diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch new file mode 100644 index 0000000000..c441eab65d --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-CVE-2012-1667.patch @@ -0,0 +1,92 @@ +bind CVE-2012-1667 + +Upstream-Status: Backport + +ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, +and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource +records with a zero-length RDATA section, which allows remote DNS servers to +cause a denial of service (daemon crash or data corruption) or obtain +sensitive information from process memory via a crafted record. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667 + +The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package. + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + lib/dns/rdata.c | 8 ++++---- + lib/dns/rdataslab.c | 11 ++++++++--- + 2 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c +index 063b1f6..9337a80 100644 +--- a/lib/dns/rdata.c ++++ b/lib/dns/rdata.c +@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { + + REQUIRE(rdata1 != NULL); + REQUIRE(rdata2 != NULL); +- REQUIRE(rdata1->data != NULL); +- REQUIRE(rdata2->data != NULL); ++ REQUIRE(rdata1->length == 0 || rdata1->data != NULL); ++ REQUIRE(rdata2->length == 0 || rdata2->data != NULL); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); + +@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { + + REQUIRE(rdata1 != NULL); + REQUIRE(rdata2 != NULL); +- REQUIRE(rdata1->data != NULL); +- REQUIRE(rdata2->data != NULL); ++ REQUIRE(rdata1->length == 0 || rdata1->data != NULL); ++ REQUIRE(rdata2->length == 0 || rdata2->data != NULL); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); + REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); + +diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c +index a41f16f..ed13b30 100644 +--- a/lib/dns/rdataslab.c ++++ b/lib/dns/rdataslab.c +@@ -125,6 +125,11 @@ isc_result_t + dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + isc_region_t *region, unsigned int reservelen) + { ++ /* ++ * Use &removed as a sentinal pointer for duplicate ++ * rdata as rdata.data == NULL is valid. ++ */ ++ static unsigned char removed; + struct xrdata *x; + unsigned char *rawbuf; + #if DNS_RDATASET_FIXED +@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + INSIST(result == ISC_R_SUCCESS); + dns_rdata_init(&x[i].rdata); + dns_rdataset_current(rdataset, &x[i].rdata); ++ INSIST(x[i].rdata.data != &removed); + #if DNS_RDATASET_FIXED + x[i].order = i; + #endif +@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + */ + for (i = 1; i < nalloc; i++) { + if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) { +- x[i-1].rdata.data = NULL; +- x[i-1].rdata.length = 0; ++ x[i-1].rdata.data = &removed; + #if DNS_RDATASET_FIXED + /* + * Preserve the least order so A, B, A -> A, B +@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, + #endif + + for (i = 0; i < nalloc; i++) { +- if (x[i].rdata.data == NULL) ++ if (x[i].rdata.data == &removed) + continue; + #if DNS_RDATASET_FIXED + offsettable[x[i].order] = rawbuf - offsetbase; +-- +1.7.0.5 + |