diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch b/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch new file mode 100644 index 0000000000..0ef87fd260 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2022-38177.patch @@ -0,0 +1,31 @@ +From ef3d1a84ff807eea27b4fef601a15932c5ffbfbf Mon Sep 17 00:00:00 2001 +From: Mark Andrews <marka@isc.org> +Date: Thu, 11 Aug 2022 15:15:34 +1000 +Subject: [PATCH 2/3] Free eckey on siglen mismatch + +Upstream-Status: Backport +CVE: CVE-2022-38177 +Reference to upstream patch: +https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590 + +Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> +--- + lib/dns/opensslecdsa_link.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c +index 83b5b51cd78c..7576e04ac635 100644 +--- a/lib/dns/opensslecdsa_link.c ++++ b/lib/dns/opensslecdsa_link.c +@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + siglen = DNS_SIG_ECDSA384SIZE; + + if (sig->length != siglen) +- return (DST_R_VERIFYFAILURE); ++ DST_RET(DST_R_VERIFYFAILURE); + + if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen)) + DST_RET (dst__openssl_toresult3(dctx->category, +-- +2.34.1 + |