yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch - stefanberger/openbmc - Gitiles

 From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
 From: Mukund Sivaraman <muks@isc.org>
 Date: Mon, 22 Feb 2016 12:22:43 +0530
 Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
  (CVE-2016-1286) (#41753)

 (cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)

 CVE: CVE-2016-1286
 Upstream-Status: Backport

 [Removed doc/arm/notes.xml changes from upstream patch.]

 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
 ---
 diff -ruN a/CHANGES b/CHANGES
 --- a/CHANGES	2016-04-13 07:28:44.940873629 +0200
 +++ b/CHANGES	2016-04-13 07:38:38.923167851 +0200
 @@ -1,3 +1,7 @@
 +4319.  [security]      Fix resolver assertion failure due to improper
 +                       DNAME handling when parsing fetch reply messages.
 +                       (CVE-2016-1286) [RT #41753]
 +
  4318.	[security]	Malformed control messages can trigger assertions
  			in named and rndc. (CVE-2016-1285) [RT #41666]

 diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
 --- a/lib/dns/resolver.c	2016-04-13 07:28:43.088953790 +0200
 +++ b/lib/dns/resolver.c	2016-04-13 07:38:20.411968925 +0200
 @@ -6967,21 +6967,26 @@
  				isc_boolean_t found_dname = ISC_FALSE;
  				dns_name_t *dname_name;

 +				/*
 +				 * Only pass DNAME or RRSIG(DNAME).
 +				 */
 +				if (rdataset->type != dns_rdatatype_dname &&
 +				    (rdataset->type != dns_rdatatype_rrsig ||
 +				     rdataset->covers != dns_rdatatype_dname))
 +					continue;
 +
 +				/*
 +				 * If we're not chaining, then the DNAME and
 +				 * its signature should not be external.
 +				 */
 +				if (!chaining && external) {
 +					log_formerr(fctx, "external DNAME");
 +					return (DNS_R_FORMERR);
 +				}
 +
  				found = ISC_FALSE;
  				aflag = 0;
  				if (rdataset->type == dns_rdatatype_dname) {
 -					/*
 -					 * We're looking for something else,
 -					 * but we found a DNAME.
 -					 *
 -					 * If we're not chaining, then the
 -					 * DNAME should not be external.
 -					 */
 -					if (!chaining && external) {
 -						log_formerr(fctx,
 -							    "external DNAME");
 -						return (DNS_R_FORMERR);
 -					}
  					found = ISC_TRUE;
  					want_chaining = ISC_TRUE;
  					POST(want_chaining);
 @@ -7010,9 +7015,7 @@
  							&fctx->domain)) {
  						return (DNS_R_SERVFAIL);
  					}
 -				} else if (rdataset->type == dns_rdatatype_rrsig
 -					   && rdataset->covers ==
 -					   dns_rdatatype_dname) {
 +				} else {
  					/*
  					 * We've found a signature that
  					 * covers the DNAME.
	From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
	From: Mukund Sivaraman <muks@isc.org>
	Date: Mon, 22 Feb 2016 12:22:43 +0530
	Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
	(CVE-2016-1286) (#41753)

	(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)

	CVE: CVE-2016-1286
	Upstream-Status: Backport

	[Removed doc/arm/notes.xml changes from upstream patch.]

	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	---
	diff -ruN a/CHANGES b/CHANGES
	--- a/CHANGES 2016-04-13 07:28:44.940873629 +0200
	+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200
	@@ -1,3 +1,7 @@
	+4319. [security] Fix resolver assertion failure due to improper
	+ DNAME handling when parsing fetch reply messages.
	+ (CVE-2016-1286) [RT #41753]
	+
	4318. [security] Malformed control messages can trigger assertions
	in named and rndc. (CVE-2016-1285) [RT #41666]

	diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
	--- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200
	+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200
	@@ -6967,21 +6967,26 @@
	isc_boolean_t found_dname = ISC_FALSE;
	dns_name_t *dname_name;

	+ /*
	+ * Only pass DNAME or RRSIG(DNAME).
	+ */
	+ if (rdataset->type != dns_rdatatype_dname &&
	+ (rdataset->type != dns_rdatatype_rrsig \|\|
	+ rdataset->covers != dns_rdatatype_dname))
	+ continue;
	+
	+ /*
	+ * If we're not chaining, then the DNAME and
	+ * its signature should not be external.
	+ */
	+ if (!chaining && external) {
	+ log_formerr(fctx, "external DNAME");
	+ return (DNS_R_FORMERR);
	+ }
	+
	found = ISC_FALSE;
	aflag = 0;
	if (rdataset->type == dns_rdatatype_dname) {
	- /*
	- * We're looking for something else,
	- * but we found a DNAME.
	- *
	- * If we're not chaining, then the
	- * DNAME should not be external.
	- */
	- if (!chaining && external) {
	- log_formerr(fctx,
	- "external DNAME");
	- return (DNS_R_FORMERR);
	- }
	found = ISC_TRUE;
	want_chaining = ISC_TRUE;
	POST(want_chaining);
	@@ -7010,9 +7015,7 @@
	&fctx->domain)) {
	return (DNS_R_SERVFAIL);
	}
	- } else if (rdataset->type == dns_rdatatype_rrsig
	- && rdataset->covers ==
	- dns_rdatatype_dname) {
	+ } else {
	/*
	* We've found a signature that
	* covers the DNAME.