diff --git a/bind-prevent-buffer-overflow.patch b/bind-prevent-buffer-overflow.patch new file mode 100644 index 0000000..d39789b --- /dev/null +++ b/bind-prevent-buffer-overflow.patch @@ -0,0 +1,38 @@ +From 921043b54161c7a3e6dc4036b038ca4dbc5fe472 Mon Sep 17 00:00:00 2001 +From: Evan Hunt +Date: Fri, 13 May 2022 19:59:58 -0700 +Subject: [PATCH] prevent a possible buffer overflow in configuration check + +corrected code that could have allowed a buffer overfow while +parsing named.conf. +--- + lib/bind9/check.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/bind9/check.c b/lib/bind9/check.c +index 658daec76d..baacd29a84 100644 +--- a/lib/bind9/check.c ++++ b/lib/bind9/check.c +@@ -3009,8 +3009,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, + } else if (dns_name_isula(zname)) { + ula = true; + } +- tmp += strlen(tmp); + len -= strlen(tmp); ++ tmp += strlen(tmp); + (void)snprintf(tmp, len, "%u/%s", zclass, + (ztype == CFG_ZONE_INVIEW) ? target + : (viewname != NULL) ? viewname +@@ -3719,8 +3719,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, + char *tmp = keydirbuf; + size_t len = sizeof(keydirbuf); + dns_name_format(zname, keydirbuf, sizeof(keydirbuf)); +- tmp += strlen(tmp); + len -= strlen(tmp); ++ tmp += strlen(tmp); + (void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir); + tresult = keydirexist(zconfig, (const char *)keydirbuf, + kaspname, keydirs, logctx, mctx); +-- +GitLab + diff --git a/bind.changes b/bind.changes index 9a058ec..92c35c8 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon May 16 08:14:55 UTC 2022 - Martin Liška + +- Add upstream patch bind-prevent-buffer-overflow.patch. + ------------------------------------------------------------------- Mon Apr 25 06:56:58 UTC 2022 - Josef Möllers diff --git a/bind.spec b/bind.spec index 826593b..ae12653 100644 --- a/bind.spec +++ b/bind.spec @@ -76,6 +76,7 @@ Source70: bind.conf Source72: named.conf Patch56: bind-ldapdump-use-valid-host.patch Patch57: bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch +Patch58: bind-prevent-buffer-overflow.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: libtool @@ -423,6 +424,7 @@ rm -rf %{buildroot}/usr/share/doc/packages/bind/misc/.libs %pre -f named.pre %service_add_pre named.service %else + %pre %{GROUPADD_NAMED} %{USERADD_NAMED}