summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
blob: d3b89884b5c403f0babad3ca9812de190694c1fb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
commit ea75187b4a656477f1f50ecc407e3352614a06f8
Author: Mark Andrews <marka@isc.org>
Date:   Thu Dec 31 13:43:21 2015 +1100

    4285.   [security]      Specific APL data could trigger a INSIST.
                            (CVE-2015-8704) [RT #41396]

    (cherry picked from commit 1b3d21180244529f0099894fe9d29beb3f11efb3)

Fixes: CVE-2015-8704
Upstream Status: Backport from bind 9.9.8:
    [ea75187b4a656477f1f50ecc407e3352614a06f8]

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
diff -ruN a/CHANGES b/CHANGES
--- a/CHANGES	2016-01-20 08:25:33.023218819 +0100
+++ b/CHANGES	2016-01-20 08:38:22.270736131 +0100
@@ -1,5 +1,8 @@
 	--- 9.9.6-P2 released ---
 
+4285.  [security]      Specific APL data could trigger a INSIST.
+                       (CVE-2015-8704) [RT #41396]
+
 4053.	[security]	Revoking a managed trust anchor and supplying
 			an untrusted replacement could cause named
 			to crash with an assertion failure.
diff -ruN a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
--- a/lib/dns/rdata/in_1/apl_42.c	2016-01-20 08:36:01.580676442 +0100
+++ b/lib/dns/rdata/in_1/apl_42.c	2016-01-20 08:37:18.149443474 +0100
@@ -116,7 +116,7 @@
 	isc_uint8_t len;
 	isc_boolean_t neg;
 	unsigned char buf[16];
-	char txt[sizeof(" !64000")];
+	char txt[sizeof(" !64000:")];
 	const char *sep = "";
 	int n;
 
@@ -140,7 +140,7 @@
 		isc_region_consume(&sr, 1);
 		INSIST(len <= sr.length);
 		n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
-			     neg ? "!": "", afi);
+			     neg ? "!" : "", afi);
 		INSIST(n < (int)sizeof(txt));
 		RETERR(str_totext(txt, target));
 		switch (afi) {