Blame - import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch - openbmc/openbmc

blob: ae5cc48d9cca94c48cce11e2019f68a9a5df8868 [file] [log] [blame]

Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame]	1	From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
				2	From: Mukund Sivaraman <muks@isc.org>
				3	Date: Mon, 22 Feb 2016 12:22:43 +0530
				4	Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
				5	(CVE-2016-1286) (#41753)
				6
				7	(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
				8
				9	CVE: CVE-2016-1286
				10	Upstream-Status: Backport
				11
				12	[Removed doc/arm/notes.xml changes from upstream patch.]
				13
				14	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
				15	---
				16	diff -ruN a/CHANGES b/CHANGES
				17	--- a/CHANGES 2016-04-13 07:28:44.940873629 +0200
				18	+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200
				19	@@ -1,3 +1,7 @@
				20	+4319. [security] Fix resolver assertion failure due to improper
				21	+ DNAME handling when parsing fetch reply messages.
				22	+ (CVE-2016-1286) [RT #41753]
				23	+
				24	4318. [security] Malformed control messages can trigger assertions
				25	in named and rndc. (CVE-2016-1285) [RT #41666]
				26
				27	diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
				28	--- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200
				29	+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200
				30	@@ -6967,21 +6967,26 @@
				31	isc_boolean_t found_dname = ISC_FALSE;
				32	dns_name_t *dname_name;
				33
				34	+ /*
				35	+ * Only pass DNAME or RRSIG(DNAME).
				36	+ */
				37	+ if (rdataset->type != dns_rdatatype_dname &&
				38	+ (rdataset->type != dns_rdatatype_rrsig \|\|
				39	+ rdataset->covers != dns_rdatatype_dname))
				40	+ continue;
				41	+
				42	+ /*
				43	+ * If we're not chaining, then the DNAME and
				44	+ * its signature should not be external.
				45	+ */
				46	+ if (!chaining && external) {
				47	+ log_formerr(fctx, "external DNAME");
				48	+ return (DNS_R_FORMERR);
				49	+ }
				50	+
				51	found = ISC_FALSE;
				52	aflag = 0;
				53	if (rdataset->type == dns_rdatatype_dname) {
				54	- /*
				55	- * We're looking for something else,
				56	- * but we found a DNAME.
				57	- *
				58	- * If we're not chaining, then the
				59	- * DNAME should not be external.
				60	- */
				61	- if (!chaining && external) {
				62	- log_formerr(fctx,
				63	- "external DNAME");
				64	- return (DNS_R_FORMERR);
				65	- }
				66	found = ISC_TRUE;
				67	want_chaining = ISC_TRUE;
				68	POST(want_chaining);
				69	@@ -7010,9 +7015,7 @@
				70	&fctx->domain)) {
				71	return (DNS_R_SERVFAIL);
				72	}
				73	- } else if (rdataset->type == dns_rdatatype_rrsig
				74	- && rdataset->covers ==
				75	- dns_rdatatype_dname) {
				76	+ } else {
				77	/*
				78	* We've found a signature that
				79	* covers the DNAME.