Reject invalid rbt file if header is corrupted
Resolves: rhbz#1666814
This commit is contained in:
Petr Menšík
parent
67a5cd83ff
commit
685f10cbfd
37
bind-9.11-rh1666814.patch
Normal file
37
bind-9.11-rh1666814.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 3bb29f45604ac6890f4ea5cdcbd1a62e6dad14a7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Wed, 16 Jan 2019 16:27:33 +0100
|
||||
Subject: [PATCH 2/2] Fix possible crash when loading corrupted file
|
||||
|
||||
Some values passes internal triggers by coincidence. Fix the check and
|
||||
check also first_node_offset before even passing it further.
|
||||
---
|
||||
lib/dns/rbt.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
|
||||
index 62d0826..b029b7d 100644
|
||||
--- a/lib/dns/rbt.c
|
||||
+++ b/lib/dns/rbt.c
|
||||
@@ -787,7 +787,7 @@ treefix(dns_rbt_t *rbt, void *base, size_t filesize, dns_rbtnode_t *n,
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
CONFIRM((void *) n >= base);
|
||||
- CONFIRM((char *) n - (char *) base <= (int) nodemax);
|
||||
+ CONFIRM((size_t)((char *) n - (char *) base) <= nodemax);
|
||||
CONFIRM(DNS_RBTNODE_VALID(n));
|
||||
|
||||
dns_name_init(&nodename, NULL);
|
||||
@@ -939,7 +939,8 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
|
||||
rbt->root = (dns_rbtnode_t *)((char *)base_address +
|
||||
header_offset + header->first_node_offset);
|
||||
|
||||
- if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize) {
|
||||
+ if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize
|
||||
+ || header->first_node_offset > filesize) {
|
||||
result = ISC_R_INVALIDFILE;
|
||||
goto cleanup;
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@ -54,7 +54,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.11.5
|
||||
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Release: 4%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Epoch: 32
|
||||
Url: http://www.isc.org/products/BIND/
|
||||
#
|
||||
@ -131,6 +131,8 @@ Patch161:bind-9.11-host-idn-disable.patch
|
||||
Patch162:bind-9.11-unit-dnstap-pkcs11.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e
|
||||
Patch163:bind-9.11-rh1663318.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/issues/819
|
||||
Patch164:bind-9.11-rh1666814.patch
|
||||
|
||||
# SDB patches
|
||||
Patch11: bind-9.3.2b2-sdbsrc.patch
|
||||
@ -489,6 +491,7 @@ are used for building ISC DHCP.
|
||||
%patch161 -p1 -b .host-idn-disable
|
||||
%patch162 -p1 -b .dnstap-pkcs11
|
||||
%patch163 -p1 -b .rh1663318
|
||||
%patch164 -p1 -b .rh1666814
|
||||
|
||||
mkdir lib/dns/tests/testdata/dstrandom
|
||||
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
|
||||
@ -1487,6 +1490,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jan 16 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-4
|
||||
- Reject invalid binary file (#1666814)
|
||||
|
||||
* Mon Jan 14 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-3
|
||||
- Disable crypto rand for DHCP (#1663318)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user