blob: d5bf740e843f6040d90f67f89a2b443ba3781718 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
a buffer size check can cause denial of service under certain circumstances
[security]
The following flaw in BIND was reported by ISC:
A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c.
A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.
Upstream-Status: Backport
CVE: CVE-2015-8704
[The patch is taken from BIND 9.10.3:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704]
Signed-off-by: Derek Straka <derek@asterius.io>
diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
index bedd38e..28eb7f2 100644
--- a/lib/dns/rdata/in_1/apl_42.c
+++ b/lib/dns/rdata/in_1/apl_42.c
@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
isc_uint8_t len;
isc_boolean_t neg;
unsigned char buf[16];
- char txt[sizeof(" !64000")];
+ char txt[sizeof(" !64000:")];
const char *sep = "";
int n;
|
