From db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Sat, 6 Feb 2016 15:15:02 -0800
Subject: bind: Security fix CVE-2015-8704

CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c

(From OE-Core rev: 600c1d2beb64e23123e478051537b917f5d4a8a7)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../bind/bind/CVE-2015-8704.patch                  | 29 ++++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.9.5.bb       |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch

(limited to 'meta')

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000..7f28e44
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+https://bugzilla.redhat.com/attachment.cgi?id=1115781
+
+CVE: CVE-2015-8704
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
++++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ 	isc_uint8_t len;
+ 	isc_boolean_t neg;
+ 	unsigned char buf[16];
+-	char txt[sizeof(" !64000")];
++	char txt[sizeof(" !64000:")];
+ 	const char *sep = "";
+ 	int n;
+ 
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ 		isc_region_consume(&sr, 1);
+ 		INSIST(len <= sr.length);
+ 		n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-			     neg ? "!": "", afi);
++			     neg ? "!" : "", afi);
+ 		INSIST(n < (int)sizeof(txt));
+ 		RETERR(str_totext(txt, target));
+ 		switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 79b0397..a904d6e 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://CVE-2015-4620.patch \
            file://CVE-2015-5722.patch \
            file://CVE-2015-8000.patch \
+           file://CVE-2015-8704.patch \
 	   "
 
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
-- 
cgit v1.1