summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch89
1 files changed, 0 insertions, 89 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
deleted file mode 100644
index 19d8df1..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-The patch to fix CVE-2011-4313
-
-Upstream-Status: Backport
-
-Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
-
-query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
-through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
-through 9.9.0b1 allows remote attackers to cause a denial of service
-(assertion failure and named exit) via unknown vectors related to recursive DNS
-queries, error logging, and the caching of an invalid record by the resolver.
-
-Signed-off-by Ming Liu <ming.liu@windriver.com>
----
- bin/named/query.c | 19 ++++++++-----------
- lib/dns/rbtdb.c | 4 ++--
- 2 files changed, 10 insertions(+), 13 deletions(-)
-
---- a/bin/named/query.c
-+++ b/bin/named/query.c
-@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
- goto addname;
- if (result == DNS_R_NCACHENXRRSET) {
- dns_rdataset_disassociate(rdataset);
-- /*
-- * Negative cache entries don't have sigrdatasets.
-- */
-- INSIST(sigrdataset == NULL ||
-- ! dns_rdataset_isassociated(sigrdataset));
-+ if (sigrdataset != NULL &&
-+ dns_rdataset_isassociated(sigrdataset))
-+ dns_rdataset_disassociate(sigrdataset);
- }
- if (result == ISC_R_SUCCESS) {
- mname = NULL;
-@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
- goto addname;
- if (result == DNS_R_NCACHENXRRSET) {
- dns_rdataset_disassociate(rdataset);
-- INSIST(sigrdataset == NULL ||
-- ! dns_rdataset_isassociated(sigrdataset));
-+ if (sigrdataset != NULL &&
-+ dns_rdataset_isassociated(sigrdataset))
-+ dns_rdataset_disassociate(sigrdataset);
- }
- if (result == ISC_R_SUCCESS) {
- mname = NULL;
-@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
- goto setcache;
- if (result == DNS_R_NCACHENXRRSET) {
- dns_rdataset_disassociate(rdataset);
-- /*
-- * Negative cache entries don't have sigrdatasets.
-- */
-- INSIST(! dns_rdataset_isassociated(sigrdataset));
-+ if (dns_rdataset_isassociated(sigrdataset))
-+ dns_rdataset_disassociate(sigrdataset);
- }
- if (result == ISC_R_SUCCESS) {
- /* Remember the result as a cache */
---- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
- rdataset);
- if (need_headerupdate(found, search.now))
- update = found;
-- if (foundsig != NULL) {
-+ if (!NEGATIVE(found) && foundsig != NULL) {
- bind_rdataset(search.rbtdb, node, foundsig, search.now,
- sigrdataset);
- if (need_headerupdate(foundsig, search.now))
-@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
- }
- if (found != NULL) {
- bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-- if (foundsig != NULL)
-+ if (!NEGATIVE(found) && foundsig != NULL)
- bind_rdataset(rbtdb, rbtnode, foundsig, now,
- sigrdataset);
- }
-@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
- }
- if (found != NULL) {
- bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
-- if (foundsig != NULL)
-+ if (!NEGATIVE(found) && foundsig != NULL)
- bind_rdataset(rbtdb, rbtnode, foundsig, now,
- sigrdataset);
- }
OpenPOWER on IntegriCloud