summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core/systemd/systemd/CVE-2023-7008.patch')
-rw-r--r--meta/recipes-core/systemd/systemd/CVE-2023-7008.patch40
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
new file mode 100644
index 0000000000..e2296abc49
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
@@ -0,0 +1,40 @@
+From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 20 Dec 2023 16:44:14 +0100
+Subject: [PATCH] resolved: actually check authenticated flag of SOA
+ transaction
+
+Fixes #25676
+
+Upstream-Status: Backport [https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1]
+CVE: CVE-2023-7008
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/resolve/resolved-dns-transaction.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
+index f937f9f7b5..7deb598400 100644
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -2761,7 +2761,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+ if (r == 0)
+ continue;
+
+- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
++ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ }
+
+ return true;
+@@ -2788,7 +2788,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+ /* We found the transaction that was supposed to find the SOA RR for us. It was
+ * successful, but found no RR for us. This means we are not at a zone cut. In this
+ * case, we require authentication if the SOA lookup was authenticated too. */
+- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
++ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ }
+
+ return true;
+--
+2.25.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-27 08:35:54 +0000