rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-CVE-2018-5744.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   9f77a92add7cb85d4de18bf2da7dadffe4bc866f
  2.   SOURCES
  3.   bind-9.11-CVE-2018-5744.patch
Blob History Raw
2e2c49 
From a4e1db793d4971d87631276ea57808074ed2c1c7 Mon Sep 17 00:00:00 2001
2e2c49 
From: Petr Mensik <pemensik@redhat.com>
2e2c49 
Date: Thu, 21 Feb 2019 17:23:53 +0100
2e2c49 
Subject: [PATCH 1/3] Fix CVE-2018-5744
2e2c49
2e2c49 
5110.	[security]	Named leaked memory if there were multiple Key Tag
2e2c49 
			EDNS options present. (CVE-2018-5744) [GL #772]
2e2c49 
---
2e2c49 
 bin/named/client.c | 6 ++++++
2e2c49 
 1 file changed, 6 insertions(+)
2e2c49
2e2c49 
diff --git a/bin/named/client.c b/bin/named/client.c
2e2c49 
index b9ebc93..b7d8a98 100644
2e2c49 
--- a/bin/named/client.c
2e2c49 
+++ b/bin/named/client.c
2e2c49 
@@ -2112,6 +2112,12 @@ process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
2e2c49 
 		return (DNS_R_OPTERR);
2e2c49 
 	}
2e2c49
2e2c49 
+	/* Silently drop additional keytag options. */
2e2c49 
+	if (client->keytag != NULL) {
2e2c49 
+		isc_buffer_forward(buf, (unsigned int)optlen);
2e2c49 
+		return (ISC_R_SUCCESS);
2e2c49 
+	}
2e2c49 
+
2e2c49 
 	client->keytag = isc_mem_get(client->mctx, optlen);
2e2c49 
 	if (client->keytag != NULL) {
2e2c49 
 		client->keytag_len = (isc_uint16_t)optlen;
2e2c49 
--
2e2c49 
2.20.1
2e2c49

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation