packages/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport to fix upstream issue #610 #611

Browse Source
This commit is contained in:
eaglegai 2023-02-22 03:49:55 +00:00
parent f4b6cc6bf5
commit b43656b533
3 changed files with 86 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch Normal file
View File

@ -0,0 +1,38 @@
From c29b0e0a96c4d281aef40d69a11c564d6ed1a2c6 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Thu, 3 Feb 2022 09:03:09 +0100
Subject: [PATCH] - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
---
sldns/wire2str.c | 11 +++++++++++
1 files changed, 11 insertions(+)
diff --git a/sldns/wire2str.c b/sldns/wire2str.c
index 6a177ec0b..b70efe299 100644
--- a/sldns/wire2str.c
+++ b/sldns/wire2str.c
@@ -817,6 +817,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
unsigned i, counter=0;
unsigned maxcompr = MAX_COMPRESS_PTRS; /* loop detection, max compr ptrs */
int in_buf = 1;
+ size_t dname_len = 0;
if(comprloop) {
if(*comprloop != 0)
maxcompr = 30; /* for like ipv6 reverse name, per label */
@@ -872,6 +873,16 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
labellen = (uint8_t)*dlen;
else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
labellen = (uint8_t)(pkt + pktlen - pos);
+ dname_len += ((size_t)labellen)+1;
+ if(dname_len > LDNS_MAX_DOMAINLEN) {
+ /* dname_len counts the uncompressed length we have
+ * seen so far, and the domain name has become too
+ * long, prevent the loop from printing overly long
+ * content. */
+ w += sldns_str_print(s, slen,
+ "ErrorDomainNameTooLong");
+ return w;
+ }
for(i=0; i<(unsigned)labellen; i++) {
w += dname_char_print(s, slen, *pos++);
}

39
backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch Normal file
View File

@ -0,0 +1,39 @@
From 12a1053dfa9f978d875402456c2c836140e9ad47 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Tue, 25 Jan 2022 08:57:49 +0100
Subject: [PATCH] - Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
---
sldns/str2wire.c | 4 +++-
sldns/str2wire.h | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 1e57211c1..c61a5964a 100644
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -25,8 +25,10 @@
#include <netdb.h>
#endif
+/** bits for the offset */
+#define RET_OFFSET_MASK (((unsigned)(~LDNS_WIREPARSE_MASK))>>LDNS_WIREPARSE_SHIFT)
/** return an error */
-#define RET_ERR(e, off) ((int)((e)|((off)<<LDNS_WIREPARSE_SHIFT)))
+#define RET_ERR(e, off) ((int)(((e)&LDNS_WIREPARSE_MASK)|(((off)&RET_OFFSET_MASK)<<LDNS_WIREPARSE_SHIFT)))
/** Move parse error but keep its ID */
#define RET_ERR_SHIFT(e, move) RET_ERR(LDNS_WIREPARSE_ERROR(e), LDNS_WIREPARSE_OFFSET(e)+(move));
diff --git a/sldns/str2wire.h b/sldns/str2wire.h
index 0c3164989..baee4236f 100644
--- a/sldns/str2wire.h
+++ b/sldns/str2wire.h
@@ -187,7 +187,7 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
#define LDNS_WIREPARSE_MASK 0x0fff
#define LDNS_WIREPARSE_SHIFT 12
#define LDNS_WIREPARSE_ERROR(e) ((e)&LDNS_WIREPARSE_MASK)
-#define LDNS_WIREPARSE_OFFSET(e) (((e)&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT)
+#define LDNS_WIREPARSE_OFFSET(e) ((((unsigned)(e))&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT)
/* use lookuptable to get error string, sldns_wireparse_errors */
#define LDNS_WIREPARSE_ERR_OK 0
#define LDNS_WIREPARSE_ERR_GENERAL 342

10
unbound.spec
View File

@ -2,7 +2,7 @@
Name: unbound Name: unbound
Version: 1.13.2 Version: 1.13.2
Release: 6 Release: 7
Summary: Unbound is a validating, recursive, caching DNS resolver Summary: Unbound is a validating, recursive, caching DNS resolver
License: BSD License: BSD
Url: https://nlnetlabs.nl/projects/unbound/about/ Url: https://nlnetlabs.nl/projects/unbound/about/
@ -25,6 +25,8 @@ Patch0: backport-fix-q-doesnt-work-when-use-with-unbound-control-stats_sh
Patch1: unbound-remove-buildin-key.patch Patch1: unbound-remove-buildin-key.patch
Patch2: backport-CVE-2022-30698-and-CVE-2022-30699.patch Patch2: backport-CVE-2022-30698-and-CVE-2022-30699.patch
Patch3: backport-CVE-2022-3204.patch Patch3: backport-CVE-2022-3204.patch
Patch4: backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch
Patch5: backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
BuildRequires: make flex swig pkgconfig systemd BuildRequires: make flex swig pkgconfig systemd
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@ -240,6 +242,12 @@ popd
%{_mandir}/man* %{_mandir}/man*
%changelog %changelog
* Wed Feb 22 2023 gaihuiying <eaglegai@163.com> - 1.13.2-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport to fix upstream issue #610 #611
* Thu Sep 22 2022 xingwei <xingwei14@h-partners.com> - 1.13.2-6 * Thu Sep 22 2022 xingwei <xingwei14@h-partners.com> - 1.13.2-6
- Type:cves - Type:cves
- CVE:CVE-2022-3204 - CVE:CVE-2022-3204