main/ldns: Fix CVE-2017-1000231 and CVE-2017-1000232

author: Sören Tempel <soeren+git@soeren-tempel.net> 2018-10-11 15:40:32 +0200
committer: Sören Tempel <soeren+git@soeren-tempel.net> 2018-10-11 15:53:26 +0200
commit: f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0 (patch)
tree: 8dc8cda3b39ddd95e9dc9bed864416910501f900 /main/ldns/CVE-2017-1000231.patch
parent: 81e1cee85584d995c8969a63342418a878ec3a66 (diff)
download: aports-f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0.tar.bz2
aports-f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0.tar.xz
1 files changed, 25 insertions, 0 deletions
diff --git a/main/ldns/CVE-2017-1000231.patch b/main/ldns/CVE-2017-1000231.patch
new file mode 100644
index 0000000000..b6898b5816
--- /dev/null
+++ b/main/ldns/CVE-2017-1000231.patch
@@ -0,0 +1,25 @@
+From 99dfbbc328f75df60d52f8a578545017dd98c475 Mon Sep 17 00:00:00 2001
+From: Willem Toorop <willem@nlnetlabs.nl>
+Date: Thu, 27 Apr 2017 00:14:58 +0200
+Subject: [PATCH] Check parse limit before t increment
+
+Thanks Stephan Zeisberg
+---
+ parse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parse.c b/parse.c
+index e68627c2..947dbb89 100644
+--- a/parse.c
++++ b/parse.c
+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
+ 			if (line_nr) {
+ 				*line_nr = *line_nr + 1;
+ 			}
++			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
++				*t = '\0';
++				return -1;
++			}
+ 			*t++ = ' ';
+ 			prev_c = c;
+ 			continue;
author	Sören Tempel <soeren+git@soeren-tempel.net>	2018-10-11 15:40:32 +0200
committer	Sören Tempel <soeren+git@soeren-tempel.net>	2018-10-11 15:53:26 +0200
commit	f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0 (patch)
tree	8dc8cda3b39ddd95e9dc9bed864416910501f900 /main/ldns/CVE-2017-1000231.patch
parent	81e1cee85584d995c8969a63342418a878ec3a66 (diff)
download	aports-f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0.tar.bz2 aports-f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0.tar.xz