]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: d5db252)
bind: Security fix CVE-2015-8704
authorArmin Kuster <akuster@mvista.com>
Sat, 6 Feb 2016 23:15:02 +0000 (15:15 -0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 7 Feb 2016 17:22:04 +0000 (17:22 +0000)
CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch [new file with mode: 0644] patch | blob
meta/recipes-connectivity/bind/bind_9.9.5.bb patch | blob | history

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644 (file)
index 0000000..7f28e44
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+https://bugzilla.redhat.com/attachment.cgi?id=1115781
+
+CVE: CVE-2015-8704
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
++++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+       isc_uint8_t len;
+       isc_boolean_t neg;
+       unsigned char buf[16];
+-      char txt[sizeof(" !64000")];
++      char txt[sizeof(" !64000:")];
+       const char *sep = "";
+       int n;
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+               isc_region_consume(&sr, 1);
+               INSIST(len <= sr.length);
+               n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-                           neg ? "!": "", afi);
++                           neg ? "!" : "", afi);
+               INSIST(n < (int)sizeof(txt));
+               RETERR(str_totext(txt, target));
+               switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 79b0397a569e6b511988f7abc36fbab0b9e7ed5e..a904d6ebbe88c2843f07d17d712189bbee1a77f5 100644 (file)
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://CVE-2015-4620.patch \
            file://CVE-2015-5722.patch \
            file://CVE-2015-8000.patch \
+           file://CVE-2015-8704.patch \
           "
 
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
Mirror of the official openembedded-core repository