diff options
| author | Tomas Hozza <thozza@redhat.com> | 2014-01-14 14:05:20 +0100 |
|---|---|---|
| committer | Tomas Hozza <thozza@redhat.com> | 2014-01-14 14:05:20 +0100 |
| commit | 14a63be5be973ea2ff791673b19d6f98104339fb (patch) | |
| tree | a2a6e6e3e1a0e16a16c70adffc69bb9134dea01c | |
| parent | 1a8c6bc42b0c597950a1af8ccdd2752bf1331632 (diff) | |
Fix CVE-2014-0591
Signed-off-by: Tomas Hozza <thozza@redhat.com>
| -rw-r--r-- | bind-9.9.4-CVE-2014-0591.patch | 53 | ||||
| -rw-r--r-- | bind.spec | 7 |
2 files changed, 59 insertions, 1 deletions
diff --git a/bind-9.9.4-CVE-2014-0591.patch b/bind-9.9.4-CVE-2014-0591.patch new file mode 100644 index 0000000..ba225b1 --- /dev/null +++ b/bind-9.9.4-CVE-2014-0591.patch @@ -0,0 +1,53 @@ +diff -pruN bind-9.9.4-P1/bin/named/query.c bind-9.9.4-P2/bin/named/query.c +--- bind-9.9.4-P1/bin/named/query.c 2013-10-16 01:04:32.000000000 +0200 ++++ bind-9.9.4-P2/bin/named/query.c 2013-12-20 01:28:28.000000000 +0100 +@@ -5260,8 +5260,7 @@ query_findclosestnsec3(dns_name_t *qname + dns_fixedname_t fixed; + dns_hash_t hash; + dns_name_t name; +- int order; +- unsigned int count; ++ unsigned int skip = 0, labels; + dns_rdata_nsec3_t nsec3; + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_boolean_t optout; +@@ -5276,6 +5275,7 @@ query_findclosestnsec3(dns_name_t *qname + + dns_name_init(&name, NULL); + dns_name_clone(qname, &name); ++ labels = dns_name_countlabels(&name); + dns_clientinfomethods_init(&cm, ns_client_sourceip); + dns_clientinfo_init(&ci, client); + +@@ -5309,13 +5309,14 @@ query_findclosestnsec3(dns_name_t *qname + dns_rdata_reset(&rdata); + optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); + if (found != NULL && optout && +- dns_name_fullcompare(&name, dns_db_origin(db), &order, +- &count) == dns_namereln_subdomain) { ++ dns_name_issubdomain(&name, dns_db_origin(db))) ++ { + dns_rdataset_disassociate(rdataset); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); +- count = dns_name_countlabels(&name) - 1; +- dns_name_getlabelsequence(&name, 1, count, &name); ++ skip++; ++ dns_name_getlabelsequence(qname, skip, labels - skip, ++ &name); + ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, + NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), + "looking for closest provable encloser"); +@@ -5333,7 +5334,11 @@ query_findclosestnsec3(dns_name_t *qname + ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, + NS_LOGMODULE_QUERY, ISC_LOG_WARNING, + "expected covering NSEC3, got an exact match"); +- if (found != NULL) ++ if (found == qname) { ++ if (skip != 0U) ++ dns_name_getlabelsequence(qname, skip, labels - skip, ++ found); ++ } else if (found != NULL) + dns_name_copy(&name, found, NULL); + return; + } @@ -30,7 +30,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.5 -Release: 0.1.%{?PATCHVER}%{?PREVER}%{?dist} +Release: 0.2.%{?PATCHVER}%{?PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -90,6 +90,7 @@ Patch137:bind99-rrl.patch # Install dns/update.h header for bind-dyndb-ldap plugin Patch138:bind-9.9.3-include-update-h.patch Patch142:bind99-ISC-Bugs-35080.patch +Patch143:bind-9.9.4-CVE-2014-0591.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -304,6 +305,7 @@ popd %patch137 -p1 -b .rrl %patch138 -p1 -b .update %patch142 -p1 -b .rbtdb_crash +%patch143 -p1 -b .CVE-2014-0591 %if %{SDB} %patch101 -p1 -b .old-api @@ -918,6 +920,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Tue Jan 14 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.2.b1 +- Fix CVE-2014-0591 + * Mon Jan 06 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.1.b1 - Update to bind-9.9.5b1 - Build bind-sdb against libdb instead of libdb4 |