1 files changed, 92 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
new file mode 100644
index 0000000000..c441eab65d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
@@ -0,0 +1,92 @@
+bind CVE-2012-1667
+
+Upstream-Status: Backport
+
+ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
+and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
+records with a zero-length RDATA section, which allows remote DNS servers to
+cause a denial of service (daemon crash or data corruption) or obtain
+sensitive information from process memory via a crafted record.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
+
+The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ lib/dns/rdata.c     |    8 ++++----
+ lib/dns/rdataslab.c |   11 ++++++++---
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
+index 063b1f6..9337a80 100644
+--- a/lib/dns/rdata.c
++++ b/lib/dns/rdata.c
+@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+index a41f16f..ed13b30 100644
+--- a/lib/dns/rdataslab.c
++++ b/lib/dns/rdataslab.c
+@@ -125,6 +125,11 @@ isc_result_t
+ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 			   isc_region_t *region, unsigned int reservelen)
+ {
++	/*
++	 * Use &removed as a sentinal pointer for duplicate
++	 * rdata as rdata.data == NULL is valid.
++	 */
++	static unsigned char removed;
+ 	struct xrdata  *x;
+ 	unsigned char  *rawbuf;
+ #if DNS_RDATASET_FIXED
+@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 		INSIST(result == ISC_R_SUCCESS);
+ 		dns_rdata_init(&x[i].rdata);
+ 		dns_rdataset_current(rdataset, &x[i].rdata);
++		INSIST(x[i].rdata.data != &removed);
+ #if DNS_RDATASET_FIXED
+ 		x[i].order = i;
+ #endif
+@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 	 */
+ 	for (i = 1; i < nalloc; i++) {
+ 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
+-			x[i-1].rdata.data = NULL;
+-			x[i-1].rdata.length = 0;
++			x[i-1].rdata.data = &removed;
+ #if DNS_RDATASET_FIXED
+ 			/*
+ 			 * Preserve the least order so A, B, A -> A, B
+@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ #endif
+ 
+ 	for (i = 0; i < nalloc; i++) {
+-		if (x[i].rdata.data == NULL)
++		if (x[i].rdata.data == &removed)
+ 			continue;
+ #if DNS_RDATASET_FIXED
+ 		offsettable[x[i].order] = rawbuf - offsetbase;
+-- 
+1.7.0.5
+