]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 1927fb8)
bind: fix CVE-2020-8625
authorMinjae Kim <flowergom@gmail.com>
Mon, 1 Mar 2021 22:50:12 +0000 (07:50 +0900)
committerSteve Sakoman <steve@sakoman.com>
Fri, 5 Mar 2021 14:40:00 +0000 (04:40 -1000)
BIND Operational Notification: Zone journal (.jnl) file incompatibility

Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
CVE: CVE-2020-8625
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch [new file with mode: 0644] patch | blob
meta/recipes-connectivity/bind/bind_9.11.22.bb patch | blob | history

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
new file mode 100644 (file)
index 0000000..9078f24
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
+CVE: CVE-2020-8625
+Signed-off-by: Minjae Kim <flowergom@gmail.com>
+
+diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
+index e61d1c600f2..753dc8049fa 100644
+--- a/lib/dns/spnego.c
++++ b/lib/dns/spnego.c
+@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
+               return (ASN1_OVERRUN);
+       }
+-      data->components = malloc(len * sizeof(*data->components));
++      data->components = malloc((len + 1) * sizeof(*data->components));
+       if (data->components == NULL) {
+               return (ENOMEM);
+       }
diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb
index 3b4a299b36a0615b86e9b33c185f2dadd3999e32..e3b9cacc153bb0473588b9bbdfe0e43949df02f2 100644 (file)
--- a/meta/recipes-connectivity/bind/bind_9.11.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb
@@ -18,6 +18,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
+           file://CVE-2020-8625.patch \
            "
 
 SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
Mirror of the official openembedded-core repository