rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack 

Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2013-09-10 10:03:44 +02:00
parent d010f7191d
commit 4a918b84b0
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bind.spec
View File

@ -26,7 +26,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.4
Release: 0.8.%{?PATCHVER}%{?PREVER}%{?dist}
Release: 0.9.%{?PATCHVER}%{?PREVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -81,6 +81,7 @@ Patch134:bind97-rh669163.patch
Patch137:bind99-rrl.patch
# Install dns/update.h header for bind-dyndb-ldap plugin
Patch138:bind-9.9.3-include-update-h.patch
Patch139:bind99-ISC-Bugs-34738.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -279,6 +280,7 @@ popd
%patch131 -p1 -b .multlib-conflict
%patch137 -p1 -b .rrl
%patch138 -p1 -b .update
%patch139 -p1 -b .journal
%if %{SDB}
%patch101 -p1 -b .old-api
@ -779,6 +781,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
* Tue Sep 10 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.9.rc2
- Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
* Mon Sep 09 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.8.rc2
- update to bind-9.9.4rc2

61
bind99-ISC-Bugs-34738.patch Normal file
View File

@ -0,0 +1,61 @@
From 18df9e628ea10c7d607f43fcfd935e7924731f24 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 9 Sep 2013 22:12:47 -0700
Subject: [PATCH] [master] strdup journal filename
3646. [bug] Journal filename string could be set incorrectly,
causing garbage in log messages. [RT #34738]
---
lib/dns/journal.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/dns/journal.c b/lib/dns/journal.c
index 08aabd5..46a52e1 100644
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -307,7 +307,7 @@ struct dns_journal {
unsigned int magic; /*%< JOUR */
isc_mem_t *mctx; /*%< Memory context */
journal_state_t state;
- const char *filename; /*%< Journal file name */
+ char *filename; /*%< Journal file name */
FILE * fp; /*%< File handle */
isc_offset_t offset; /*%< Current file offset */
journal_header_t header; /*%< In-core journal header */
@@ -573,10 +573,13 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
isc_mem_attach(mctx, &j->mctx);
j->state = JOURNAL_STATE_INVALID;
j->fp = NULL;
- j->filename = filename;
+ j->filename = isc_mem_strdup(mctx, filename);
j->index = NULL;
j->rawindex = NULL;
+ if (j->filename == NULL)
+ FAIL(ISC_R_NOMEMORY);
+
result = isc_stdio_open(j->filename, write ? "rb+" : "rb", &fp);
if (result == ISC_R_FILENOTFOUND) {
@@ -679,6 +682,8 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
sizeof(journal_rawpos_t));
j->index = NULL;
}
+ if (j->filename != NULL)
+ isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
(void)isc_stdio_close(j->fp);
isc_mem_putanddetach(&j->mctx, j, sizeof(*j));
@@ -1242,7 +1247,8 @@ dns_journal_destroy(dns_journal_t **journalp) {
isc_mem_put(j->mctx, j->it.target.base, j->it.target.length);
if (j->it.source.base != NULL)
isc_mem_put(j->mctx, j->it.source.base, j->it.source.length);
-
+ if (j->filename != NULL)
+ isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
(void)isc_stdio_close(j->fp);
j->magic = 0;
--
1.8.3.1