| Backport patch to fix CVE-2019-6471. |
| |
| Ref: |
| https://security-tracker.debian.org/tracker/CVE-2019-6471 |
| |
| CVE: CVE-2019-6471 |
| Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb] |
| |
| Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| |
| From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001 |
| From: Mark Andrews <marka@isc.org> |
| Date: Tue, 19 Mar 2019 14:14:21 +1100 |
| Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext() |
| |
| (cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712) |
| --- |
| lib/dns/dispatch.c | 12 ++++++++---- |
| 1 file changed, 8 insertions(+), 4 deletions(-) |
| |
| diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c |
| index 408beda367..3278db4a07 100644 |
| --- a/lib/dns/dispatch.c |
| +++ b/lib/dns/dispatch.c |
| @@ -134,7 +134,7 @@ struct dns_dispentry { |
| isc_task_t *task; |
| isc_taskaction_t action; |
| void *arg; |
| - bool item_out; |
| + bool item_out; |
| dispsocket_t *dispsocket; |
| ISC_LIST(dns_dispatchevent_t) items; |
| ISC_LINK(dns_dispentry_t) link; |
| @@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) { |
| disp = resp->disp; |
| REQUIRE(VALID_DISPATCH(disp)); |
| |
| - REQUIRE(resp->item_out == true); |
| - resp->item_out = false; |
| - |
| ev = *sockevent; |
| *sockevent = NULL; |
| |
| LOCK(&disp->lock); |
| + |
| + REQUIRE(resp->item_out == true); |
| + resp->item_out = false; |
| + |
| if (ev->buffer.base != NULL) |
| free_buffer(disp, ev->buffer.base, ev->buffer.length); |
| free_devent(disp, ev); |
| @@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, |
| isc_task_send(disp->task[0], &disp->ctlevent); |
| } |
| |
| +/* |
| + * disp must be locked. |
| + */ |
| static void |
| do_cancel(dns_dispatch_t *disp) { |
| dns_dispatchevent_t *ev; |
| -- |
| 2.20.1 |
| |