diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000000..d5bf740e84 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch @@ -0,0 +1,28 @@ +a buffer size check can cause denial of service under certain circumstances + +[security] +The following flaw in BIND was reported by ISC: + +A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. + +A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. + +Upstream-Status: Backport +CVE: CVE-2015-8704 + +[The patch is taken from BIND 9.10.3: +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704] + +Signed-off-by: Derek Straka <derek@asterius.io> +diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c +index bedd38e..28eb7f2 100644 +--- a/lib/dns/rdata/in_1/apl_42.c ++++ b/lib/dns/rdata/in_1/apl_42.c +@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_uint8_t len; + isc_boolean_t neg; + unsigned char buf[16]; +- char txt[sizeof(" !64000")]; ++ char txt[sizeof(" !64000:")]; + const char *sep = ""; + int n; |