From: Joshua G Lock <joshua.g.lock@linux.intel.com>
To: Sona Sarmadi <sona.sarmadi@enea.com>,
openembedded-core@lists.openembedded.org
Subject: Re: [PATCH][fido] bind: CVE-2016-1285 CVE-2016-1286
Date: Tue, 12 Apr 2016 12:02:18 +0100 [thread overview]
Message-ID: <1460458938.3309.7.camel@linux.intel.com> (raw)
In-Reply-To: <1460092326-34326-1-git-send-email-sona.sarmadi@enea.com>
On Fri, 2016-04-08 at 07:12 +0200, Sona Sarmadi wrote:
> CVE-2016-1285 bind: malformed packet sent to rndc can trigger
> assertion failure
> CVE-2016-1286 bind: malformed signature records for DNAME records can
> trigger assertion failure
Unfortunately I can't build bind with this patch applied:
| cc.c: In function 'verify':
| cc.c:293:27: error: 'hmac' undeclared (first use in this function)
| if (!isccc_sexpr_binaryp(hmac))
| ^
| cc.c:293:27: note: each undeclared identifier is reported only once
for each function it appears in
| make[2]: *** [cc.o] Error 1
Based on a quick skim read of the patches I think this is caused
by CVE-2016-1285.patch:
<snip>
> --- /dev/null
> +++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
<snip>
> +diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
> +index 9915568..ffcd584 100644
> +--- a/lib/isccc/cc.c
> ++++ b/lib/isccc/cc.c
> +@@ -284,10 +284,10 @@ verify(isccc_sexpr_t *alist, unsigned char
> *data, unsigned int length,
> + * Extract digest.
> + */
> + _auth = isccc_alist_lookup(alist, "_auth");
> +- if (_auth == NULL)
> ++ if (!isccc_alist_alistp(_auth))
> + return (ISC_R_FAILURE);
> + hmd5 = isccc_alist_lookup(_auth, "hmd5");
> +- if (hmd5 == NULL)
> ++ if (!isccc_sexpr_binaryp(hmac))
I believe this is the root of the compilation error. Should this be:
if (!isccc_sexpr_binaryp(hmd5))
?
<snip>
Regards,
Joshua
next prev parent reply other threads:[~2016-04-12 11:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-08 5:12 [PATCH][fido] bind: CVE-2016-1285 CVE-2016-1286 Sona Sarmadi
2016-04-12 11:02 ` Joshua G Lock [this message]
2016-04-12 11:11 ` Sona Sarmadi
2016-04-12 11:18 ` Burton, Ross
2016-04-12 11:22 ` Sona Sarmadi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1460458938.3309.7.camel@linux.intel.com \
--to=joshua.g.lock@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=sona.sarmadi@enea.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox