summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
blob: 1a5051e6385b640272cb6ffff3639f122d6e8ccd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()

issue introduced by git commit

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d

which is in this version of bind.

Upstream Status: Backport from Redhat

https://bugzilla.redhat.com/attachment.cgi?id=1044719

Signed-off-by: Armin Kuster <akuster@mvista.com>

Index: bind-9.9.5/lib/dns/validator.c
===================================================================
--- bind-9.9.5.orig/lib/dns/validator.c
+++ bind-9.9.5/lib/dns/validator.c
@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
  */
 static isc_boolean_t
 isselfsigned(dns_validator_t *val) {
-	dns_fixedname_t fixed;
 	dns_rdataset_t *rdataset, *sigrdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
 			result = dns_dnssec_verify3(name, rdataset, dstkey,
 						    ISC_TRUE,
 						    val->view->maxbits,
-						    mctx, &sigrdata,
-						    dns_fixedname_name(&fixed));
+						    mctx, &sigrdata, NULL);
 			dst_key_free(&dstkey);
 			if (result != ISC_R_SUCCESS)
 				continue;