Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 848662 Details for
Bug 1051717
CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
bind 9.8.6 patch
bind-9.8.6-CVE-2014-0591.patch (text/plain), 5.62 KB, created by
Vincent Danen
on 2014-01-11 17:17:32 UTC
(
hide
)
Description:
bind 9.8.6 patch
Filename:
MIME Type:
Creator:
Vincent Danen
Created:
2014-01-11 17:17:32 UTC
Size:
5.62 KB
patch
obsolete
>diff -pruN bind-9.8.6-P1/bin/named/query.c bind-9.8.6-P2/bin/named/query.c >--- bind-9.8.6-P1/bin/named/query.c 2013-10-16 01:02:52.000000000 +0200 >+++ bind-9.8.6-P2/bin/named/query.c 2013-12-20 01:30:37.000000000 +0100 >@@ -5178,8 +5178,7 @@ query_findclosestnsec3(dns_name_t *qname > dns_fixedname_t fixed; > dns_hash_t hash; > dns_name_t name; >- int order; >- unsigned int count; >+ unsigned int skip = 0, labels; > dns_rdata_nsec3_t nsec3; > dns_rdata_t rdata = DNS_RDATA_INIT; > isc_boolean_t optout; >@@ -5192,6 +5191,7 @@ query_findclosestnsec3(dns_name_t *qname > > dns_name_init(&name, NULL); > dns_name_clone(qname, &name); >+ labels = dns_name_countlabels(&name); > > /* > * Map unknown algorithm to known value. >@@ -5223,13 +5223,14 @@ query_findclosestnsec3(dns_name_t *qname > dns_rdata_reset(&rdata); > optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); > if (found != NULL && optout && >- dns_name_fullcompare(&name, dns_db_origin(db), &order, >- &count) == dns_namereln_subdomain) { >+ dns_name_issubdomain(&name, dns_db_origin(db))) >+ { > dns_rdataset_disassociate(rdataset); > if (dns_rdataset_isassociated(sigrdataset)) > dns_rdataset_disassociate(sigrdataset); >- count = dns_name_countlabels(&name) - 1; >- dns_name_getlabelsequence(&name, 1, count, &name); >+ skip++; >+ dns_name_getlabelsequence(qname, skip, labels - skip, >+ &name); > ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, > NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), > "looking for closest provable encloser"); >@@ -5247,7 +5248,11 @@ query_findclosestnsec3(dns_name_t *qname > ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, > NS_LOGMODULE_QUERY, ISC_LOG_WARNING, > "expected covering NSEC3, got an exact match"); >- if (found != NULL) >+ if (found == qname) { >+ if (skip != 0U) >+ dns_name_getlabelsequence(qname, skip, labels - skip, >+ found); >+ } else if (found != NULL) > dns_name_copy(&name, found, NULL); > return; > } >diff -pruN bind-9.8.6-P1/bin/named/unix/os.c bind-9.8.6-P2/bin/named/unix/os.c >--- bind-9.8.6-P1/bin/named/unix/os.c 2013-10-16 01:02:52.000000000 +0200 >+++ bind-9.8.6-P2/bin/named/unix/os.c 2013-12-20 01:30:37.000000000 +0100 >@@ -117,12 +117,12 @@ static int dfd[2] = { -1, -1 }; > static isc_boolean_t non_root = ISC_FALSE; > static isc_boolean_t non_root_caps = ISC_FALSE; > >-#ifdef HAVE_LINUX_TYPES_H >-#include <linux/types.h> >-#endif > #ifdef HAVE_SYS_CAPABILITY_H > #include <sys/capability.h> > #else >+#ifdef HAVE_LINUX_TYPES_H >+#include <linux/types.h> >+#endif > /*% > * We define _LINUX_FS_H to prevent it from being included. We don't need > * anything from it, and the files it includes cause warnings with 2.2 >diff -pruN bind-9.8.6-P1/CHANGES bind-9.8.6-P2/CHANGES >--- bind-9.8.6-P1/CHANGES 2013-10-16 01:02:52.000000000 +0200 >+++ bind-9.8.6-P2/CHANGES 2013-12-20 01:30:37.000000000 +0100 >@@ -1,6 +1,16 @@ >+ --- 9.8.6-P2 released --- >+ >+3693. [security] memcpy was incorrectly called with overlapping >+ ranges resulting in malformed names being generated >+ on some platforms. This could cause INSIST failures >+ when serving NSEC3 signed zones. [RT #35120] >+ >+3658. [port] linux: Address platform specific compilation issue >+ when libcap-devel is installed. [RT #34838] >+ > --- 9.8.6-P1 released --- > >-3656. [bug] Treat a all zero netmask as invalid when generating >+3656. [bug] Treat an all zero netmask as invalid when generating > the localnets acl. [RT #34687] > > --- 9.8.6 released --- >diff -pruN bind-9.8.6-P1/configure bind-9.8.6-P2/configure >--- bind-9.8.6-P1/configure 2013-10-16 01:02:52.000000000 +0200 >+++ bind-9.8.6-P2/configure 2013-12-20 01:30:37.000000000 +0100 >@@ -17493,17 +17493,28 @@ fi > > done > >- for ac_header in linux/capability.h sys/capability.h >+ for ac_header in sys/capability.h > do : >- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` >-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#ifdef HAVE_LINUX_TYPES_H >+ ac_fn_c_check_header_mongrel "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default" >+if test "x$ac_cv_header_sys_capability_h" = xyes; then : >+ cat >>confdefs.h <<_ACEOF >+#define HAVE_SYS_CAPABILITY_H 1 >+_ACEOF >+ >+fi >+ >+done >+ >+ for ac_header in linux/capability.h >+do : >+ ac_fn_c_check_header_compile "$LINENO" "linux/capability.h" "ac_cv_header_linux_capability_h" "#ifdef HAVE_LINUX_TYPES_H > #include <linux/types.h> > #endif > > " >-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : >+if test "x$ac_cv_header_linux_capability_h" = xyes; then : > cat >>confdefs.h <<_ACEOF >-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 >+#define HAVE_LINUX_CAPABILITY_H 1 > _ACEOF > > fi >diff -pruN bind-9.8.6-P1/configure.in bind-9.8.6-P2/configure.in >--- bind-9.8.6-P1/configure.in 2013-10-16 01:02:52.000000000 +0200 >+++ bind-9.8.6-P2/configure.in 2013-12-20 01:30:37.000000000 +0100 >@@ -2426,7 +2426,8 @@ AC_ARG_ENABLE(linux-caps, > case "$enable_linux_caps" in > yes|'') > AC_CHECK_HEADERS(linux/types.h) >- AC_CHECK_HEADERS([linux/capability.h sys/capability.h], [], [], >+ AC_CHECK_HEADERS([sys/capability.h]) >+ AC_CHECK_HEADERS([linux/capability.h], [], [], > [#ifdef HAVE_LINUX_TYPES_H > #include <linux/types.h> > #endif >diff -pruN bind-9.8.6-P1/srcid bind-9.8.6-P2/srcid >--- bind-9.8.6-P1/srcid 2013-10-16 02:09:33.000000000 +0200 >+++ bind-9.8.6-P2/srcid 2013-12-20 04:13:47.000000000 +0100 >@@ -1 +1 @@ >-SRCID=aefa9de2 >+SRCID=ff76ff68 >diff -pruN bind-9.8.6-P1/version bind-9.8.6-P2/version >--- bind-9.8.6-P1/version 2013-10-16 01:02:52.000000000 +0200 >+++ bind-9.8.6-P2/version 2013-12-20 01:30:37.000000000 +0100 >@@ -9,4 +9,4 @@ MAJORVER=9 > MINORVER=8 > PATCHVER=6 > RELEASETYPE=-P >-RELEASEVER=1 >+RELEASEVER=2
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=848662">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1051717
: 848662 |
848664