diff options
| author | Changqing Li <changqing.li@windriver.com> | 2018-09-10 17:18:46 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-11 09:05:29 +0100 |
| commit | bf81b4e5327134e131e3198adad68c74afb5e259 (patch) | |
| tree | baeeee57098b627615cd482f31be9901100c07b1 | |
| parent | b6d32d43fd2b016e932b7dc81fb943eb936b73bb (diff) | |
| download | openembedded-core-bf81b4e5327134e131e3198adad68c74afb5e259.tar.gz openembedded-core-bf81b4e5327134e131e3198adad68c74afb5e259.tar.bz2 openembedded-core-bf81b4e5327134e131e3198adad68c74afb5e259.zip | |
bind: patch for CVE-2018-5740
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch | 72 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind_9.11.4.bb | 1 |
2 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch new file mode 100644 index 0000000000..7a2ba7eab6 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch @@ -0,0 +1,72 @@ +Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740] + +CVE: CVE-2018-5740 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +diff --git a/CHANGES b/CHANGES +index 750b600..3d8d655 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1,3 +1,9 @@ ++ --- 9.11.4-P1 released --- ++ ++4997. [security] named could crash during recursive processing ++ of DNAME records when "deny-answer-aliases" was ++ in use. (CVE-2018-5740) [GL #387] ++ + --- 9.11.4 released --- + + --- 9.11.4rc2 released --- +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 8f674a2..41d1385 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, + unsigned int nlabels; + dns_fixedname_t fixed; + dns_name_t prefix; ++ int order; + + REQUIRE(rdataset != NULL); + REQUIRE(rdataset->type == dns_rdatatype_cname || +@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, + tname = &cname.cname; + break; + case dns_rdatatype_dname: ++ if (dns_name_fullcompare(qname, rname, &order, &nlabels) != ++ dns_namereln_subdomain) ++ { ++ return (ISC_TRUE); ++ } + result = dns_rdata_tostruct(&rdata, &dname, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_name_init(&prefix, NULL); + tname = dns_fixedname_initname(&fixed); +- nlabels = dns_name_countlabels(qname) - +- dns_name_countlabels(rname); ++ nlabels = dns_name_countlabels(rname); + dns_name_split(qname, nlabels, &prefix, NULL); + result = dns_name_concatenate(&prefix, &dname.dname, tname, + NULL); +- if (result == DNS_R_NAMETOOLONG) ++ if (result == DNS_R_NAMETOOLONG) { ++ if (chainingp != NULL) { ++ *chainingp = ISC_TRUE; ++ } + return (ISC_TRUE); ++ } + RUNTIME_CHECK(result == ISC_R_SUCCESS); + break; + default: +@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) { + } + if ((ardataset->type == dns_rdatatype_cname || + ardataset->type == dns_rdatatype_dname) && +- !is_answertarget_allowed(fctx, qname, aname, ardataset, ++ type != ardataset->type && ++ type != dns_rdatatype_any && ++ !is_answertarget_allowed(fctx, qname, aname, ardataset, + NULL)) + { + return (DNS_R_SERVFAIL); diff --git a/meta/recipes-connectivity/bind/bind_9.11.4.bb b/meta/recipes-connectivity/bind/bind_9.11.4.bb index d27068c64f..23c3aadf9c 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.4.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.4.bb @@ -19,6 +19,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-lib-dns-gen.c-fix-too-long-error.patch \ file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://CVE-2018-5740.patch \ " SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36" |