[OE-core] [PATCH][fido] bind: CVE-2016-1285 CVE-2016-1286
Joshua G Lock
joshua.g.lock at linux.intel.com
Tue Apr 12 11:02:18 UTC 2016
On Fri, 2016-04-08 at 07:12 +0200, Sona Sarmadi wrote:
> CVE-2016-1285 bind: malformed packet sent to rndc can trigger
> assertion failure
> CVE-2016-1286 bind: malformed signature records for DNAME records can
> trigger assertion failure
Unfortunately I can't build bind with this patch applied:
| cc.c: In function 'verify':
| cc.c:293:27: error: 'hmac' undeclared (first use in this function)
| if (!isccc_sexpr_binaryp(hmac))
| ^
| cc.c:293:27: note: each undeclared identifier is reported only once
for each function it appears in
| make[2]: *** [cc.o] Error 1
Based on a quick skim read of the patches I think this is caused
by CVE-2016-1285.patch:
<snip>
> --- /dev/null
> +++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
<snip>
> +diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
> +index 9915568..ffcd584 100644
> +--- a/lib/isccc/cc.c
> ++++ b/lib/isccc/cc.c
> +@@ -284,10 +284,10 @@ verify(isccc_sexpr_t *alist, unsigned char
> *data, unsigned int length,
> + * Extract digest.
> + */
> + _auth = isccc_alist_lookup(alist, "_auth");
> +- if (_auth == NULL)
> ++ if (!isccc_alist_alistp(_auth))
> + return (ISC_R_FAILURE);
> + hmd5 = isccc_alist_lookup(_auth, "hmd5");
> +- if (hmd5 == NULL)
> ++ if (!isccc_sexpr_binaryp(hmac))
I believe this is the root of the compilation error. Should this be:
if (!isccc_sexpr_binaryp(hmd5))
?
<snip>
Regards,
Joshua
More information about the Openembedded-core
mailing list