Fix CVE-2014-0591
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
parent
1a8c6bc42b
commit
14a63be5be
53
bind-9.9.4-CVE-2014-0591.patch
Normal file
53
bind-9.9.4-CVE-2014-0591.patch
Normal file
@ -0,0 +1,53 @@
|
||||
diff -pruN bind-9.9.4-P1/bin/named/query.c bind-9.9.4-P2/bin/named/query.c
|
||||
--- bind-9.9.4-P1/bin/named/query.c 2013-10-16 01:04:32.000000000 +0200
|
||||
+++ bind-9.9.4-P2/bin/named/query.c 2013-12-20 01:28:28.000000000 +0100
|
||||
@@ -5260,8 +5260,7 @@ query_findclosestnsec3(dns_name_t *qname
|
||||
dns_fixedname_t fixed;
|
||||
dns_hash_t hash;
|
||||
dns_name_t name;
|
||||
- int order;
|
||||
- unsigned int count;
|
||||
+ unsigned int skip = 0, labels;
|
||||
dns_rdata_nsec3_t nsec3;
|
||||
dns_rdata_t rdata = DNS_RDATA_INIT;
|
||||
isc_boolean_t optout;
|
||||
@@ -5276,6 +5275,7 @@ query_findclosestnsec3(dns_name_t *qname
|
||||
|
||||
dns_name_init(&name, NULL);
|
||||
dns_name_clone(qname, &name);
|
||||
+ labels = dns_name_countlabels(&name);
|
||||
dns_clientinfomethods_init(&cm, ns_client_sourceip);
|
||||
dns_clientinfo_init(&ci, client);
|
||||
|
||||
@@ -5309,13 +5309,14 @@ query_findclosestnsec3(dns_name_t *qname
|
||||
dns_rdata_reset(&rdata);
|
||||
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
|
||||
if (found != NULL && optout &&
|
||||
- dns_name_fullcompare(&name, dns_db_origin(db), &order,
|
||||
- &count) == dns_namereln_subdomain) {
|
||||
+ dns_name_issubdomain(&name, dns_db_origin(db)))
|
||||
+ {
|
||||
dns_rdataset_disassociate(rdataset);
|
||||
if (dns_rdataset_isassociated(sigrdataset))
|
||||
dns_rdataset_disassociate(sigrdataset);
|
||||
- count = dns_name_countlabels(&name) - 1;
|
||||
- dns_name_getlabelsequence(&name, 1, count, &name);
|
||||
+ skip++;
|
||||
+ dns_name_getlabelsequence(qname, skip, labels - skip,
|
||||
+ &name);
|
||||
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
|
||||
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
|
||||
"looking for closest provable encloser");
|
||||
@@ -5333,7 +5334,11 @@ query_findclosestnsec3(dns_name_t *qname
|
||||
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
|
||||
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
|
||||
"expected covering NSEC3, got an exact match");
|
||||
- if (found != NULL)
|
||||
+ if (found == qname) {
|
||||
+ if (skip != 0U)
|
||||
+ dns_name_getlabelsequence(qname, skip, labels - skip,
|
||||
+ found);
|
||||
+ } else if (found != NULL)
|
||||
dns_name_copy(&name, found, NULL);
|
||||
return;
|
||||
}
|
@ -30,7 +30,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||
Name: bind
|
||||
License: ISC
|
||||
Version: 9.9.5
|
||||
Release: 0.1.%{?PATCHVER}%{?PREVER}%{?dist}
|
||||
Release: 0.2.%{?PATCHVER}%{?PREVER}%{?dist}
|
||||
Epoch: 32
|
||||
Url: http://www.isc.org/products/BIND/
|
||||
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@ -90,6 +90,7 @@ Patch137:bind99-rrl.patch
|
||||
# Install dns/update.h header for bind-dyndb-ldap plugin
|
||||
Patch138:bind-9.9.3-include-update-h.patch
|
||||
Patch142:bind99-ISC-Bugs-35080.patch
|
||||
Patch143:bind-9.9.4-CVE-2014-0591.patch
|
||||
|
||||
# SDB patches
|
||||
Patch11: bind-9.3.2b2-sdbsrc.patch
|
||||
@ -304,6 +305,7 @@ popd
|
||||
%patch137 -p1 -b .rrl
|
||||
%patch138 -p1 -b .update
|
||||
%patch142 -p1 -b .rbtdb_crash
|
||||
%patch143 -p1 -b .CVE-2014-0591
|
||||
|
||||
%if %{SDB}
|
||||
%patch101 -p1 -b .old-api
|
||||
@ -918,6 +920,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jan 14 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.2.b1
|
||||
- Fix CVE-2014-0591
|
||||
|
||||
* Mon Jan 06 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.1.b1
|
||||
- Update to bind-9.9.5b1
|
||||
- Build bind-sdb against libdb instead of libdb4
|
||||
|
Loading…
Reference in New Issue
Block a user