++4285.  [security]      Specific APL data could trigger a INSIST.
++                       (CVE-2015-8704) [RT #41396]
++
+ 4053.	[security]	Revoking a managed trust anchor and supplying
+ 			an untrusted replacement could cause named
+ 			to crash with an assertion failure.
+diff -ruN a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
+--- a/lib/dns/rdata/in_1/apl_42.c	2016-01-20 08:36:01.580676442 +0100
++++ b/lib/dns/rdata/in_1/apl_42.c	2016-01-20 08:37:18.149443474 +0100
+@@ -116,7 +116,7 @@
+ 	isc_uint8_t len;
+ 	isc_boolean_t neg;
+ 	unsigned char buf[16];
+-	char txt[sizeof(" !64000")];
++	char txt[sizeof(" !64000:")];
+ 	const char *sep = "";
+ 	int n;
+ 
+@@ -140,7 +140,7 @@
+ 		isc_region_consume(&sr, 1);
+ 		INSIST(len <= sr.length);
+ 		n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-			     neg ? "!": "", afi);
++			     neg ? "!" : "", afi);
+ 		INSIST(n < (int)sizeof(txt));
+ 		RETERR(str_totext(txt, target));
+ 		switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 6e4878d06b..f8d28a4188 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
 	   file://CVE-2015-4620.patch \
 	   file://CVE-2015-5722.patch \
            file://CVE-2015-8000.patch \
+           file://CVE-2015-8704.patch \
 	   "
 
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
-- 
cgit v1.2.3-54-g00ecf