summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch72
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.4.bb1
2 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
new file mode 100644
index 0000000000..7a2ba7eab6
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
@@ -0,0 +1,72 @@
+Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740]
+
+CVE: CVE-2018-5740
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+diff --git a/CHANGES b/CHANGES
+index 750b600..3d8d655 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -1,3 +1,9 @@
++ --- 9.11.4-P1 released ---
++
++4997. [security] named could crash during recursive processing
++ of DNAME records when "deny-answer-aliases" was
++ in use. (CVE-2018-5740) [GL #387]
++
+ --- 9.11.4 released ---
+
+ --- 9.11.4rc2 released ---
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 8f674a2..41d1385 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
+ unsigned int nlabels;
+ dns_fixedname_t fixed;
+ dns_name_t prefix;
++ int order;
+
+ REQUIRE(rdataset != NULL);
+ REQUIRE(rdataset->type == dns_rdatatype_cname ||
+@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
+ tname = &cname.cname;
+ break;
+ case dns_rdatatype_dname:
++ if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
++ dns_namereln_subdomain)
++ {
++ return (ISC_TRUE);
++ }
+ result = dns_rdata_tostruct(&rdata, &dname, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ dns_name_init(&prefix, NULL);
+ tname = dns_fixedname_initname(&fixed);
+- nlabels = dns_name_countlabels(qname) -
+- dns_name_countlabels(rname);
++ nlabels = dns_name_countlabels(rname);
+ dns_name_split(qname, nlabels, &prefix, NULL);
+ result = dns_name_concatenate(&prefix, &dname.dname, tname,
+ NULL);
+- if (result == DNS_R_NAMETOOLONG)
++ if (result == DNS_R_NAMETOOLONG) {
++ if (chainingp != NULL) {
++ *chainingp = ISC_TRUE;
++ }
+ return (ISC_TRUE);
++ }
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ break;
+ default:
+@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) {
+ }
+ if ((ardataset->type == dns_rdatatype_cname ||
+ ardataset->type == dns_rdatatype_dname) &&
+- !is_answertarget_allowed(fctx, qname, aname, ardataset,
++ type != ardataset->type &&
++ type != dns_rdatatype_any &&
++ !is_answertarget_allowed(fctx, qname, aname, ardataset,
+ NULL))
+ {
+ return (DNS_R_SERVFAIL);
diff --git a/meta/recipes-connectivity/bind/bind_9.11.4.bb b/meta/recipes-connectivity/bind/bind_9.11.4.bb
index d27068c64f..23c3aadf9c 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.4.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-lib-dns-gen.c-fix-too-long-error.patch \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
+ file://CVE-2018-5740.patch \
"
SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-18 15:27:57 +0000