From d16c91b0602ce49d5a7e0fbd5015ffc0a5840ee2a67314731f21775921ff8dc7 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 16 May 2022 08:27:30 +0000
Subject: [PATCH] Accepting request 977464 from home:marxin:branches:network

- Add upstream patch bind-prevent-buffer-overflow.patch.

OBS-URL: https://build.opensuse.org/request/show/977464
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=341
---
 bind-prevent-buffer-overflow.patch | 38 ++++++++++++++++++++++++++++++
 bind.changes                       |  5 ++++
 bind.spec                          |  2 ++
 3 files changed, 45 insertions(+)
 create mode 100644 bind-prevent-buffer-overflow.patch

diff --git a/bind-prevent-buffer-overflow.patch b/bind-prevent-buffer-overflow.patch
new file mode 100644
index 0000000..d39789b
--- /dev/null
+++ b/bind-prevent-buffer-overflow.patch
@@ -0,0 +1,38 @@
+From 921043b54161c7a3e6dc4036b038ca4dbc5fe472 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 13 May 2022 19:59:58 -0700
+Subject: [PATCH] prevent a possible buffer overflow in configuration check
+
+corrected code that could have allowed a buffer overfow while
+parsing named.conf.
+---
+ lib/bind9/check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/bind9/check.c b/lib/bind9/check.c
+index 658daec76d..baacd29a84 100644
+--- a/lib/bind9/check.c
++++ b/lib/bind9/check.c
+@@ -3009,8 +3009,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
+ 		} else if (dns_name_isula(zname)) {
+ 			ula = true;
+ 		}
+-		tmp += strlen(tmp);
+ 		len -= strlen(tmp);
++		tmp += strlen(tmp);
+ 		(void)snprintf(tmp, len, "%u/%s", zclass,
+ 			       (ztype == CFG_ZONE_INVIEW) ? target
+ 			       : (viewname != NULL)	  ? viewname
+@@ -3719,8 +3719,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
+ 		char *tmp = keydirbuf;
+ 		size_t len = sizeof(keydirbuf);
+ 		dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
+-		tmp += strlen(tmp);
+ 		len -= strlen(tmp);
++		tmp += strlen(tmp);
+ 		(void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
+ 		tresult = keydirexist(zconfig, (const char *)keydirbuf,
+ 				      kaspname, keydirs, logctx, mctx);
+-- 
+GitLab
+
diff --git a/bind.changes b/bind.changes
index 9a058ec..92c35c8 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon May 16 08:14:55 UTC 2022 - Martin Liška <mliska@suse.cz>
+
+- Add upstream patch bind-prevent-buffer-overflow.patch.
+
 -------------------------------------------------------------------
 Mon Apr 25 06:56:58 UTC 2022 - Josef Möllers <josef.moellers@suse.com>
 
diff --git a/bind.spec b/bind.spec
index 826593b..ae12653 100644
--- a/bind.spec
+++ b/bind.spec
@@ -76,6 +76,7 @@ Source70:       bind.conf
 Source72:       named.conf
 Patch56:        bind-ldapdump-use-valid-host.patch
 Patch57:        bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch
+Patch58:        bind-prevent-buffer-overflow.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  libtool
@@ -423,6 +424,7 @@ rm -rf %{buildroot}/usr/share/doc/packages/bind/misc/.libs
 %pre -f named.pre
 %service_add_pre named.service
 %else
+
 %pre
 %{GROUPADD_NAMED}
 %{USERADD_NAMED}