rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-CVE-2018-5744.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   e55890575f38b305d8897eb76bb5a42c87f8f5d2
  2.   SOURCES
  3.   bind-9.11-CVE-2018-5744.patch
Blob History Raw
e55890 
From a4e1db793d4971d87631276ea57808074ed2c1c7 Mon Sep 17 00:00:00 2001
e55890 
From: Petr Mensik <pemensik@redhat.com>
e55890 
Date: Thu, 21 Feb 2019 17:23:53 +0100
e55890 
Subject: [PATCH 1/3] Fix CVE-2018-5744
e55890
e55890 
5110.	[security]	Named leaked memory if there were multiple Key Tag
e55890 
			EDNS options present. (CVE-2018-5744) [GL #772]
e55890 
---
e55890 
 bin/named/client.c | 6 ++++++
e55890 
 1 file changed, 6 insertions(+)
e55890
e55890 
diff --git a/bin/named/client.c b/bin/named/client.c
e55890 
index b9ebc93..b7d8a98 100644
e55890 
--- a/bin/named/client.c
e55890 
+++ b/bin/named/client.c
e55890 
@@ -2112,6 +2112,12 @@ process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
e55890 
 		return (DNS_R_OPTERR);
e55890 
 	}
e55890
e55890 
+	/* Silently drop additional keytag options. */
e55890 
+	if (client->keytag != NULL) {
e55890 
+		isc_buffer_forward(buf, (unsigned int)optlen);
e55890 
+		return (ISC_R_SUCCESS);
e55890 
+	}
e55890 
+
e55890 
 	client->keytag = isc_mem_get(client->mctx, optlen);
e55890 
 	if (client->keytag != NULL) {
e55890 
 		client->keytag_len = (isc_uint16_t)optlen;
e55890 
--
e55890 
2.20.1
e55890

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation