32 lines
945 B
Diff
32 lines
945 B
Diff
From a4e1db793d4971d87631276ea57808074ed2c1c7 Mon Sep 17 00:00:00 2001
|
|
From: Petr Mensik <pemensik@redhat.com>
|
|
Date: Thu, 21 Feb 2019 17:23:53 +0100
|
|
Subject: [PATCH 1/3] Fix CVE-2018-5744
|
|
|
|
5110. [security] Named leaked memory if there were multiple Key Tag
|
|
EDNS options present. (CVE-2018-5744) [GL #772]
|
|
---
|
|
bin/named/client.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/bin/named/client.c b/bin/named/client.c
|
|
index b9ebc93..b7d8a98 100644
|
|
--- a/bin/named/client.c
|
|
+++ b/bin/named/client.c
|
|
@@ -2112,6 +2112,12 @@ process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
|
|
return (DNS_R_OPTERR);
|
|
}
|
|
|
|
+ /* Silently drop additional keytag options. */
|
|
+ if (client->keytag != NULL) {
|
|
+ isc_buffer_forward(buf, (unsigned int)optlen);
|
|
+ return (ISC_R_SUCCESS);
|
|
+ }
|
|
+
|
|
client->keytag = isc_mem_get(client->mctx, optlen);
|
|
if (client->keytag != NULL) {
|
|
client->keytag_len = (isc_uint16_t)optlen;
|
|
--
|
|
2.20.1
|
|
|