yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch - openbmc/openbmc - Gitiles

 a buffer size check can cause denial of service under certain circumstances

 [security]
 The following flaw in BIND was reported by ISC:

 A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c.

 A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.

 Upstream-Status: Backport
 CVE: CVE-2015-8704

 [The patch is taken from BIND 9.10.3:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704]

 Signed-off-by: Derek Straka <derek@asterius.io>
 diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
 index bedd38e..28eb7f2 100644
 --- a/lib/dns/rdata/in_1/apl_42.c
 +++ b/lib/dns/rdata/in_1/apl_42.c
 @@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
 	isc_uint8_t len;
 	isc_boolean_t neg;
 	unsigned char buf[16];
 -	char txt[sizeof(" !64000")];
 +	char txt[sizeof(" !64000:")];
 	const char *sep = "";
 	int n;
	a buffer size check can cause denial of service under certain circumstances

	[security]
	The following flaw in BIND was reported by ISC:

	A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c.

	A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.

	Upstream-Status: Backport
	CVE: CVE-2015-8704

	[The patch is taken from BIND 9.10.3:
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704]

	Signed-off-by: Derek Straka <derek@asterius.io>
	diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
	index bedd38e..28eb7f2 100644
	--- a/lib/dns/rdata/in_1/apl_42.c
	+++ b/lib/dns/rdata/in_1/apl_42.c
	@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
	isc_uint8_t len;
	isc_boolean_t neg;
	unsigned char buf[16];
	- char txt[sizeof(" !64000")];
	+ char txt[sizeof(" !64000:")];
	const char *sep = "";
	int n;