diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch deleted file mode 100644 index 5393063c56..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 9d8aba8a7778721ae2cee6e4670a8e6be6590b05 Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Wed, 12 Oct 2016 19:52:59 +0900 -Subject: [PATCH] -4406. [security] getrrsetbyname with a non absolute name could - trigger an infinite recursion bug in lwresd - and named with lwres configured if when combined - with a search list entry the resulting name is - too long. (CVE-2016-2775) [RT #42694] - -Backport commit 38cc2d14e218e536e0102fa70deef99461354232 from the -v9.11.0_patch branch. - -CVE: CVE-2016-2775 -Upstream-Status: Backport - -Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> - ---- - CHANGES | 6 ++++++ - bin/named/lwdgrbn.c | 16 ++++++++++------ - bin/tests/system/lwresd/lwtest.c | 9 ++++++++- - 3 files changed, 24 insertions(+), 7 deletions(-) - -diff --git a/CHANGES b/CHANGES -index d2e3360..d0a9d12 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,9 @@ -+4406. [security] getrrsetbyname with a non absolute name could -+ trigger an infinite recursion bug in lwresd -+ and named with lwres configured if when combined -+ with a search list entry the resulting name is -+ too long. (CVE-2016-2775) [RT #42694] -+ - 4322. [security] Duplicate EDNS COOKIE options in a response could - trigger an assertion failure. (CVE-2016-2088) - [RT #41809] -diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c -index 3e7b15b..e1e9adc 100644 ---- a/bin/named/lwdgrbn.c -+++ b/bin/named/lwdgrbn.c -@@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) { - INSIST(client->lookup == NULL); - - dns_fixedname_init(&absname); -- result = ns_lwsearchctx_current(&client->searchctx, -- dns_fixedname_name(&absname)); -+ - /* -- * This will return failure if relative name + suffix is too long. -- * In this case, just go on to the next entry in the search path. -+ * Perform search across all search domains until success -+ * is returned. Return in case of failure. - */ -- if (result != ISC_R_SUCCESS) -- start_lookup(client); -+ while (ns_lwsearchctx_current(&client->searchctx, -+ dns_fixedname_name(&absname)) != ISC_R_SUCCESS) { -+ if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) { -+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); -+ return; -+ } -+ } - - result = dns_lookup_create(cm->mctx, - dns_fixedname_name(&absname), -diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c -index ad9b551..3eb4a66 100644 ---- a/bin/tests/system/lwresd/lwtest.c -+++ b/bin/tests/system/lwresd/lwtest.c -@@ -768,7 +768,14 @@ main(void) { - test_getrrsetbyname("e.example1.", 1, 2, 1, 1, 1); - test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1); - test_getrrsetbyname("", 1, 1, 0, 0, 0); -- -+ test_getrrsetbyname("123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789", 1, 1, 0, 0, 0); -+ - if (fails == 0) - printf("I:ok\n"); - return (fails); --- -2.7.4 - |