summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-02-06 23:15:02 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-02-07 17:23:06 (GMT)
commitdb99f58eea2dfddfd45cceb876f8ecfa7a82b3e8 (patch)
tree5427cd3b97ea22fff3e9890520425315a2680dc5
parent092903a2ef92627e93cd26dda4583db7bc0288a3 (diff)
downloadpoky-db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8.tar.gz
bind: Security fix CVE-2015-8704
CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c (From OE-Core rev: 600c1d2beb64e23123e478051537b917f5d4a8a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch29
-rw-r--r--meta/recipes-connectivity/bind/bind_9.9.5.bb1
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000..7f28e44
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,29 @@
1Upstream-Status: Backport
2
3https://bugzilla.redhat.com/attachment.cgi?id=1115781
4
5CVE: CVE-2015-8704
6Signed-off-by: Armin Kuster <akuster@mvista.com>
7
8Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
9===================================================================
10--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
11+++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
12@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
13 isc_uint8_t len;
14 isc_boolean_t neg;
15 unsigned char buf[16];
16- char txt[sizeof(" !64000")];
17+ char txt[sizeof(" !64000:")];
18 const char *sep = "";
19 int n;
20
21@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
22 isc_region_consume(&sr, 1);
23 INSIST(len <= sr.length);
24 n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
25- neg ? "!": "", afi);
26+ neg ? "!" : "", afi);
27 INSIST(n < (int)sizeof(txt));
28 RETERR(str_totext(txt, target));
29 switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 79b0397..a904d6e 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
26 file://CVE-2015-4620.patch \ 26 file://CVE-2015-4620.patch \
27 file://CVE-2015-5722.patch \ 27 file://CVE-2015-5722.patch \
28 file://CVE-2015-8000.patch \ 28 file://CVE-2015-8000.patch \
29 file://CVE-2015-8704.patch \
29 " 30 "
30 31
31SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" 32SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"