[bind/f18] Fix CVE-2014-0591
Tomas Hozza
thozza at fedoraproject.org
Tue Jan 14 13:19:42 UTC 2014
commit cd34c9ae86f018d829d112dfd47bd545b26c010e
Author: Tomas Hozza <thozza at redhat.com>
Date: Tue Jan 14 14:05:20 2014 +0100
Fix CVE-2014-0591
Signed-off-by: Tomas Hozza <thozza at redhat.com>
bind-9.9.4-CVE-2014-0591.patch | 53 ++++++++++++++++++++++++++++++++++++++++
bind.spec | 7 ++++-
2 files changed, 59 insertions(+), 1 deletions(-)
---
diff --git a/bind-9.9.4-CVE-2014-0591.patch b/bind-9.9.4-CVE-2014-0591.patch
new file mode 100644
index 0000000..ba225b1
--- /dev/null
+++ b/bind-9.9.4-CVE-2014-0591.patch
@@ -0,0 +1,53 @@
+diff -pruN bind-9.9.4-P1/bin/named/query.c bind-9.9.4-P2/bin/named/query.c
+--- bind-9.9.4-P1/bin/named/query.c 2013-10-16 01:04:32.000000000 +0200
++++ bind-9.9.4-P2/bin/named/query.c 2013-12-20 01:28:28.000000000 +0100
+@@ -5260,8 +5260,7 @@ query_findclosestnsec3(dns_name_t *qname
+ dns_fixedname_t fixed;
+ dns_hash_t hash;
+ dns_name_t name;
+- int order;
+- unsigned int count;
++ unsigned int skip = 0, labels;
+ dns_rdata_nsec3_t nsec3;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_boolean_t optout;
+@@ -5276,6 +5275,7 @@ query_findclosestnsec3(dns_name_t *qname
+
+ dns_name_init(&name, NULL);
+ dns_name_clone(qname, &name);
++ labels = dns_name_countlabels(&name);
+ dns_clientinfomethods_init(&cm, ns_client_sourceip);
+ dns_clientinfo_init(&ci, client);
+
+@@ -5309,13 +5309,14 @@ query_findclosestnsec3(dns_name_t *qname
+ dns_rdata_reset(&rdata);
+ optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
+ if (found != NULL && optout &&
+- dns_name_fullcompare(&name, dns_db_origin(db), &order,
+- &count) == dns_namereln_subdomain) {
++ dns_name_issubdomain(&name, dns_db_origin(db)))
++ {
+ dns_rdataset_disassociate(rdataset);
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+- count = dns_name_countlabels(&name) - 1;
+- dns_name_getlabelsequence(&name, 1, count, &name);
++ skip++;
++ dns_name_getlabelsequence(qname, skip, labels - skip,
++ &name);
+ ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
+ NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
+ "looking for closest provable encloser");
+@@ -5333,7 +5334,11 @@ query_findclosestnsec3(dns_name_t *qname
+ ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
+ NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
+ "expected covering NSEC3, got an exact match");
+- if (found != NULL)
++ if (found == qname) {
++ if (skip != 0U)
++ dns_name_getlabelsequence(qname, skip, labels - skip,
++ found);
++ } else if (found != NULL)
+ dns_name_copy(&name, found, NULL);
+ return;
+ }
diff --git a/bind.spec b/bind.spec
index e58ae54..bfe3251 100644
--- a/bind.spec
+++ b/bind.spec
@@ -26,7 +26,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.3
-Release: 7.%{?PATCHVER}%{?dist}
+Release: 8.%{?PATCHVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -83,6 +83,7 @@ Patch136:rl-9.9.3-P2.patch
Patch137:bind99-rrl.patch
# upstream patch [ISC-Bugs #34870]
Patch138:bind99-ISC-Bugs-34870-v3.patch
+Patch139:bind-9.9.4-CVE-2014-0591.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -281,6 +282,7 @@ popd
%patch136 -p0 -b .rl
%patch137 -p1 -b .rrl
%patch138 -p1 -b .send_buffer
+%patch139 -p1 -b .CVE-2014-0591
%if %{SDB}
%patch101 -p1 -b .old-api
@@ -778,6 +780,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Tue Jan 14 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.3-8.P2
+- Fix CVE-2014-0591
+
* Thu Oct 31 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-7.P2
- Correct the upstream patch for #794940
More information about the scm-commits
mailing list