diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-04-12 13:25:59 +0200 |
---|---|---|
committer | Joshua Lock <joshua.g.lock@intel.com> | 2016-05-06 15:51:14 +0100 |
commit | e289df4daa4b90fb95ae3602c244cba9d56a8c2f (patch) | |
tree | 7d8c8fba97bf8930e8d4844304959cd1647774b5 /meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch | |
parent | b0720e996dde537d04a9129e7ffdc883836c3cf8 (diff) | |
download | openembedded-core-contrib-e289df4daa4b90fb95ae3602c244cba9d56a8c2f.tar.gz |
bind: CVE-2016-1285 CVE-2016-1286
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure
[YOCTO #9400]
External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
References to the Upstream commits and Security Advisories:
CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=31e4657cf246e41d4c5c890315cb6cf89a0db25a
CVE-2016-1286_1: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7
CVE-2016-1286_2: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=ce3cd91caee698cb144e1350c6c78292c6be6339
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch new file mode 100644 index 0000000000..4a2c15ffc7 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch @@ -0,0 +1,78 @@ +From 76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 Mon Sep 17 00:00:00 2001 +From: Mukund Sivaraman <muks@isc.org> +Date: Mon, 22 Feb 2016 12:22:43 +0530 +Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling + (CVE-2016-1286) (#41753) + +(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673) +(cherry picked from commit 456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3) + +CVE: CVE-2016-1286 +Upstream-Status: Backport + +[Skipped CHANGES and doc/arm/notes.xml changes.] + +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + CHANGES | 4 ++++ + doc/arm/notes.xml | 7 +++++++ + lib/dns/resolver.c | 33 ++++++++++++++++++--------------- + 3 files changed, 29 insertions(+), 15 deletions(-) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 735f7d2..0602070 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -6701,21 +6701,26 @@ answer_response(fetchctx_t *fctx) { + isc_boolean_t found_dname = ISC_FALSE; + dns_name_t *dname_name; + ++ /* ++ * Only pass DNAME or RRSIG(DNAME). ++ */ ++ if (rdataset->type != dns_rdatatype_dname && ++ (rdataset->type != dns_rdatatype_rrsig || ++ rdataset->covers != dns_rdatatype_dname)) ++ continue; ++ ++ /* ++ * If we're not chaining, then the DNAME and ++ * its signature should not be external. ++ */ ++ if (!chaining && external) { ++ log_formerr(fctx, "external DNAME"); ++ return (DNS_R_FORMERR); ++ } ++ + found = ISC_FALSE; + aflag = 0; + if (rdataset->type == dns_rdatatype_dname) { +- /* +- * We're looking for something else, +- * but we found a DNAME. +- * +- * If we're not chaining, then the +- * DNAME should not be external. +- */ +- if (!chaining && external) { +- log_formerr(fctx, +- "external DNAME"); +- return (DNS_R_FORMERR); +- } + found = ISC_TRUE; + want_chaining = ISC_TRUE; + POST(want_chaining); +@@ -6744,9 +6749,7 @@ answer_response(fetchctx_t *fctx) { + &fctx->domain)) { + return (DNS_R_SERVFAIL); + } +- } else if (rdataset->type == dns_rdatatype_rrsig +- && rdataset->covers == +- dns_rdatatype_dname) { ++ } else { + /* + * We've found a signature that + * covers the DNAME. +-- +1.9.1 + |