blob: 896272a4719fdcf420955d0bd785dd2dfe2ee0e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 14 Jul 2015 14:48:42 +1000
Subject: [PATCH] 4165. [bug] An failure to reset a value to NULL
in tkey.c could result in an assertion failure.
(CVE-2015-5477) [RT #40046]
Upstream-Status: Backport
[CHANGES file has been edited manually to add CVE-2015-5477 and
an already applied CVE (CVE-2014-8500)].
Referenc: https://kb.isc.org/article/AA-01272
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
diff -ruN a/CHANGES b/CHANGES
--- a/CHANGES 2014-01-27 19:58:24.000000000 +0100
+++ b/CHANGES 2015-07-30 11:03:18.871670769 +0200
@@ -1,4 +1,15 @@
--- 9.9.5 released ---
+4165. [security] An failure to reset a value to NULL in tkey.c could
+ result in an assertion failure. (CVE-2015-5477)
+ [RT #40046]
+
+4006. [security] A flaw in delegation handling could be exploited
+ to put named into an infinite loop. This has
+ been addressed by placing limits on the number
+ of levels of recursion named will allow (default 7),
+ and the number of iterative queries that it will
+ send (default 50) before terminating a recursive
+ query (CVE-2014-8500).
--- 9.9.5rc2 released ---
diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
--- a/lib/dns/tkey.c 2014-01-27 19:58:24.000000000 +0100
+++ b/lib/dns/tkey.c 2015-07-30 10:58:30.647945942 +0200
@@ -650,6 +650,7 @@
* Try the answer section, since that's where Win2000
* puts it.
*/
+ name = NULL;
if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
dns_rdatatype_tkey, 0, &name,
&tkeyset) != ISC_R_SUCCESS) {
|