diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch')
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch | 141 |
1 files changed, 0 insertions, 141 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch deleted file mode 100644 index 5dd6f69..0000000 --- a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch +++ /dev/null @@ -1,141 +0,0 @@ -bind_Fix_for_CVE-2012-4244 - -Upstream-Status: Backport - -Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit - -ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, - and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to -cause a denial of service (assertion failure and named daemon exit) via -a query for a long resource record. - -Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> - -diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h ---- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800 -@@ -147,6 +147,17 @@ struct dns_rdata { - (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0) - - /* -+ * The maximum length of a RDATA that can be sent on the wire. -+ * Max packet size (65535) less header (12), less name (1), type (2), -+ * class (2), ttl(4), length (2). -+ * -+ * None of the defined types that support name compression can exceed -+ * this and all new types are to be sent uncompressed. -+ */ -+ -+#define DNS_RDATA_MAXLENGTH 65512U -+ -+/* - * Flags affecting rdata formatting style. Flags 0xFFFF0000 - * are used by masterfile-level formatting and defined elsewhere. - * See additional comments at dns_rdata_tofmttext(). -diff -urpN a/lib/dns/master.c b/lib/dns/master.c ---- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800 -@@ -75,7 +75,7 @@ - /*% - * max message size - header - root - type - class - ttl - rdlen - */ --#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2) -+#define MINTSIZ DNS_RDATA_MAXLENGTH - /*% - * Size for tokens in the presentation format, - * The largest tokens are the base64 blocks in KEY and CERT records, -diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c ---- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800 -@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d - isc_buffer_t st; - isc_boolean_t use_default = ISC_FALSE; - isc_uint32_t activelength; -+ size_t length; - - REQUIRE(dctx != NULL); - if (rdata != NULL) { -@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d - } - - /* -+ * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH -+ * as we cannot transmit it. -+ */ -+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); -+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) -+ result = DNS_R_FORMERR; -+ -+ /* - * We should have consumed all of our buffer. - */ - if (result == ISC_R_SUCCESS && !buffer_empty(source)) -@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d - - if (rdata != NULL && result == ISC_R_SUCCESS) { - region.base = isc_buffer_used(&st); -- region.length = isc_buffer_usedlength(target) - -- isc_buffer_usedlength(&st); -+ region.length = length; - dns_rdata_fromregion(rdata, rdclass, type, ®ion); - } - -@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d - unsigned long line; - void (*callback)(dns_rdatacallbacks_t *, const char *, ...); - isc_result_t tresult; -+ size_t length; - - REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); - if (rdata != NULL) { -@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d - } - } while (1); - -+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); -+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) -+ result = ISC_R_NOSPACE; -+ - if (rdata != NULL && result == ISC_R_SUCCESS) { - region.base = isc_buffer_used(&st); -- region.length = isc_buffer_usedlength(target) - -- isc_buffer_usedlength(&st); -+ region.length = length; - dns_rdata_fromregion(rdata, rdclass, type, ®ion); - } - if (result != ISC_R_SUCCESS) { -@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, - isc_buffer_t st; - isc_region_t region; - isc_boolean_t use_default = ISC_FALSE; -+ size_t length; - - REQUIRE(source != NULL); - if (rdata != NULL) { -@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, - if (use_default) - (void)NULL; - -+ length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); -+ if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) -+ result = ISC_R_NOSPACE; -+ - if (rdata != NULL && result == ISC_R_SUCCESS) { - region.base = isc_buffer_used(&st); -- region.length = isc_buffer_usedlength(target) - -- isc_buffer_usedlength(&st); -+ region.length = length; - dns_rdata_fromregion(rdata, rdclass, type, ®ion); - } - if (result != ISC_R_SUCCESS) -diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c ---- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800 -+++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800 -@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_ - length = x[i].rdata.length; - if (rdataset->type == dns_rdatatype_rrsig) - length++; -+ INSIST(length <= 0xffff); - *rawbuf++ = (length & 0xff00) >> 8; - *rawbuf++ = (length & 0x00ff); - #if DNS_RDATASET_FIXED |
