Sun May 11 00:00:59 2008 UTC ()
Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary
check can be abused for implementation specific exploitation: depending on
the use of libbind, this can result in denial of service or even remote
code execution.


(tonnerre)
diff -r1.96 -r1.97 pkgsrc/net/bind9/Makefile
diff -r1.34 -r1.35 pkgsrc/net/bind9/distinfo
diff -r0 -r1.3 pkgsrc/net/bind9/patches/patch-ap
cvs diff -r1.96 -r1.97 pkgsrc/net/bind9/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/net/bind9/Attic/Makefile 2008/04/12 22:43:08 1.96
+++ pkgsrc/net/bind9/Attic/Makefile 2008/05/11 00:00:59 1.97
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1# $NetBSD: Makefile,v 1.96 2008/04/12 22:43:08 jlam Exp $ 1# $NetBSD: Makefile,v 1.97 2008/05/11 00:00:59 tonnerre Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P1/pl1/} 4PKGNAME= ${DISTNAME:S/-P1/pl1/}
5PKGREVISION= 2 5PKGREVISION= 3
6CATEGORIES= net 6CATEGORIES= net
7MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 7MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.isc.org/sw/bind/ 10HOMEPAGE= http://www.isc.org/sw/bind/
11COMMENT= Version 9 of the Berkeley Internet Name Daemon, implementation of DNS 11COMMENT= Version 9 of the Berkeley Internet Name Daemon, implementation of DNS
12 12
13BIND_VERSION= 9.4.1-P1 13BIND_VERSION= 9.4.1-P1
14 14
15# IPv6 ready, automatically detected 15# IPv6 ready, automatically detected
16.include "../../mk/bsd.prefs.mk" 16.include "../../mk/bsd.prefs.mk"
17BUILD_DEFS+= IPV6_READY 17BUILD_DEFS+= IPV6_READY
18 18
cvs diff -r1.34 -r1.35 pkgsrc/net/bind9/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/net/bind9/Attic/distinfo 2007/08/08 18:32:46 1.34
+++ pkgsrc/net/bind9/Attic/distinfo 2008/05/11 00:00:59 1.35
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1$NetBSD: distinfo,v 1.34 2007/08/08 18:32:46 reed Exp $ 1$NetBSD: distinfo,v 1.35 2008/05/11 00:00:59 tonnerre Exp $
2 2
3SHA1 (bind-9.4.1-P1.tar.gz) = c65bfd3d6ff1dd78b678fe350e323bfb6d47fe1b 3SHA1 (bind-9.4.1-P1.tar.gz) = c65bfd3d6ff1dd78b678fe350e323bfb6d47fe1b
4RMD160 (bind-9.4.1-P1.tar.gz) = ced75a96098d78a7fdd8cc1d1e3daf2ad142ee9f 4RMD160 (bind-9.4.1-P1.tar.gz) = ced75a96098d78a7fdd8cc1d1e3daf2ad142ee9f
5Size (bind-9.4.1-P1.tar.gz) = 6341409 bytes 5Size (bind-9.4.1-P1.tar.gz) = 6341409 bytes
6SHA1 (patch-ab) = dd12c457791a75a8b43d9dfd0c0b236dcdbe31a5 6SHA1 (patch-ab) = dd12c457791a75a8b43d9dfd0c0b236dcdbe31a5
7SHA1 (patch-ac) = 4df1ece91d59b2b36fc7a4316604f1c112cf70ba 7SHA1 (patch-ac) = 4df1ece91d59b2b36fc7a4316604f1c112cf70ba
8SHA1 (patch-ad) = 0e28ae0bb42e633f1ff1111478c97ced5c222186 8SHA1 (patch-ad) = 0e28ae0bb42e633f1ff1111478c97ced5c222186
9SHA1 (patch-af) = b21bb5195cdb4deec00e5abd39f5bf2137549c3f 9SHA1 (patch-af) = b21bb5195cdb4deec00e5abd39f5bf2137549c3f
10SHA1 (patch-ag) = 9d61e0f527a76977bf8457355997d201fa37dd4e 10SHA1 (patch-ag) = 9d61e0f527a76977bf8457355997d201fa37dd4e
11SHA1 (patch-ai) = ac1ed87c6e55317ddc9780b1b432692a29e4e8a3 11SHA1 (patch-ai) = ac1ed87c6e55317ddc9780b1b432692a29e4e8a3
12SHA1 (patch-aj) = c3bbf84a8a735298552f918ac38331e06a1b68a1 12SHA1 (patch-aj) = c3bbf84a8a735298552f918ac38331e06a1b68a1
13SHA1 (patch-al) = eb6a52d3f865639447ec6f9019c0ea1d2122b772 13SHA1 (patch-al) = eb6a52d3f865639447ec6f9019c0ea1d2122b772
14SHA1 (patch-am) = bb267f13dbd30d492f4dfcf9c278b941efa97bed 14SHA1 (patch-am) = bb267f13dbd30d492f4dfcf9c278b941efa97bed
15SHA1 (patch-an) = 6ec6ede602292ef2eaf5f0891e97576218bd8c3e 15SHA1 (patch-an) = 6ec6ede602292ef2eaf5f0891e97576218bd8c3e
16SHA1 (patch-ao) = 9a1ed7b37befdd8e29d233fe55cd62362df3c50e 16SHA1 (patch-ao) = 9a1ed7b37befdd8e29d233fe55cd62362df3c50e
 17SHA1 (patch-ap) = 800486318acbaae22d04ac6e2b7ccddd150fde90
File Added: pkgsrc/net/bind9/patches/Attic/patch-ap
$NetBSD: patch-ap,v 1.3 2008/05/11 00:00:59 tonnerre Exp $

--- lib/bind/inet/inet_network.c.orig	2005-04-27 07:00:54.000000000 +0200
+++ lib/bind/inet/inet_network.c
@@ -84,9 +84,9 @@ again:
 	}
 	if (!digit)
 		return (INADDR_NONE);
+	if (pp >= parts + 4 || val > 0xffU)
+		return (INADDR_NONE);
 	if (*cp == '.') {
-		if (pp >= parts + 4 || val > 0xffU)
-			return (INADDR_NONE);
 		*pp++ = val, cp++;
 		goto again;
 	}