diff options
author | taca <taca@pkgsrc.org> | 2015-09-03 00:33:31 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2015-09-03 00:33:31 +0000 |
commit | 8dc3a66fb73d39744442f0f971a014332ef108a7 (patch) | |
tree | 6b833624e7b32177940f33d98263d40cbaf9520c | |
parent | 1ff365d73a5492e52e9e8109dbbc335c608e86ef (diff) | |
download | pkgsrc-8dc3a66fb73d39744442f0f971a014332ef108a7.tar.gz |
Update bind910 to 9.10.2pl4 (BIND 9.10.2-P4).
(Already fixed by bind-9.10.2pl3nb1.)
--- 9.10.2-P4 released ---
4170. [security] An incorrect boundary check in the OPENPGPKEY
rdatatype could trigger an assertion failure.
(CVE-2015-5986) [RT #40286]
4168. [security] A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212]
-rw-r--r-- | net/bind910/Makefile | 5 | ||||
-rw-r--r-- | net/bind910/distinfo | 20 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_hmac_link.c | 120 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_include_dst_dst.h | 15 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_ncache.c | 33 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_openssldh_link.c | 106 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_openssldsa_link.c | 103 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_opensslecdsa_link.c | 19 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_opensslrsa_link.c | 64 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_pkcs11dh_link.c | 93 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_pkcs11dsa_link.c | 97 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_pkcs11rsa_link.c | 67 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c | 16 | ||||
-rw-r--r-- | net/bind910/patches/patch-lib_dns_resolver.c | 28 |
14 files changed, 6 insertions, 780 deletions
diff --git a/net/bind910/Makefile b/net/bind910/Makefile index bb3052163e6..759c9be1992 100644 --- a/net/bind910/Makefile +++ b/net/bind910/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.11 2015/09/02 19:46:44 sevan Exp $ +# $NetBSD: Makefile,v 1.12 2015/09/03 00:33:31 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} -PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ @@ -15,7 +14,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.10.2-P3 +BIND_VERSION= 9.10.2-P4 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind910/distinfo b/net/bind910/distinfo index e5b58afa2b5..adb0de4c638 100644 --- a/net/bind910/distinfo +++ b/net/bind910/distinfo @@ -1,25 +1,13 @@ -$NetBSD: distinfo,v 1.9 2015/09/02 19:46:44 sevan Exp $ +$NetBSD: distinfo,v 1.10 2015/09/03 00:33:31 taca Exp $ -SHA1 (bind-9.10.2-P3.tar.gz) = ab362f2632db923accd1b29e37b8fffa66d21d8d -RMD160 (bind-9.10.2-P3.tar.gz) = 1cd59e605ab723a1e051dfd6727f4534f3368efa -Size (bind-9.10.2-P3.tar.gz) = 8469831 bytes +SHA1 (bind-9.10.2-P4.tar.gz) = 55b8803c566aa0c9a9e4dbabbad06fb4536a8d5b +RMD160 (bind-9.10.2-P4.tar.gz) = 8b2e0501899a5d654d8a234a7bd939cf06c43948 +Size (bind-9.10.2-P4.tar.gz) = 8471531 bytes SHA1 (patch-bin_dig_dighost.c) = 582fa4c7288e70bcc6ac906e8429cf38e0ad5152 SHA1 (patch-bin_tests_system_Makefile.in) = 8bb6130981a6ff2ac736cf53a061115782bb65a2 SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 SHA1 (patch-configure) = 3ea12f60b26064679e086ef5e637420b95d165be SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f -SHA1 (patch-lib_dns_hmac_link.c) = 4ed376d95d5588b0b4fd408f7e889b6ec2c23f1f -SHA1 (patch-lib_dns_include_dst_dst.h) = 574b8c74cfc5e48c535716be0dc4adc38078ad18 -SHA1 (patch-lib_dns_ncache.c) = 95b50b3a89f7f7988ff15a16746e73500e85b321 -SHA1 (patch-lib_dns_openssldh_link.c) = 4f357bff84a822326833de7c132395c1cc252a94 -SHA1 (patch-lib_dns_openssldsa_link.c) = a21c32975643c939f4090db60c9066adac6a3800 -SHA1 (patch-lib_dns_opensslecdsa_link.c) = 6e33e77c40b64c887057a18e0f6d8406db55920a -SHA1 (patch-lib_dns_opensslrsa_link.c) = e1f3a1f1d96ba56b877fd6123221ba8a54cef427 -SHA1 (patch-lib_dns_pkcs11dh_link.c) = 8a2fc71462a21bd17dab8e9221c00ce05694f4e2 -SHA1 (patch-lib_dns_pkcs11dsa_link.c) = 2ade7fe1e629e4d3ab4c486286105989f39f2b91 -SHA1 (patch-lib_dns_pkcs11rsa_link.c) = c59c26fec43a2193eee016be0c4169492395c351 SHA1 (patch-lib_dns_rbt.c) = 510dfc72bc7764e548a46e9c48b58b2543490d7a -SHA1 (patch-lib_dns_rdata_generic_openpgpkey_61.c) = 8b323bae83dc9bf508b4c6765462eac4271b8761 -SHA1 (patch-lib_dns_resolver.c) = b922349bb5e4f4c70aad67976fec41c642735d04 SHA1 (patch-lib_lwres_getaddrinfo.c) = 69e9c8049fedcb93bd219c6053163f21ce3b2535 SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1 diff --git a/net/bind910/patches/patch-lib_dns_hmac_link.c b/net/bind910/patches/patch-lib_dns_hmac_link.c deleted file mode 100644 index 0827fbf25a7..00000000000 --- a/net/bind910/patches/patch-lib_dns_hmac_link.c +++ /dev/null @@ -1,120 +0,0 @@ -$NetBSD: patch-lib_dns_hmac_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/hmac_link.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/hmac_link.c -@@ -76,7 +76,7 @@ hmacmd5_createctx(dst_key_t *key, dst_co - hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t)); - if (hmacmd5ctx == NULL) - return (ISC_R_NOMEMORY); -- isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH); -+ isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH); - dctx->ctxdata.hmacmd5ctx = hmacmd5ctx; - return (ISC_R_SUCCESS); - } -@@ -139,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, c - else if (hkey1 == NULL || hkey2 == NULL) - return (ISC_FALSE); - -- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH)) -+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH)) - return (ISC_TRUE); - else - return (ISC_FALSE); -@@ -150,17 +150,17 @@ hmacmd5_generate(dst_key_t *key, int pse - isc_buffer_t b; - isc_result_t ret; - unsigned int bytes; -- unsigned char data[ISC_SHA1_BLOCK_LENGTH]; -+ unsigned char data[ISC_MD5_BLOCK_LENGTH]; - - UNUSED(callback); - - bytes = (key->key_size + 7) / 8; -- if (bytes > ISC_SHA1_BLOCK_LENGTH) { -- bytes = ISC_SHA1_BLOCK_LENGTH; -- key->key_size = ISC_SHA1_BLOCK_LENGTH * 8; -+ if (bytes > ISC_MD5_BLOCK_LENGTH) { -+ bytes = ISC_MD5_BLOCK_LENGTH; -+ key->key_size = ISC_MD5_BLOCK_LENGTH * 8; - } - -- memset(data, 0, ISC_SHA1_BLOCK_LENGTH); -+ memset(data, 0, ISC_MD5_BLOCK_LENGTH); - ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); - - if (ret != ISC_R_SUCCESS) -@@ -169,7 +169,7 @@ hmacmd5_generate(dst_key_t *key, int pse - isc_buffer_init(&b, data, bytes); - isc_buffer_add(&b, bytes); - ret = hmacmd5_fromdns(key, &b); -- memset(data, 0, ISC_SHA1_BLOCK_LENGTH); -+ memset(data, 0, ISC_MD5_BLOCK_LENGTH); - - return (ret); - } -@@ -223,7 +223,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff - - memset(hkey->key, 0, sizeof(hkey->key)); - -- if (r.length > ISC_SHA1_BLOCK_LENGTH) { -+ if (r.length > ISC_MD5_BLOCK_LENGTH) { - isc_md5_init(&md5ctx); - isc_md5_update(&md5ctx, r.base, r.length); - isc_md5_final(&md5ctx, hkey->key); -@@ -236,6 +236,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff - key->key_size = keylen * 8; - key->keydata.hmacmd5 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -519,6 +521,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buf - key->key_size = keylen * 8; - key->keydata.hmacsha1 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -804,6 +808,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha224 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -1089,6 +1095,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha256 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -1374,6 +1382,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha384 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -1659,6 +1669,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha512 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - diff --git a/net/bind910/patches/patch-lib_dns_include_dst_dst.h b/net/bind910/patches/patch-lib_dns_include_dst_dst.h deleted file mode 100644 index d17686bd54e..00000000000 --- a/net/bind910/patches/patch-lib_dns_include_dst_dst.h +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-lib_dns_include_dst_dst.h,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/include/dst/dst.h.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/include/dst/dst.h -@@ -71,6 +71,7 @@ typedef struct dst_context dst_context_ - #define DST_ALG_HMACSHA256 163 /* XXXMPA */ - #define DST_ALG_HMACSHA384 164 /* XXXMPA */ - #define DST_ALG_HMACSHA512 165 /* XXXMPA */ -+#define DST_ALG_INDIRECT 252 - #define DST_ALG_PRIVATE 254 - #define DST_ALG_EXPAND 255 - #define DST_MAX_ALGS 255 diff --git a/net/bind910/patches/patch-lib_dns_ncache.c b/net/bind910/patches/patch-lib_dns_ncache.c deleted file mode 100644 index cfcbddbadb1..00000000000 --- a/net/bind910/patches/patch-lib_dns_ncache.c +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-lib_dns_ncache.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/ncache.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/ncache.c -@@ -615,13 +615,11 @@ dns_ncache_getsigrdataset(dns_rdataset_t - dns_name_fromregion(&tname, &remaining); - INSIST(remaining.length >= tname.length); - isc_buffer_forward(&source, tname.length); -- remaining.length -= tname.length; -- remaining.base += tname.length; -+ isc_region_consume(&remaining, tname.length); - - INSIST(remaining.length >= 2); - type = isc_buffer_getuint16(&source); -- remaining.length -= 2; -- remaining.base += 2; -+ isc_region_consume(&remaining, 2); - - if (type != dns_rdatatype_rrsig || - !dns_name_equal(&tname, name)) { -@@ -633,8 +631,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t - INSIST(remaining.length >= 1); - trust = isc_buffer_getuint8(&source); - INSIST(trust <= dns_trust_ultimate); -- remaining.length -= 1; -- remaining.base += 1; -+ isc_region_consume(&remaining, 1); - - raw = remaining.base; - count = raw[0] * 256 + raw[1]; diff --git a/net/bind910/patches/patch-lib_dns_openssldh_link.c b/net/bind910/patches/patch-lib_dns_openssldh_link.c deleted file mode 100644 index 51094da3b13..00000000000 --- a/net/bind910/patches/patch-lib_dns_openssldh_link.c +++ /dev/null @@ -1,106 +0,0 @@ -$NetBSD: patch-lib_dns_openssldh_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/openssldh_link.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/openssldh_link.c -@@ -266,8 +266,10 @@ openssldh_destroy(dst_key_t *key) { - - static void - uint16_toregion(isc_uint16_t val, isc_region_t *region) { -- *region->base++ = (val & 0xff00) >> 8; -- *region->base++ = (val & 0x00ff); -+ *region->base = (val & 0xff00) >> 8; -+ isc_region_consume(region, 1); -+ *region->base = (val & 0x00ff); -+ isc_region_consume(region, 1); - } - - static isc_uint16_t -@@ -278,7 +280,8 @@ uint16_fromregion(isc_region_t *region) - val = ((unsigned int)(cp[0])) << 8; - val |= ((unsigned int)(cp[1])); - -- region->base += 2; -+ isc_region_consume(region, 2); -+ - return (val); - } - -@@ -319,16 +322,16 @@ openssldh_todns(const dst_key_t *key, is - } - else - BN_bn2bin(dh->p, r.base); -- r.base += plen; -+ isc_region_consume(&r, plen); - - uint16_toregion(glen, &r); - if (glen > 0) - BN_bn2bin(dh->g, r.base); -- r.base += glen; -+ isc_region_consume(&r, glen); - - uint16_toregion(publen, &r); - BN_bn2bin(dh->pub_key, r.base); -- r.base += publen; -+ isc_region_consume(&r, publen); - - isc_buffer_add(data, dnslen); - -@@ -369,10 +372,12 @@ openssldh_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - if (plen == 1 || plen == 2) { -- if (plen == 1) -- special = *r.base++; -- else -+ if (plen == 1) { -+ special = *r.base; -+ isc_region_consume(&r, 1); -+ } else { - special = uint16_fromregion(&r); -+ } - switch (special) { - case 1: - dh->p = &bn768; -@@ -387,10 +392,9 @@ openssldh_fromdns(dst_key_t *key, isc_bu - DH_free(dh); - return (DST_R_INVALIDPUBLICKEY); - } -- } -- else { -+ } else { - dh->p = BN_bin2bn(r.base, plen, NULL); -- r.base += plen; -+ isc_region_consume(&r, plen); - } - - /* -@@ -421,15 +425,14 @@ openssldh_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - } -- } -- else { -+ } else { - if (glen == 0) { - DH_free(dh); - return (DST_R_INVALIDPUBLICKEY); - } - dh->g = BN_bin2bn(r.base, glen, NULL); - } -- r.base += glen; -+ isc_region_consume(&r, glen); - - if (r.length < 2) { - DH_free(dh); -@@ -441,7 +444,7 @@ openssldh_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - dh->pub_key = BN_bin2bn(r.base, publen, NULL); -- r.base += publen; -+ isc_region_consume(&r, publen); - - key->key_size = BN_num_bits(dh->p); - diff --git a/net/bind910/patches/patch-lib_dns_openssldsa_link.c b/net/bind910/patches/patch-lib_dns_openssldsa_link.c deleted file mode 100644 index 50b1d39df8b..00000000000 --- a/net/bind910/patches/patch-lib_dns_openssldsa_link.c +++ /dev/null @@ -1,103 +0,0 @@ -$NetBSD: patch-lib_dns_openssldsa_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/openssldsa_link.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/openssldsa_link.c -@@ -137,6 +137,7 @@ openssldsa_sign(dst_context_t *dctx, isc - DSA *dsa = key->keydata.dsa; - isc_region_t r; - DSA_SIG *dsasig; -+ unsigned int klen; - #if USE_EVP - EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; - EVP_PKEY *pkey; -@@ -188,6 +189,7 @@ openssldsa_sign(dst_context_t *dctx, isc - ISC_R_FAILURE)); - } - free(sigbuf); -+ - #elif 0 - /* Only use EVP for the Digest */ - if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { -@@ -209,11 +211,17 @@ openssldsa_sign(dst_context_t *dctx, isc - "DSA_do_sign", - DST_R_SIGNFAILURE)); - #endif -- *r.base++ = (key->key_size - 512)/64; -+ -+ klen = (key->key_size - 512)/64; -+ if (klen > 255) -+ return (ISC_R_FAILURE); -+ *r.base = klen; -+ isc_region_consume(&r, 1); -+ - BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - DSA_SIG_free(dsasig); - isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); - -@@ -446,15 +454,16 @@ openssldsa_todns(const dst_key_t *key, i - if (r.length < (unsigned int) dnslen) - return (ISC_R_NOSPACE); - -- *r.base++ = t; -+ *r.base = t; -+ isc_region_consume(&r, 1); - BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - isc_buffer_add(data, dnslen); - -@@ -479,29 +488,30 @@ openssldsa_fromdns(dst_key_t *key, isc_b - return (ISC_R_NOMEMORY); - dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; - -- t = (unsigned int) *r.base++; -+ t = (unsigned int) *r.base; -+ isc_region_consume(&r, 1); - if (t > 8) { - DSA_free(dsa); - return (DST_R_INVALIDPUBLICKEY); - } - p_bytes = 64 + 8 * t; - -- if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { -+ if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { - DSA_free(dsa); - return (DST_R_INVALIDPUBLICKEY); - } - - dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - - dsa->p = BN_bin2bn(r.base, p_bytes, NULL); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - dsa->g = BN_bin2bn(r.base, p_bytes, NULL); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - key->key_size = p_bytes * 8; - diff --git a/net/bind910/patches/patch-lib_dns_opensslecdsa_link.c b/net/bind910/patches/patch-lib_dns_opensslecdsa_link.c deleted file mode 100644 index 4b00806e31f..00000000000 --- a/net/bind910/patches/patch-lib_dns_opensslecdsa_link.c +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-lib_dns_opensslecdsa_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/opensslecdsa_link.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/opensslecdsa_link.c -@@ -159,9 +159,9 @@ opensslecdsa_sign(dst_context_t *dctx, i - "ECDSA_do_sign", - DST_R_SIGNFAILURE)); - BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2); -- r.base += siglen / 2; -+ isc_region_consume(&r, siglen / 2); - BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2); -- r.base += siglen / 2; -+ isc_region_consume(&r, siglen / 2); - ECDSA_SIG_free(ecdsasig); - isc_buffer_add(sig, siglen); - ret = ISC_R_SUCCESS; diff --git a/net/bind910/patches/patch-lib_dns_opensslrsa_link.c b/net/bind910/patches/patch-lib_dns_opensslrsa_link.c deleted file mode 100644 index a087bd8979e..00000000000 --- a/net/bind910/patches/patch-lib_dns_opensslrsa_link.c +++ /dev/null @@ -1,64 +0,0 @@ -$NetBSD: patch-lib_dns_opensslrsa_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/opensslrsa_link.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/opensslrsa_link.c -@@ -964,6 +964,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - RSA *rsa; - isc_region_t r; - unsigned int e_bytes; -+ unsigned int length; - #if USE_EVP - EVP_PKEY *pkey; - #endif -@@ -971,6 +972,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - isc_buffer_remainingregion(data, &r); - if (r.length == 0) - return (ISC_R_SUCCESS); -+ length = r.length; - - rsa = RSA_new(); - if (rsa == NULL) -@@ -981,17 +983,18 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - RSA_free(rsa); - return (DST_R_INVALIDPUBLICKEY); - } -- e_bytes = *r.base++; -- r.length--; -+ e_bytes = *r.base; -+ isc_region_consume(&r, 1); - - if (e_bytes == 0) { - if (r.length < 2) { - RSA_free(rsa); - return (DST_R_INVALIDPUBLICKEY); - } -- e_bytes = ((*r.base++) << 8); -- e_bytes += *r.base++; -- r.length -= 2; -+ e_bytes = (*r.base) << 8; -+ isc_region_consume(&r, 1); -+ e_bytes += *r.base; -+ isc_region_consume(&r, 1); - } - - if (r.length < e_bytes) { -@@ -999,14 +1002,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - return (DST_R_INVALIDPUBLICKEY); - } - rsa->e = BN_bin2bn(r.base, e_bytes, NULL); -- r.base += e_bytes; -- r.length -= e_bytes; -+ isc_region_consume(&r, e_bytes); - - rsa->n = BN_bin2bn(r.base, r.length, NULL); - - key->key_size = BN_num_bits(rsa->n); - -- isc_buffer_forward(data, r.length); -+ isc_buffer_forward(data, length); - - #if USE_EVP - pkey = EVP_PKEY_new(); diff --git a/net/bind910/patches/patch-lib_dns_pkcs11dh_link.c b/net/bind910/patches/patch-lib_dns_pkcs11dh_link.c deleted file mode 100644 index 9f93dd9d408..00000000000 --- a/net/bind910/patches/patch-lib_dns_pkcs11dh_link.c +++ /dev/null @@ -1,93 +0,0 @@ -$NetBSD: patch-lib_dns_pkcs11dh_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/pkcs11dh_link.c.orig 2015-09-02 00:44:20.000000000 +0000 -+++ lib/dns/pkcs11dh_link.c -@@ -632,8 +632,10 @@ pkcs11dh_destroy(dst_key_t *key) { - - static void - uint16_toregion(isc_uint16_t val, isc_region_t *region) { -- *region->base++ = (val & 0xff00) >> 8; -- *region->base++ = (val & 0x00ff); -+ *region->base = (val & 0xff00) >> 8; -+ isc_region_consume(region, 1); -+ *region->base = (val & 0x00ff); -+ isc_region_consume(region, 1); - } - - static isc_uint16_t -@@ -644,7 +646,8 @@ uint16_fromregion(isc_region_t *region) - val = ((unsigned int)(cp[0])) << 8; - val |= ((unsigned int)(cp[1])); - -- region->base += 2; -+ isc_region_consume(region, 2); -+ - return (val); - } - -@@ -708,16 +711,16 @@ pkcs11dh_todns(const dst_key_t *key, isc - } - else - memmove(r.base, prime, plen); -- r.base += plen; -+ isc_region_consume(&r, plen); - - uint16_toregion(glen, &r); - if (glen > 0) - memmove(r.base, base, glen); -- r.base += glen; -+ isc_region_consume(&r, glen); - - uint16_toregion(publen, &r); - memmove(r.base, pub, publen); -- r.base += publen; -+ isc_region_consume(&r, publen); - - isc_buffer_add(data, dnslen); - -@@ -764,10 +767,12 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buf - } - plen_ = plen; - if (plen == 1 || plen == 2) { -- if (plen == 1) -- special = *r.base++; -- else -+ if (plen == 1) { -+ special = *r.base; -+ isc_region_consume(&r, 1); -+ } else { - special = uint16_fromregion(&r); -+ } - switch (special) { - case 1: - prime = pk11_dh_bn768; -@@ -789,7 +794,7 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buf - } - else { - prime = r.base; -- r.base += plen; -+ isc_region_consume(&r, plen); - } - - /* -@@ -835,7 +840,7 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buf - } - base = r.base; - } -- r.base += glen; -+ isc_region_consume(&r, glen); - - if (r.length < 2) { - memset(dh, 0, sizeof(*dh)); -@@ -849,7 +854,7 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buf - return (DST_R_INVALIDPUBLICKEY); - } - pub = r.base; -- r.base += publen; -+ isc_region_consume(&r, publen); - - key->key_size = pk11_numbits(prime, plen_); - diff --git a/net/bind910/patches/patch-lib_dns_pkcs11dsa_link.c b/net/bind910/patches/patch-lib_dns_pkcs11dsa_link.c deleted file mode 100644 index de1cc1e3c07..00000000000 --- a/net/bind910/patches/patch-lib_dns_pkcs11dsa_link.c +++ /dev/null @@ -1,97 +0,0 @@ -$NetBSD: patch-lib_dns_pkcs11dsa_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/pkcs11dsa_link.c.orig 2015-09-02 00:44:29.000000000 +0000 -+++ lib/dns/pkcs11dsa_link.c -@@ -388,6 +388,7 @@ pkcs11dsa_sign(dst_context_t *dctx, isc_ - isc_region_t r; - pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; - isc_result_t ret = ISC_R_SUCCESS; -+ unsigned int klen; - - isc_buffer_availableregion(sig, &r); - if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1) -@@ -399,7 +400,10 @@ pkcs11dsa_sign(dst_context_t *dctx, isc_ - if (siglen != ISC_SHA1_DIGESTLENGTH * 2) - return (DST_R_SIGNFAILURE); - -- *r.base = (dctx->key->key_size - 512)/64; -+ klen = (dctx->key->key_size - 512)/64; -+ if (klen > 255) -+ return (ISC_R_FAILURE); -+ *r.base = klen; - isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); - - err: -@@ -744,23 +748,25 @@ pkcs11dsa_todns(const dst_key_t *key, is - return (ISC_R_NOSPACE); - - memset(r.base, 0, dnslen); -- *r.base++ = t; -+ *r.base = t; -+ isc_region_consume(&r, 1); -+ - cp = (CK_BYTE *) subprime->pValue; - memmove(r.base + ISC_SHA1_DIGESTLENGTH - subprime->ulValueLen, - cp, subprime->ulValueLen); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - cp = (CK_BYTE *) prime->pValue; - memmove(r.base + key->key_size/8 - prime->ulValueLen, - cp, prime->ulValueLen); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - cp = (CK_BYTE *) base->pValue; - memmove(r.base + key->key_size/8 - base->ulValueLen, - cp, base->ulValueLen); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - cp = (CK_BYTE *) pub_key->pValue; - memmove(r.base + key->key_size/8 - pub_key->ulValueLen, - cp, pub_key->ulValueLen); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - isc_buffer_add(data, dnslen); - -@@ -784,7 +790,8 @@ pkcs11dsa_fromdns(dst_key_t *key, isc_bu - return (ISC_R_NOMEMORY); - memset(dsa, 0, sizeof(*dsa)); - -- t = (unsigned int) *r.base++; -+ t = (unsigned int) *r.base; -+ isc_region_consume(&r, 1); - if (t > 8) { - memset(dsa, 0, sizeof(*dsa)); - isc_mem_put(key->mctx, dsa, sizeof(*dsa)); -@@ -792,23 +799,23 @@ pkcs11dsa_fromdns(dst_key_t *key, isc_bu - } - p_bytes = 64 + 8 * t; - -- if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { -+ if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { - memset(dsa, 0, sizeof(*dsa)); - isc_mem_put(key->mctx, dsa, sizeof(*dsa)); - return (DST_R_INVALIDPUBLICKEY); - } - - subprime = r.base; -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - - prime = r.base; -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - base = r.base; -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - pub_key = r.base; -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - key->key_size = p_bytes * 8; - diff --git a/net/bind910/patches/patch-lib_dns_pkcs11rsa_link.c b/net/bind910/patches/patch-lib_dns_pkcs11rsa_link.c deleted file mode 100644 index 18745b8c7fe..00000000000 --- a/net/bind910/patches/patch-lib_dns_pkcs11rsa_link.c +++ /dev/null @@ -1,67 +0,0 @@ -$NetBSD: patch-lib_dns_pkcs11rsa_link.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/pkcs11rsa_link.c.orig 2015-09-02 00:44:38.000000000 +0000 -+++ lib/dns/pkcs11rsa_link.c -@@ -791,23 +791,21 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_bu - unsigned int e_bytes, mod_bytes; - CK_BYTE *exponent = NULL, *modulus = NULL; - CK_ATTRIBUTE *attr; -+ unsigned int length; - - isc_buffer_remainingregion(data, &r); - if (r.length == 0) - return (ISC_R_SUCCESS); -+ length = r.length; - - rsa = (pk11_object_t *) isc_mem_get(key->mctx, sizeof(*rsa)); - if (rsa == NULL) - return (ISC_R_NOMEMORY); -+ - memset(rsa, 0, sizeof(*rsa)); - -- if (r.length < 1) { -- memset(rsa, 0, sizeof(*rsa)); -- isc_mem_put(key->mctx, rsa, sizeof(*rsa)); -- return (DST_R_INVALIDPUBLICKEY); -- } -- e_bytes = *r.base++; -- r.length--; -+ e_bytes = *r.base; -+ isc_region_consume(&r, 1); - - if (e_bytes == 0) { - if (r.length < 2) { -@@ -815,9 +813,10 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_bu - isc_mem_put(key->mctx, rsa, sizeof(*rsa)); - return (DST_R_INVALIDPUBLICKEY); - } -- e_bytes = ((*r.base++) << 8); -- e_bytes += *r.base++; -- r.length -= 2; -+ e_bytes = (*r.base) << 8; -+ isc_region_consume(&r, 1); -+ e_bytes += *r.base; -+ isc_region_consume(&r, 1); - } - - if (r.length < e_bytes) { -@@ -826,14 +825,13 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - exponent = r.base; -- r.base += e_bytes; -- r.length -= e_bytes; -+ isc_region_consume(&r, e_bytes); - modulus = r.base; - mod_bytes = r.length; - - key->key_size = pk11_numbits(modulus, mod_bytes); - -- isc_buffer_forward(data, r.length); -+ isc_buffer_forward(data, length); - - rsa->repr = (CK_ATTRIBUTE *) isc_mem_get(key->mctx, sizeof(*attr) * 2); - if (rsa->repr == NULL) diff --git a/net/bind910/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c b/net/bind910/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c deleted file mode 100644 index 9f9e0655fc4..00000000000 --- a/net/bind910/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-lib_dns_rdata_generic_openpgpkey_61.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion -failure in openpgpkey_61.c - ---- lib/dns/rdata/generic/openpgpkey_61.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/rdata/generic/openpgpkey_61.c -@@ -81,6 +81,8 @@ fromwire_openpgpkey(ARGS_FROMWIRE) { - * Keyring. - */ - isc_buffer_activeregion(source, &sr); -+ if (sr.length < 1) -+ return (ISC_R_UNEXPECTEDEND); - isc_buffer_forward(source, sr.length); - return (mem_tobuffer(target, sr.base, sr.length)); - } diff --git a/net/bind910/patches/patch-lib_dns_resolver.c b/net/bind910/patches/patch-lib_dns_resolver.c deleted file mode 100644 index 0d981217a75..00000000000 --- a/net/bind910/patches/patch-lib_dns_resolver.c +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-lib_dns_resolver.c,v 1.1 2015/09/02 19:46:44 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/resolver.c.orig 2015-09-02 00:43:20.000000000 +0000 -+++ lib/dns/resolver.c -@@ -9488,6 +9488,12 @@ dns_resolver_algorithm_supported(dns_res - - REQUIRE(VALID_RESOLVER(resolver)); - -+ /* -+ * DH is unsupported for DNSKEYs, see RFC 4034 sec. A.1. -+ */ -+ if ((alg == DST_ALG_DH) || (alg == DST_ALG_INDIRECT)) -+ return (ISC_FALSE); -+ - #if USE_ALGLOCK - RWLOCK(&resolver->alglock, isc_rwlocktype_read); - #endif -@@ -9507,6 +9513,7 @@ dns_resolver_algorithm_supported(dns_res - #endif - if (found) - return (ISC_FALSE); -+ - return (dst_algorithm_supported(alg)); - } - |