1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
commit ea75187b4a656477f1f50ecc407e3352614a06f8
Author: Mark Andrews <marka@isc.org>
Date: Thu Dec 31 13:43:21 2015 +1100
4285. [security] Specific APL data could trigger a INSIST.
(CVE-2015-8704) [RT #41396]
(cherry picked from commit 1b3d21180244529f0099894fe9d29beb3f11efb3)
Fixes: CVE-2015-8704
Upstream Status: Backport from bind 9.9.8:
[ea75187b4a656477f1f50ecc407e3352614a06f8]
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
diff -ruN a/CHANGES b/CHANGES
--- a/CHANGES 2016-01-20 08:25:33.023218819 +0100
+++ b/CHANGES 2016-01-20 08:38:22.270736131 +0100
@@ -1,5 +1,8 @@
--- 9.9.6-P2 released ---
+4285. [security] Specific APL data could trigger a INSIST.
+ (CVE-2015-8704) [RT #41396]
+
4053. [security] Revoking a managed trust anchor and supplying
an untrusted replacement could cause named
to crash with an assertion failure.
diff -ruN a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
--- a/lib/dns/rdata/in_1/apl_42.c 2016-01-20 08:36:01.580676442 +0100
+++ b/lib/dns/rdata/in_1/apl_42.c 2016-01-20 08:37:18.149443474 +0100
@@ -116,7 +116,7 @@
isc_uint8_t len;
isc_boolean_t neg;
unsigned char buf[16];
- char txt[sizeof(" !64000")];
+ char txt[sizeof(" !64000:")];
const char *sep = "";
int n;
@@ -140,7 +140,7 @@
isc_region_consume(&sr, 1);
INSIST(len <= sr.length);
n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
- neg ? "!": "", afi);
+ neg ? "!" : "", afi);
INSIST(n < (int)sizeof(txt));
RETERR(str_totext(txt, target));
switch (afi) {
|