summaryrefslogtreecommitdiffstats
path: root/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch')
-rw-r--r--import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch79
1 files changed, 79 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
new file mode 100644
index 000000000..ae5cc48d9
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
@@ -0,0 +1,79 @@
+From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
+From: Mukund Sivaraman <muks@isc.org>
+Date: Mon, 22 Feb 2016 12:22:43 +0530
+Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
+ (CVE-2016-1286) (#41753)
+
+(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
+
+CVE: CVE-2016-1286
+Upstream-Status: Backport
+
+[Removed doc/arm/notes.xml changes from upstream patch.]
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES 2016-04-13 07:28:44.940873629 +0200
++++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200
+@@ -1,3 +1,7 @@
++4319. [security] Fix resolver assertion failure due to improper
++ DNAME handling when parsing fetch reply messages.
++ (CVE-2016-1286) [RT #41753]
++
+ 4318. [security] Malformed control messages can trigger assertions
+ in named and rndc. (CVE-2016-1285) [RT #41666]
+
+diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
+--- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200
++++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200
+@@ -6967,21 +6967,26 @@
+ isc_boolean_t found_dname = ISC_FALSE;
+ dns_name_t *dname_name;
+
++ /*
++ * Only pass DNAME or RRSIG(DNAME).
++ */
++ if (rdataset->type != dns_rdatatype_dname &&
++ (rdataset->type != dns_rdatatype_rrsig ||
++ rdataset->covers != dns_rdatatype_dname))
++ continue;
++
++ /*
++ * If we're not chaining, then the DNAME and
++ * its signature should not be external.
++ */
++ if (!chaining && external) {
++ log_formerr(fctx, "external DNAME");
++ return (DNS_R_FORMERR);
++ }
++
+ found = ISC_FALSE;
+ aflag = 0;
+ if (rdataset->type == dns_rdatatype_dname) {
+- /*
+- * We're looking for something else,
+- * but we found a DNAME.
+- *
+- * If we're not chaining, then the
+- * DNAME should not be external.
+- */
+- if (!chaining && external) {
+- log_formerr(fctx,
+- "external DNAME");
+- return (DNS_R_FORMERR);
+- }
+ found = ISC_TRUE;
+ want_chaining = ISC_TRUE;
+ POST(want_chaining);
+@@ -7010,9 +7015,7 @@
+ &fctx->domain)) {
+ return (DNS_R_SERVFAIL);
+ }
+- } else if (rdataset->type == dns_rdatatype_rrsig
+- && rdataset->covers ==
+- dns_rdatatype_dname) {
++ } else {
+ /*
+ * We've found a signature that
+ * covers the DNAME.
OpenPOWER on IntegriCloud