summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch79
1 files changed, 0 insertions, 79 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
deleted file mode 100644
index ae5cc48d9c..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
-From: Mukund Sivaraman <muks@isc.org>
-Date: Mon, 22 Feb 2016 12:22:43 +0530
-Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
- (CVE-2016-1286) (#41753)
-
-(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
-
-CVE: CVE-2016-1286
-Upstream-Status: Backport
-
-[Removed doc/arm/notes.xml changes from upstream patch.]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
-diff -ruN a/CHANGES b/CHANGES
---- a/CHANGES 2016-04-13 07:28:44.940873629 +0200
-+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200
-@@ -1,3 +1,7 @@
-+4319. [security] Fix resolver assertion failure due to improper
-+ DNAME handling when parsing fetch reply messages.
-+ (CVE-2016-1286) [RT #41753]
-+
- 4318. [security] Malformed control messages can trigger assertions
- in named and rndc. (CVE-2016-1285) [RT #41666]
-
-diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
---- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200
-+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200
-@@ -6967,21 +6967,26 @@
- isc_boolean_t found_dname = ISC_FALSE;
- dns_name_t *dname_name;
-
-+ /*
-+ * Only pass DNAME or RRSIG(DNAME).
-+ */
-+ if (rdataset->type != dns_rdatatype_dname &&
-+ (rdataset->type != dns_rdatatype_rrsig ||
-+ rdataset->covers != dns_rdatatype_dname))
-+ continue;
-+
-+ /*
-+ * If we're not chaining, then the DNAME and
-+ * its signature should not be external.
-+ */
-+ if (!chaining && external) {
-+ log_formerr(fctx, "external DNAME");
-+ return (DNS_R_FORMERR);
-+ }
-+
- found = ISC_FALSE;
- aflag = 0;
- if (rdataset->type == dns_rdatatype_dname) {
-- /*
-- * We're looking for something else,
-- * but we found a DNAME.
-- *
-- * If we're not chaining, then the
-- * DNAME should not be external.
-- */
-- if (!chaining && external) {
-- log_formerr(fctx,
-- "external DNAME");
-- return (DNS_R_FORMERR);
-- }
- found = ISC_TRUE;
- want_chaining = ISC_TRUE;
- POST(want_chaining);
-@@ -7010,9 +7015,7 @@
- &fctx->domain)) {
- return (DNS_R_SERVFAIL);
- }
-- } else if (rdataset->type == dns_rdatatype_rrsig
-- && rdataset->covers ==
-- dns_rdatatype_dname) {
-+ } else {
- /*
- * We've found a signature that
- * covers the DNAME.