aboutsummaryrefslogtreecommitdiffstats
path: root/main/unbound/CVE-2019-16866.patch
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-24 09:15:13 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-31 16:39:44 +0000
commit10154706bf344955d0bcd1e5ecb1ef7a7aeec2e5 (patch)
tree92db7875594ce486bc51c847b936d6a0d0fb690d /main/unbound/CVE-2019-16866.patch
parentf8f5754c6a9d932910bbf056ba0b829a2e88cb17 (diff)
downloadaports-10154706bf344955d0bcd1e5ecb1ef7a7aeec2e5.tar.gz
aports-10154706bf344955d0bcd1e5ecb1ef7a7aeec2e5.tar.bz2
aports-10154706bf344955d0bcd1e5ecb1ef7a7aeec2e5.tar.xz
main/unbound: fix CVE-2019-16866
ref #10897 Closes !768
Diffstat (limited to 'main/unbound/CVE-2019-16866.patch')
-rw-r--r--main/unbound/CVE-2019-16866.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/main/unbound/CVE-2019-16866.patch b/main/unbound/CVE-2019-16866.patch
new file mode 100644
index 0000000000..63ebf61005
--- /dev/null
+++ b/main/unbound/CVE-2019-16866.patch
@@ -0,0 +1,26 @@
+diff --git a/util/data/msgparse.c b/util/data/msgparse.c
+index 13cad8a..fb31237 100644
+--- a/util/data/msgparse.c
++++ b/util/data/msgparse.c
+@@ -1061,18 +1061,18 @@ parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns,
+ size_t rdata_len;
+ uint8_t* rdata_ptr;
+ log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1);
++ memset(edns, 0, sizeof(*edns));
+ if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 ||
+ LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) {
+ if(!skip_pkt_rrs(pkt, ((int)LDNS_ANCOUNT(sldns_buffer_begin(pkt)))+
+ ((int)LDNS_NSCOUNT(sldns_buffer_begin(pkt)))))
+- return 0;
++ return LDNS_RCODE_FORMERR;
+ }
+ /* check edns section is present */
+ if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) {
+ return LDNS_RCODE_FORMERR;
+ }
+ if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) {
+- memset(edns, 0, sizeof(*edns));
+ edns->udp_size = 512;
+ return 0;
+ }
+