diff options
author | he <he@pkgsrc.org> | 2018-02-13 15:08:11 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2018-02-13 15:08:11 +0000 |
commit | 86e50dbcdd99eeb4a96cdba234b091b0c17a687a (patch) | |
tree | 9239f141d14e2e0039d876a601a0aef6691dd360 /net | |
parent | 7b46602e2ce611b977df3cc98cd624b5700ec800 (diff) | |
download | pkgsrc-86e50dbcdd99eeb4a96cdba234b091b0c17a687a.tar.gz |
Apply fix for CVE-2017-1000232 from
https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02
Also correct previous CVE, it's CVE-2017-100231...
Bump PKGREVISION.
Diffstat (limited to 'net')
-rw-r--r-- | net/ldns/distinfo | 5 | ||||
-rw-r--r-- | net/ldns/patches/patch-parse.c | 4 | ||||
-rw-r--r-- | net/ldns/patches/patch-str2host.c | 19 |
3 files changed, 24 insertions, 4 deletions
diff --git a/net/ldns/distinfo b/net/ldns/distinfo index eea6172c0b0..86412520cfe 100644 --- a/net/ldns/distinfo +++ b/net/ldns/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.21 2018/02/13 14:59:14 he Exp $ +$NetBSD: distinfo,v 1.22 2018/02/13 15:08:11 he Exp $ SHA1 (ldns-1.6.17.tar.gz) = 4218897b3c002aadfc7280b3f40cda829e05c9a4 RMD160 (ldns-1.6.17.tar.gz) = 5382cfaafa7ec1fadcf390f804fbf14e04d7c03a @@ -6,4 +6,5 @@ SHA512 (ldns-1.6.17.tar.gz) = 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03 Size (ldns-1.6.17.tar.gz) = 1315403 bytes SHA1 (patch-doc_doxyparse.pl) = 8d21d6f1c2e5e8d9ecc16a23dc7a462f0c54b5f7 SHA1 (patch-examples_ldns-keygen.c) = 12ab1cb2c74f09d763969298a21c9470b748d292 -SHA1 (patch-parse.c) = 206e12c806854b652a799e98efd86c5e15f8024d +SHA1 (patch-parse.c) = 3dbf4443b4a068f02e2799e820e8fcbf50abaa15 +SHA1 (patch-str2host.c) = 002e2f04059a9bc2479a8d66335595d4d7dd598f diff --git a/net/ldns/patches/patch-parse.c b/net/ldns/patches/patch-parse.c index ef2cc241c43..187edbbde79 100644 --- a/net/ldns/patches/patch-parse.c +++ b/net/ldns/patches/patch-parse.c @@ -1,6 +1,6 @@ -$NetBSD: patch-parse.c,v 1.1 2018/02/13 14:59:15 he Exp $ +$NetBSD: patch-parse.c,v 1.2 2018/02/13 15:08:11 he Exp $ -Apply fix for CVE-2017-10002, via +Apply fix for CVE-2017-1000231, via https://git.nlnetlabs.nl/ldns/commit/?id=c8391790 --- parse.c.orig 2014-01-10 21:04:41.000000000 +0000 diff --git a/net/ldns/patches/patch-str2host.c b/net/ldns/patches/patch-str2host.c new file mode 100644 index 00000000000..cd29f48a8ab --- /dev/null +++ b/net/ldns/patches/patch-str2host.c @@ -0,0 +1,19 @@ +$NetBSD: patch-str2host.c,v 1.1 2018/02/13 15:08:11 he Exp $ + +Apply fix for CVE-2017-1000232 from +https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02 + +--- str2host.c.orig 2014-01-10 21:04:41.000000000 +0000 ++++ str2host.c +@@ -1458,7 +1458,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, con + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } +- length = (size_t)(dp - data); ++ if (!(length = (size_t)(dp - data))) { ++ LDNS_FREE(data); ++ return LDNS_STATUS_SYNTAX_EMPTY; ++ } + + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); |