Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ldns: Fix two CVEs

Browse source 
CVE-2017-1000231 and CVE-2017-1000232.

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit is contained in:
Rosen Penev 2018-08-26 21:03:28 -07:00
parent 8938517832
commit 7f561b97c3
3 changed files with 60 additions and 2 deletions

4
libs/ldns/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ldns PKG_NAME:=ldns
PKG_VERSION:=1.7.0 PKG_VERSION:=1.7.0
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns
@ -17,7 +17,7 @@ PKG_HASH:=c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Nicolas Thill <nico@openwrt.org> PKG_MAINTAINER:=
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_INSTALL:=1 PKG_INSTALL:=1

28
libs/ldns/patches/100-CVE-2017-1000231.patch Normal file
View file

@ -0,0 +1,28 @@
From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:14:58 +0200
Subject: [PATCH] Check parse limit before t increment
Thanks Stephan Zeisberg
---
parse.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/parse.c b/parse.c
index e68627c..947dbb8 100644
--- a/parse.c
+++ b/parse.c
@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
if (line_nr) {
*line_nr = *line_nr + 1;
}
+ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+ *t = '\0';
+ return -1;
+ }
*t++ = ' ';
prev_c = c;
continue;
--
2.9.5

30
libs/ldns/patches/101-CVE-2017-1000232.patch Normal file
View file

@ -0,0 +1,30 @@
From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:25:20 +0200
Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size
Thanks Stephan Zeisberg
---
str2host.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/str2host.c b/str2host.c
index b274b17..f2a317b 100644
--- a/str2host.c
+++ b/str2host.c
@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
if (! str) {
return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
}
- length = (size_t)(dp - data);
-
+ if (!(length = (size_t)(dp - data))) {
+ LDNS_FREE(data);
+ return LDNS_STATUS_SYNTAX_EMPTY;
+ }
/* Lose the overmeasure */
data = LDNS_XREALLOC(dp = data, uint8_t, length);
if (! data) {
--
2.9.5