diff options
author | taca <taca> | 2015-09-03 00:35:03 +0000 |
---|---|---|
committer | taca <taca> | 2015-09-03 00:35:03 +0000 |
commit | 2dc74d494236ef35f8ab385e9c831497d963ef8e (patch) | |
tree | 70f5be337660495ca8b0789b7934bf19ab77fc9f /net/bind99 | |
parent | 33f6f48c759f8eab2239d130574a878699c67eb1 (diff) | |
download | pkgsrc-2dc74d494236ef35f8ab385e9c831497d963ef8e.tar.gz |
Update bind99 to 9.9.7pl3 (BIND 9.9.7-P3).
(These security fixes are already done by bind-9.9.7pl2nb1.)
--- 9.9.7-P3 released ---
4170. [security] An incorrect boundary check in the OPENPGPKEY
rdatatype could trigger an assertion failure.
(CVE-2015-5986) [RT #40286]
4168. [security] A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212]
Diffstat (limited to 'net/bind99')
-rw-r--r-- | net/bind99/Makefile | 5 | ||||
-rw-r--r-- | net/bind99/distinfo | 17 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_hmac_link.c | 120 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_include_dst_dst.h | 15 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_ncache.c | 33 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_openssldh_link.c | 106 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_openssldsa_link.c | 103 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_opensslecdsa_link.c | 19 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_opensslsslrsa_link.c | 64 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c | 16 | ||||
-rw-r--r-- | net/bind99/patches/patch-lib_dns_resolver.c | 28 |
11 files changed, 6 insertions, 520 deletions
diff --git a/net/bind99/Makefile b/net/bind99/Makefile index e64ef31884c..e4ab0e9b810 100644 --- a/net/bind99/Makefile +++ b/net/bind99/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.47 2015/09/02 19:44:28 sevan Exp $ +# $NetBSD: Makefile,v 1.48 2015/09/03 00:35:03 taca Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P/pl/} -PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ @@ -15,7 +14,7 @@ CONFLICTS+= host-[0-9]* MAKE_JOBS_SAFE= no -BIND_VERSION= 9.9.7-P2 +BIND_VERSION= 9.9.7-P3 .include "../../mk/bsd.prefs.mk" diff --git a/net/bind99/distinfo b/net/bind99/distinfo index a455ffa7e4b..df6dfc65cb2 100644 --- a/net/bind99/distinfo +++ b/net/bind99/distinfo @@ -1,22 +1,13 @@ -$NetBSD: distinfo,v 1.31 2015/09/02 19:44:28 sevan Exp $ +$NetBSD: distinfo,v 1.32 2015/09/03 00:35:03 taca Exp $ -SHA1 (bind-9.9.7-P2.tar.gz) = 2c3620765911c154340f4d19ec5c8978edb84942 -RMD160 (bind-9.9.7-P2.tar.gz) = a6d2c6738281895a6ed87e5a168c7e35e7fc5fac -Size (bind-9.9.7-P2.tar.gz) = 7935877 bytes +SHA1 (bind-9.9.7-P3.tar.gz) = 44786ddeb1b35eb61d521c9e46375dae7d85f378 +RMD160 (bind-9.9.7-P3.tar.gz) = a6506df81a2a8e7ab81b1eece846d906deac64eb +Size (bind-9.9.7-P3.tar.gz) = 7939885 bytes SHA1 (patch-bin_dig_dighost.c) = a18a3d98c85ce8962024d53e01159fd95f99cae4 SHA1 (patch-bin_tests_system_Makefile.in) = 483fca89658263f5c1f974ce1151721835355aa8 SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 SHA1 (patch-configure) = d3d9b8e531fbaad3ab42a86735cc01d5d4fbcdf0 SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f -SHA1 (patch-lib_dns_hmac_link.c) = 60488a4c327ac6c2a42b80cb3a29af14a2e99f53 -SHA1 (patch-lib_dns_include_dst_dst.h) = 5ba823a239bb5583dc19a1954a79a7f4b5a0d15d -SHA1 (patch-lib_dns_ncache.c) = 6ff95cf50d22c9d17e5c3b3a53dff39d5f3cf1bf -SHA1 (patch-lib_dns_openssldh_link.c) = ede0820712cb10322bcf33b11055f9bbd18d9c00 -SHA1 (patch-lib_dns_openssldsa_link.c) = bb793e701b8eea8d1ad7f4e5f0059a0a51f44ad3 -SHA1 (patch-lib_dns_opensslecdsa_link.c) = dab239a7de0646f6f36c06d850b188627b5d1bcb -SHA1 (patch-lib_dns_opensslsslrsa_link.c) = 02651bca011ecf81869b539c302690d05d7bbad4 SHA1 (patch-lib_dns_rbt.c) = df4b029369d9fa3b250d8505b5f7590e2cd86654 -SHA1 (patch-lib_dns_rdata_generic_openpgpkey_61.c) = b834fba360f83784b792b08f8c0c401d21ee415c -SHA1 (patch-lib_dns_resolver.c) = 6e1fa4c841113696891b0221e4e29ef6cd4ea4c1 SHA1 (patch-lib_lwres_getaddrinfo.c) = cda91b6d1afa02de2c59d51490090ef4ab7f1a41 SHA1 (patch-lib_lwres_getnameinfo.c) = 7ded70795a9001cce5c8094ef3f70ac787a6d43d diff --git a/net/bind99/patches/patch-lib_dns_hmac_link.c b/net/bind99/patches/patch-lib_dns_hmac_link.c deleted file mode 100644 index f3cdfed52a3..00000000000 --- a/net/bind99/patches/patch-lib_dns_hmac_link.c +++ /dev/null @@ -1,120 +0,0 @@ -$NetBSD: patch-lib_dns_hmac_link.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/hmac_link.c.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/hmac_link.c -@@ -76,7 +76,7 @@ hmacmd5_createctx(dst_key_t *key, dst_co - hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t)); - if (hmacmd5ctx == NULL) - return (ISC_R_NOMEMORY); -- isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH); -+ isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH); - dctx->ctxdata.hmacmd5ctx = hmacmd5ctx; - return (ISC_R_SUCCESS); - } -@@ -139,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, c - else if (hkey1 == NULL || hkey2 == NULL) - return (ISC_FALSE); - -- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH)) -+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH)) - return (ISC_TRUE); - else - return (ISC_FALSE); -@@ -150,17 +150,17 @@ hmacmd5_generate(dst_key_t *key, int pse - isc_buffer_t b; - isc_result_t ret; - unsigned int bytes; -- unsigned char data[ISC_SHA1_BLOCK_LENGTH]; -+ unsigned char data[ISC_MD5_BLOCK_LENGTH]; - - UNUSED(callback); - - bytes = (key->key_size + 7) / 8; -- if (bytes > ISC_SHA1_BLOCK_LENGTH) { -- bytes = ISC_SHA1_BLOCK_LENGTH; -- key->key_size = ISC_SHA1_BLOCK_LENGTH * 8; -+ if (bytes > ISC_MD5_BLOCK_LENGTH) { -+ bytes = ISC_MD5_BLOCK_LENGTH; -+ key->key_size = ISC_MD5_BLOCK_LENGTH * 8; - } - -- memset(data, 0, ISC_SHA1_BLOCK_LENGTH); -+ memset(data, 0, ISC_MD5_BLOCK_LENGTH); - ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); - - if (ret != ISC_R_SUCCESS) -@@ -169,7 +169,7 @@ hmacmd5_generate(dst_key_t *key, int pse - isc_buffer_init(&b, data, bytes); - isc_buffer_add(&b, bytes); - ret = hmacmd5_fromdns(key, &b); -- memset(data, 0, ISC_SHA1_BLOCK_LENGTH); -+ memset(data, 0, ISC_MD5_BLOCK_LENGTH); - - return (ret); - } -@@ -223,7 +223,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff - - memset(hkey->key, 0, sizeof(hkey->key)); - -- if (r.length > ISC_SHA1_BLOCK_LENGTH) { -+ if (r.length > ISC_MD5_BLOCK_LENGTH) { - isc_md5_init(&md5ctx); - isc_md5_update(&md5ctx, r.base, r.length); - isc_md5_final(&md5ctx, hkey->key); -@@ -236,6 +236,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff - key->key_size = keylen * 8; - key->keydata.hmacmd5 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -512,6 +514,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buf - key->key_size = keylen * 8; - key->keydata.hmacsha1 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -790,6 +794,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha224 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -1068,6 +1074,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha256 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -1346,6 +1354,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha384 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - -@@ -1624,6 +1634,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_b - key->key_size = keylen * 8; - key->keydata.hmacsha512 = hkey; - -+ isc_buffer_forward(data, r.length); -+ - return (ISC_R_SUCCESS); - } - diff --git a/net/bind99/patches/patch-lib_dns_include_dst_dst.h b/net/bind99/patches/patch-lib_dns_include_dst_dst.h deleted file mode 100644 index a08550282c7..00000000000 --- a/net/bind99/patches/patch-lib_dns_include_dst_dst.h +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-lib_dns_include_dst_dst.h,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/include/dst/dst.h.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/include/dst/dst.h -@@ -69,6 +69,7 @@ typedef struct dst_context dst_context_ - #define DST_ALG_HMACSHA256 163 /* XXXMPA */ - #define DST_ALG_HMACSHA384 164 /* XXXMPA */ - #define DST_ALG_HMACSHA512 165 /* XXXMPA */ -+#define DST_ALG_INDIRECT 252 - #define DST_ALG_PRIVATE 254 - #define DST_ALG_EXPAND 255 - #define DST_MAX_ALGS 255 diff --git a/net/bind99/patches/patch-lib_dns_ncache.c b/net/bind99/patches/patch-lib_dns_ncache.c deleted file mode 100644 index c0b7f892c36..00000000000 --- a/net/bind99/patches/patch-lib_dns_ncache.c +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-lib_dns_ncache.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/ncache.c.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/ncache.c -@@ -614,13 +614,11 @@ dns_ncache_getsigrdataset(dns_rdataset_t - dns_name_fromregion(&tname, &remaining); - INSIST(remaining.length >= tname.length); - isc_buffer_forward(&source, tname.length); -- remaining.length -= tname.length; -- remaining.base += tname.length; -+ isc_region_consume(&remaining, tname.length); - - INSIST(remaining.length >= 2); - type = isc_buffer_getuint16(&source); -- remaining.length -= 2; -- remaining.base += 2; -+ isc_region_consume(&remaining, 2); - - if (type != dns_rdatatype_rrsig || - !dns_name_equal(&tname, name)) { -@@ -632,8 +630,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t - INSIST(remaining.length >= 1); - trust = isc_buffer_getuint8(&source); - INSIST(trust <= dns_trust_ultimate); -- remaining.length -= 1; -- remaining.base += 1; -+ isc_region_consume(&remaining, 1); - - raw = remaining.base; - count = raw[0] * 256 + raw[1]; diff --git a/net/bind99/patches/patch-lib_dns_openssldh_link.c b/net/bind99/patches/patch-lib_dns_openssldh_link.c deleted file mode 100644 index b9e76d2adbd..00000000000 --- a/net/bind99/patches/patch-lib_dns_openssldh_link.c +++ /dev/null @@ -1,106 +0,0 @@ -$NetBSD: patch-lib_dns_openssldh_link.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/openssldh_link.c.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/openssldh_link.c -@@ -266,8 +266,10 @@ openssldh_destroy(dst_key_t *key) { - - static void - uint16_toregion(isc_uint16_t val, isc_region_t *region) { -- *region->base++ = (val & 0xff00) >> 8; -- *region->base++ = (val & 0x00ff); -+ *region->base = (val & 0xff00) >> 8; -+ isc_region_consume(region, 1); -+ *region->base = (val & 0x00ff); -+ isc_region_consume(region, 1); - } - - static isc_uint16_t -@@ -278,7 +280,8 @@ uint16_fromregion(isc_region_t *region) - val = ((unsigned int)(cp[0])) << 8; - val |= ((unsigned int)(cp[1])); - -- region->base += 2; -+ isc_region_consume(region, 2); -+ - return (val); - } - -@@ -319,16 +322,16 @@ openssldh_todns(const dst_key_t *key, is - } - else - BN_bn2bin(dh->p, r.base); -- r.base += plen; -+ isc_region_consume(&r, plen); - - uint16_toregion(glen, &r); - if (glen > 0) - BN_bn2bin(dh->g, r.base); -- r.base += glen; -+ isc_region_consume(&r, glen); - - uint16_toregion(publen, &r); - BN_bn2bin(dh->pub_key, r.base); -- r.base += publen; -+ isc_region_consume(&r, publen); - - isc_buffer_add(data, dnslen); - -@@ -369,10 +372,12 @@ openssldh_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - if (plen == 1 || plen == 2) { -- if (plen == 1) -- special = *r.base++; -- else -+ if (plen == 1) { -+ special = *r.base; -+ isc_region_consume(&r, 1); -+ } else { - special = uint16_fromregion(&r); -+ } - switch (special) { - case 1: - dh->p = &bn768; -@@ -387,10 +392,9 @@ openssldh_fromdns(dst_key_t *key, isc_bu - DH_free(dh); - return (DST_R_INVALIDPUBLICKEY); - } -- } -- else { -+ } else { - dh->p = BN_bin2bn(r.base, plen, NULL); -- r.base += plen; -+ isc_region_consume(&r, plen); - } - - /* -@@ -421,15 +425,14 @@ openssldh_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - } -- } -- else { -+ } else { - if (glen == 0) { - DH_free(dh); - return (DST_R_INVALIDPUBLICKEY); - } - dh->g = BN_bin2bn(r.base, glen, NULL); - } -- r.base += glen; -+ isc_region_consume(&r, glen); - - if (r.length < 2) { - DH_free(dh); -@@ -441,7 +444,7 @@ openssldh_fromdns(dst_key_t *key, isc_bu - return (DST_R_INVALIDPUBLICKEY); - } - dh->pub_key = BN_bin2bn(r.base, publen, NULL); -- r.base += publen; -+ isc_region_consume(&r, publen); - - key->key_size = BN_num_bits(dh->p); - diff --git a/net/bind99/patches/patch-lib_dns_openssldsa_link.c b/net/bind99/patches/patch-lib_dns_openssldsa_link.c deleted file mode 100644 index 8db98ffdc60..00000000000 --- a/net/bind99/patches/patch-lib_dns_openssldsa_link.c +++ /dev/null @@ -1,103 +0,0 @@ -$NetBSD: patch-lib_dns_openssldsa_link.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/openssldsa_link.c.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/openssldsa_link.c -@@ -137,6 +137,7 @@ openssldsa_sign(dst_context_t *dctx, isc - DSA *dsa = key->keydata.dsa; - isc_region_t r; - DSA_SIG *dsasig; -+ unsigned int klen; - #if USE_EVP - EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; - EVP_PKEY *pkey; -@@ -188,6 +189,7 @@ openssldsa_sign(dst_context_t *dctx, isc - ISC_R_FAILURE)); - } - free(sigbuf); -+ - #elif 0 - /* Only use EVP for the Digest */ - if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { -@@ -209,11 +211,17 @@ openssldsa_sign(dst_context_t *dctx, isc - "DSA_do_sign", - DST_R_SIGNFAILURE)); - #endif -- *r.base++ = (key->key_size - 512)/64; -+ -+ klen = (key->key_size - 512)/64; -+ if (klen > 255) -+ return (ISC_R_FAILURE); -+ *r.base = klen; -+ isc_region_consume(&r, 1); -+ - BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - DSA_SIG_free(dsasig); - isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); - -@@ -446,15 +454,16 @@ openssldsa_todns(const dst_key_t *key, i - if (r.length < (unsigned int) dnslen) - return (ISC_R_NOSPACE); - -- *r.base++ = t; -+ *r.base = t; -+ isc_region_consume(&r, 1); - BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - isc_buffer_add(data, dnslen); - -@@ -479,29 +488,30 @@ openssldsa_fromdns(dst_key_t *key, isc_b - return (ISC_R_NOMEMORY); - dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; - -- t = (unsigned int) *r.base++; -+ t = (unsigned int) *r.base; -+ isc_region_consume(&r, 1); - if (t > 8) { - DSA_free(dsa); - return (DST_R_INVALIDPUBLICKEY); - } - p_bytes = 64 + 8 * t; - -- if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { -+ if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { - DSA_free(dsa); - return (DST_R_INVALIDPUBLICKEY); - } - - dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); -- r.base += ISC_SHA1_DIGESTLENGTH; -+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); - - dsa->p = BN_bin2bn(r.base, p_bytes, NULL); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - dsa->g = BN_bin2bn(r.base, p_bytes, NULL); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); -- r.base += p_bytes; -+ isc_region_consume(&r, p_bytes); - - key->key_size = p_bytes * 8; - diff --git a/net/bind99/patches/patch-lib_dns_opensslecdsa_link.c b/net/bind99/patches/patch-lib_dns_opensslecdsa_link.c deleted file mode 100644 index c731c2164be..00000000000 --- a/net/bind99/patches/patch-lib_dns_opensslecdsa_link.c +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-lib_dns_opensslecdsa_link.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/opensslecdsa_link.c.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/opensslecdsa_link.c -@@ -159,9 +159,9 @@ opensslecdsa_sign(dst_context_t *dctx, i - "ECDSA_do_sign", - DST_R_SIGNFAILURE)); - BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2); -- r.base += siglen / 2; -+ isc_region_consume(&r, siglen / 2); - BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2); -- r.base += siglen / 2; -+ isc_region_consume(&r, siglen / 2); - ECDSA_SIG_free(ecdsasig); - isc_buffer_add(sig, siglen); - ret = ISC_R_SUCCESS; diff --git a/net/bind99/patches/patch-lib_dns_opensslsslrsa_link.c b/net/bind99/patches/patch-lib_dns_opensslsslrsa_link.c deleted file mode 100644 index bdb47dc14ae..00000000000 --- a/net/bind99/patches/patch-lib_dns_opensslsslrsa_link.c +++ /dev/null @@ -1,64 +0,0 @@ -$NetBSD: patch-lib_dns_opensslsslrsa_link.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/opensslrsa_link.c.orig 2015-09-02 00:08:13.000000000 +0000 -+++ lib/dns/opensslrsa_link.c -@@ -965,6 +965,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - RSA *rsa; - isc_region_t r; - unsigned int e_bytes; -+ unsigned int length; - #if USE_EVP - EVP_PKEY *pkey; - #endif -@@ -972,6 +973,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - isc_buffer_remainingregion(data, &r); - if (r.length == 0) - return (ISC_R_SUCCESS); -+ length = r.length; - - rsa = RSA_new(); - if (rsa == NULL) -@@ -982,17 +984,18 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - RSA_free(rsa); - return (DST_R_INVALIDPUBLICKEY); - } -- e_bytes = *r.base++; -- r.length--; -+ e_bytes = *r.base; -+ isc_region_consume(&r, 1); - - if (e_bytes == 0) { - if (r.length < 2) { - RSA_free(rsa); - return (DST_R_INVALIDPUBLICKEY); - } -- e_bytes = ((*r.base++) << 8); -- e_bytes += *r.base++; -- r.length -= 2; -+ e_bytes = (*r.base) << 8; -+ isc_region_consume(&r, 1); -+ e_bytes += *r.base; -+ isc_region_consume(&r, 1); - } - - if (r.length < e_bytes) { -@@ -1000,14 +1003,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_b - return (DST_R_INVALIDPUBLICKEY); - } - rsa->e = BN_bin2bn(r.base, e_bytes, NULL); -- r.base += e_bytes; -- r.length -= e_bytes; -+ isc_region_consume(&r, e_bytes); - - rsa->n = BN_bin2bn(r.base, r.length, NULL); - - key->key_size = BN_num_bits(rsa->n); - -- isc_buffer_forward(data, r.length); -+ isc_buffer_forward(data, length); - - #if USE_EVP - pkey = EVP_PKEY_new(); diff --git a/net/bind99/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c b/net/bind99/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c deleted file mode 100644 index c1ae2c0bb95..00000000000 --- a/net/bind99/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-lib_dns_rdata_generic_openpgpkey_61.c,v 1.1 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion -failure in openpgpkey_61.c - ---- lib/dns/rdata/generic/openpgpkey_61.c.orig 2015-09-01 23:56:36.000000000 +0000 -+++ lib/dns/rdata/generic/openpgpkey_61.c -@@ -76,6 +76,8 @@ fromwire_openpgpkey(ARGS_FROMWIRE) { - * Keyring. - */ - isc_buffer_activeregion(source, &sr); -+ if (sr.length < 1) -+ return (ISC_R_UNEXPECTEDEND); - isc_buffer_forward(source, sr.length); - return (mem_tobuffer(target, sr.base, sr.length)); - } diff --git a/net/bind99/patches/patch-lib_dns_resolver.c b/net/bind99/patches/patch-lib_dns_resolver.c deleted file mode 100644 index 1415488204e..00000000000 --- a/net/bind99/patches/patch-lib_dns_resolver.c +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-lib_dns_resolver.c,v 1.3 2015/09/02 19:44:28 sevan Exp $ - -CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed -assertion in buffer.c - ---- lib/dns/resolver.c.orig 2015-09-02 00:08:14.000000000 +0000 -+++ lib/dns/resolver.c -@@ -9058,6 +9058,12 @@ dns_resolver_algorithm_supported(dns_res - - REQUIRE(VALID_RESOLVER(resolver)); - -+ /* -+ * DH is unsupported for DNSKEYs, see RFC 4034 sec. A.1. -+ */ -+ if ((alg == DST_ALG_DH) || (alg == DST_ALG_INDIRECT)) -+ return (ISC_FALSE); -+ - #if USE_ALGLOCK - RWLOCK(&resolver->alglock, isc_rwlocktype_read); - #endif -@@ -9077,6 +9083,7 @@ dns_resolver_algorithm_supported(dns_res - #endif - if (found) - return (ISC_FALSE); -+ - return (dst_algorithm_supported(alg)); - } - |