summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch154
1 files changed, 0 insertions, 154 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
deleted file mode 100644
index 2149bd180d..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From 70037e040e587329cec82123e12b9f4f7c945f67 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Thu, 18 Feb 2016 12:11:27 +1100
-Subject: [PATCH] 4318. [security] Malformed control messages can
- trigger assertions in named and rndc. (CVE-2016-1285)
- [RT #41666]
-
-(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
-
-CVE: CVE-2016-1285
-Upstream-Status: Backport
-[Removed doc/arm/notes.xml changes from upstream patch]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- CHANGES | 3 +++
- bin/named/control.c | 2 +-
- bin/named/controlconf.c | 2 +-
- bin/rndc/rndc.c | 8 ++++----
- doc/arm/notes.xml | 11 +++++++++++
- lib/isccc/cc.c | 14 +++++++-------
- 6 files changed, 27 insertions(+), 13 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index b9bd9ef..2c727d5 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,6 @@
-+4318. [security] Malformed control messages can trigger assertions
-+ in named and rndc. (CVE-2016-1285) [RT #41666]
-+
- --- 9.10.3-P3 released ---
-
- 4288. [bug] Fixed a regression in resolver.c:possibly_mark()
-diff --git a/bin/named/control.c b/bin/named/control.c
-index 8554335..81340ca 100644
---- a/bin/named/control.c
-+++ b/bin/named/control.c
-@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
- #endif
-
- data = isccc_alist_lookup(message, "_data");
-- if (data == NULL) {
-+ if (!isccc_alist_alistp(data)) {
- /*
- * No data section.
- */
-diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
-index 765afdd..a39ab8b 100644
---- a/bin/named/controlconf.c
-+++ b/bin/named/controlconf.c
-@@ -402,7 +402,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
- * Limit exposure to replay attacks.
- */
- _ctrl = isccc_alist_lookup(request, "_ctrl");
-- if (_ctrl == NULL) {
-+ if (!isccc_alist_alistp(_ctrl)) {
- log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup_request;
- }
-diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
-index cb17050..b6e05c8 100644
---- a/bin/rndc/rndc.c
-+++ b/bin/rndc/rndc.c
-@@ -255,8 +255,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
- isccc_cc_fromwire(&source, &response, algorithm, &secret));
-
- data = isccc_alist_lookup(response, "_data");
-- if (data == NULL)
-- fatal("no data section in response");
-+ if (!isccc_alist_alistp(data))
-+ fatal("bad or missing data section in response");
- result = isccc_cc_lookupstring(data, "err", &errormsg);
- if (result == ISC_R_SUCCESS) {
- failed = ISC_TRUE;
-@@ -321,8 +321,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
- isccc_cc_fromwire(&source, &response, algorithm, &secret));
-
- _ctrl = isccc_alist_lookup(response, "_ctrl");
-- if (_ctrl == NULL)
-- fatal("_ctrl section missing");
-+ if (!isccc_alist_alistp(_ctrl))
-+ fatal("bad or missing ctrl section in response");
- nonce = 0;
- if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
- nonce = 0;
-diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
-index 47a3b74..2bb961e 100644
---- a/lib/isccc/cc.c
-+++ b/lib/isccc/cc.c
-@@ -403,13 +403,13 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
- * Extract digest.
- */
- _auth = isccc_alist_lookup(alist, "_auth");
-- if (_auth == NULL)
-+ if (!isccc_alist_alistp(_auth))
- return (ISC_R_FAILURE);
- if (algorithm == ISCCC_ALG_HMACMD5)
- hmac = isccc_alist_lookup(_auth, "hmd5");
- else
- hmac = isccc_alist_lookup(_auth, "hsha");
-- if (hmac == NULL)
-+ if (!isccc_sexpr_binaryp(hmac))
- return (ISC_R_FAILURE);
- /*
- * Compute digest.
-@@ -728,7 +728,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
- REQUIRE(ackp != NULL && *ackp == NULL);
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL ||
-+ if (!isccc_alist_alistp(_ctrl) ||
- isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
- isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
- return (ISC_R_FAILURE);
-@@ -773,7 +773,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
- isccc_sexpr_t *_ctrl;
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL)
-+ if (!isccc_alist_alistp(_ctrl))
- return (ISC_FALSE);
- if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
- return (ISC_TRUE);
-@@ -786,7 +786,7 @@ isccc_cc_isreply(isccc_sexpr_t *message)
- isccc_sexpr_t *_ctrl;
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL)
-+ if (!isccc_alist_alistp(_ctrl))
- return (ISC_FALSE);
- if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
- return (ISC_TRUE);
-@@ -806,7 +806,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
- _data = isccc_alist_lookup(message, "_data");
-- if (_ctrl == NULL || _data == NULL ||
-+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
- isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
- isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
- return (ISC_R_FAILURE);
-@@ -995,7 +995,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
- isccc_sexpr_t *_ctrl;
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL ||
-+ if (!isccc_alist_alistp(_ctrl) ||
- isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
- isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
- return (ISC_R_FAILURE);
---
-1.9.1
-
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-30 08:10:17 +0000