summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch
blob: 9cffe358bfd20527702249885faddf060a1675e1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
From a73c3d30de7fe98af9e4dc0e490f732a48412380 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 29 Jul 2020 23:36:03 +1000
Subject: [PATCH] bind: Update-policy 'subdomain' was incorrectly treated as
 'zonesub'

resulting in names outside the specified subdomain having the wrong
restrictions for the given key.

Upstream-Status: Backport
CVE: CVE-2020-8624
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
 bin/named/zoneconf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index e237bdb..4898447 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -237,7 +237,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
 
 		str = cfg_obj_asstring(matchtype);
 		CHECK(dns_ssu_mtypefromstring(str, &mtype));
-		if (mtype == dns_ssumatchtype_subdomain) {
+		if (mtype == dns_ssumatchtype_subdomain &&
+		    strcasecmp(str, "zonesub") == 0) {
 			usezone = true;
 		}
 
-- 
1.9.1