From 86e50dbcdd99eeb4a96cdba234b091b0c17a687a Mon Sep 17 00:00:00 2001 From: he Date: Tue, 13 Feb 2018 15:08:11 +0000 Subject: Apply fix for CVE-2017-1000232 from https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02 Also correct previous CVE, it's CVE-2017-100231... Bump PKGREVISION. --- net/ldns/distinfo | 5 +++-- net/ldns/patches/patch-parse.c | 4 ++-- net/ldns/patches/patch-str2host.c | 19 +++++++++++++++++++ 3 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 net/ldns/patches/patch-str2host.c (limited to 'net/ldns') diff --git a/net/ldns/distinfo b/net/ldns/distinfo index eea6172c0b0..86412520cfe 100644 --- a/net/ldns/distinfo +++ b/net/ldns/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.21 2018/02/13 14:59:14 he Exp $ +$NetBSD: distinfo,v 1.22 2018/02/13 15:08:11 he Exp $ SHA1 (ldns-1.6.17.tar.gz) = 4218897b3c002aadfc7280b3f40cda829e05c9a4 RMD160 (ldns-1.6.17.tar.gz) = 5382cfaafa7ec1fadcf390f804fbf14e04d7c03a @@ -6,4 +6,5 @@ SHA512 (ldns-1.6.17.tar.gz) = 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03 Size (ldns-1.6.17.tar.gz) = 1315403 bytes SHA1 (patch-doc_doxyparse.pl) = 8d21d6f1c2e5e8d9ecc16a23dc7a462f0c54b5f7 SHA1 (patch-examples_ldns-keygen.c) = 12ab1cb2c74f09d763969298a21c9470b748d292 -SHA1 (patch-parse.c) = 206e12c806854b652a799e98efd86c5e15f8024d +SHA1 (patch-parse.c) = 3dbf4443b4a068f02e2799e820e8fcbf50abaa15 +SHA1 (patch-str2host.c) = 002e2f04059a9bc2479a8d66335595d4d7dd598f diff --git a/net/ldns/patches/patch-parse.c b/net/ldns/patches/patch-parse.c index ef2cc241c43..187edbbde79 100644 --- a/net/ldns/patches/patch-parse.c +++ b/net/ldns/patches/patch-parse.c @@ -1,6 +1,6 @@ -$NetBSD: patch-parse.c,v 1.1 2018/02/13 14:59:15 he Exp $ +$NetBSD: patch-parse.c,v 1.2 2018/02/13 15:08:11 he Exp $ -Apply fix for CVE-2017-10002, via +Apply fix for CVE-2017-1000231, via https://git.nlnetlabs.nl/ldns/commit/?id=c8391790 --- parse.c.orig 2014-01-10 21:04:41.000000000 +0000 diff --git a/net/ldns/patches/patch-str2host.c b/net/ldns/patches/patch-str2host.c new file mode 100644 index 00000000000..cd29f48a8ab --- /dev/null +++ b/net/ldns/patches/patch-str2host.c @@ -0,0 +1,19 @@ +$NetBSD: patch-str2host.c,v 1.1 2018/02/13 15:08:11 he Exp $ + +Apply fix for CVE-2017-1000232 from +https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02 + +--- str2host.c.orig 2014-01-10 21:04:41.000000000 +0000 ++++ str2host.c +@@ -1458,7 +1458,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, con + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } +- length = (size_t)(dp - data); ++ if (!(length = (size_t)(dp - data))) { ++ LDNS_FREE(data); ++ return LDNS_STATUS_SYNTAX_EMPTY; ++ } + + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); -- cgit v1.2.3