MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 12:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

bind: Security fix CVE-2016-2775

Browse Source 
affect bind < 9.10.4-p2

(From OE-Core rev: 54bf7379036eec6d6c4399aa374f898ba3464996)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster 2016-10-02 17:49:24 -07:00 committed by Richard Purdie
parent 1f8eb08791
commit d11c5d8944
2 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch Normal file
View File

@ -0,0 +1,84 @@
From 390c5183af79861fcf07a44014912788744e85de Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 7 Jul 2016 12:52:47 +1000
Subject: [PATCH] 4406. [bug] getrrsetbyname with a non absolute
name could trigger a infinite recursion bug in lwresd
and named with lwres configured if when combined
with a search list entry the resulting name is
too long. [RT #42694]
(cherry picked from commit 38cc2d14e218e536e0102fa70deef99461354232)
Upstream-Status: Backport
CVE: CVE-2016-2775
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
CHANGES | 6 ++++++
bin/named/lwdgrbn.c | 16 ++++++++++------
bin/tests/system/lwresd/lwtest.c | 8 ++++++++
3 files changed, 24 insertions(+), 6 deletions(-)
Index: bind-9.10.2-P4/bin/named/lwdgrbn.c
===================================================================
--- bind-9.10.2-P4.orig/bin/named/lwdgrbn.c
+++ bind-9.10.2-P4/bin/named/lwdgrbn.c
@@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) {
INSIST(client->lookup == NULL);
dns_fixedname_init(&absname);
- result = ns_lwsearchctx_current(&client->searchctx,
- dns_fixedname_name(&absname));
+
/*
- * This will return failure if relative name + suffix is too long.
- * In this case, just go on to the next entry in the search path.
+ * Perform search across all search domains until success
+ * is returned. Return in case of failure.
*/
- if (result != ISC_R_SUCCESS)
- start_lookup(client);
+ while (ns_lwsearchctx_current(&client->searchctx,
+ dns_fixedname_name(&absname)) != ISC_R_SUCCESS) {
+ if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) {
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+ return;
+ }
+ }
result = dns_lookup_create(cm->mctx,
dns_fixedname_name(&absname),
Index: bind-9.10.2-P4/bin/tests/system/lwresd/lwtest.c
===================================================================
--- bind-9.10.2-P4.orig/bin/tests/system/lwresd/lwtest.c
+++ bind-9.10.2-P4/bin/tests/system/lwresd/lwtest.c
@@ -768,6 +768,14 @@ main(void) {
test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1);
test_getrrsetbyname("", 1, 1, 0, 0, 0);
+ test_getrrsetbyname("123456789.123456789.123456789.123456789."
+ "123456789.123456789.123456789.123456789."
+ "123456789.123456789.123456789.123456789."
+ "123456789.123456789.123456789.123456789."
+ "123456789.123456789.123456789.123456789."
+ "123456789.123456789.123456789.123456789."
+ "123456789", 1, 1, 0, 0, 0);
+
if (fails == 0)
printf("I:ok\n");
return (fails);
Index: bind-9.10.2-P4/CHANGES
===================================================================
--- bind-9.10.2-P4.orig/CHANGES
+++ bind-9.10.2-P4/CHANGES
@@ -1,3 +1,9 @@
+4406. [bug] getrrsetbyname with a non absolute name could
+ trigger a infinite recursion bug in lwresd
+ and named with lwres configured if when combined
+ with a search list entry the resulting name is
+ too long. [RT #42694]
+
4322. [security] Duplicate EDNS COOKIE options in a response could
trigger an assertion failure. (CVE-2016-2088)
[RT #41809]

1
meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
View File

@ -29,6 +29,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://CVE-2016-1286_1.patch \
file://CVE-2016-1286_2.patch \
file://CVE-2016-2088.patch \
file://CVE-2016-2775.patch \
"
SRC_URI[md5sum] = "8b1f5064837756c938eadc1537dec5c7"