Vendor import of BIND 9.8.5-P2

Approved by: delphij (mentor, implicit) Sponsored by: DK Hostmaster A/S
author: erwin <erwin@FreeBSD.org> 2013-07-31 11:42:42 +0000
committer: erwin <erwin@FreeBSD.org> 2013-07-31 11:42:42 +0000
commit: 414d5ed7dd8cad7ef2738c53f9b9ecfe246ed91c (patch)
tree: 6565dd4092e39e2b73b4391e4165f46fa4dadd20
parent: dc235a59431db02e1a04d85de49af9e278510ac8 (diff)
download: FreeBSD-src-414d5ed7dd8cad7ef2738c53f9b9ecfe246ed91c.zip
FreeBSD-src-414d5ed7dd8cad7ef2738c53f9b9ecfe246ed91c.tar.gz
3 files changed, 8 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 2cfcb7b..e8383c6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+	--- 9.8.5-P2 released ---
+
+3621.	[security]	Incorrect bounds checking on private type 'keydata'
+			can lead to a remotely triggerable REQUIRE failure
+			(CVE-2013-4854). [RT #34238]
+
 	--- 9.8.5-P1 released ---
 
 3584.	[security]	Caching data from an incompletely signed zone could
diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index 2592c30..317e1a8 100644
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
 	UNUSED(options);
 
 	isc_buffer_activeregion(source, &sr);
-	if (sr.length < 4)
+	if (sr.length < 16)
 		return (ISC_R_UNEXPECTEDEND);
 
 	isc_buffer_forward(source, sr.length);
diff --git a/version b/version
index 722bbe7..7a518ed 100644
--- a/version
+++ b/version
@@ -9,4 +9,4 @@ MAJORVER=9
 MINORVER=8
 PATCHVER=5
 RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2
author	erwin <erwin@FreeBSD.org>	2013-07-31 11:42:42 +0000
committer	erwin <erwin@FreeBSD.org>	2013-07-31 11:42:42 +0000
commit	414d5ed7dd8cad7ef2738c53f9b9ecfe246ed91c (patch)
tree	6565dd4092e39e2b73b4391e4165f46fa4dadd20
parent	dc235a59431db02e1a04d85de49af9e278510ac8 (diff)
download	FreeBSD-src-414d5ed7dd8cad7ef2738c53f9b9ecfe246ed91c.zip FreeBSD-src-414d5ed7dd8cad7ef2738c53f9b9ecfe246ed91c.tar.gz