rpms / bind9.16

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-rh1666814.patch

c8 c8-beta c8s
  1.   c8-beta
  2.   SOURCES
  3.   bind-9.11-rh1666814.patch
Blob History Raw
b7523e 
From 0f03071080e7fa68433b322359d46abaca2cc5ad Mon Sep 17 00:00:00 2001
b7523e 
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
b7523e 
Date: Wed, 16 Jan 2019 16:27:33 +0100
b7523e 
Subject: [PATCH] Fix possible crash when loading corrupted file
b7523e
b7523e 
Some values passes internal triggers by coincidence. Fix the check and
b7523e 
check also first_node_offset before even passing it further.
b7523e 
---
b7523e 
 lib/dns/rbt.c | 4 +++-
b7523e 
 1 file changed, 3 insertions(+), 1 deletion(-)
b7523e
b7523e 
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
b7523e 
index 5aee5f6..7f2c2d2 100644
b7523e 
--- a/lib/dns/rbt.c
b7523e 
+++ b/lib/dns/rbt.c
b7523e 
@@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
b7523e 
 	rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset +
b7523e 
 				      header->first_node_offset);
b7523e
b7523e 
-	if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize) {
b7523e 
+	if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize
b7523e 
+	    || header->first_node_offset > filesize) {
b7523e 
+
b7523e 
 		result = ISC_R_INVALIDFILE;
b7523e 
 		goto cleanup;
b7523e 
 	}
b7523e 
--
b7523e 
2.31.1
b7523e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation