fix CVE-2021-25219

(cherry picked from commit a6d982af8b28ff6433c2bd883d82158bff8ba93d)
2021-11-15 17:20:27 +08:00 · 2021-11-15 17:20:27 +08:00 · 9004379e30
commit 9004379e30
parent 6c79657b56
2 changed files with 78 additions and 1 deletions
--- a/backport-CVE-2021-25219.patch
+++ b/backport-CVE-2021-25219.patch
@ -0,0 +1,69 @@
+Conflict: is_lame(fctx, rmessage) to is_lame(fctx)
+Reference : https://downloads.isc.org/bind9/cur/9.11/patches/CVE-2021-25219.patch
+diff --git a/bin/named/config.c b/bin/named/config.c
+index fbd2f2126c..d24e4f8a26 100644
+--- a/bin/named/config.c
+++ b/bin/named/config.c
+@@ -175,7 +175,7 @@ options {\n\
+ #if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
+ "	geoip-use-ecs yes;\n"
+ #endif
+-"	lame-ttl 600;\n"
+"	lame-ttl 0;\n"
+ #ifdef HAVE_LMDB
+ "	lmdb-mapsize 32M;\n"
+ #endif
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 6ff95e3bcc..9826588e6d 100644
+--- a/bin/named/server.c
+++ b/bin/named/server.c
+@@ -3987,8 +3987,12 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 	result = ns_config_get(maps, "lame-ttl", &obj);
+ 	INSIST(result == ISC_R_SUCCESS);
+ 	lame_ttl = cfg_obj_asuint32(obj);
+-	if (lame_ttl > 1800)
+-		lame_ttl = 1800;
+	if (lame_ttl > 0) {
+		cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+			    "disabling lame cache despite lame-ttl > 0 as it "
+			    "may cause performance issues");
+		lame_ttl = 0;
+	}
+ 	dns_resolver_setlamettl(view->resolver, lame_ttl);
+ 
+ 	/*
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 8175f7918b..b34cb12b73 100644
+--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
+@@ -8489,18 +8489,20 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
+ 	/*
+ 	 * Is the server lame?
+ 	 */
+-	if (res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
+-	    is_lame(fctx)) {
+	if (!ISFORWARDER(query->addrinfo) && is_lame(fctx)) {
+ 		inc_stats(res, dns_resstatscounter_lame);
+ 		log_lame(fctx, query->addrinfo);
+-		result = dns_adb_marklame(fctx->adb, query->addrinfo,
+-					  &fctx->name, fctx->type,
+-					  now + res->lame_ttl);
+-		if (result != ISC_R_SUCCESS)
+-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+-				      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+-				      "could not mark server as lame: %s",
+-				      isc_result_totext(result));
+		if (res->lame_ttl != 0) {
+			result = dns_adb_marklame(fctx->adb, query->addrinfo,
+						  &fctx->name, fctx->type,
+						  now + res->lame_ttl);
+			if (result != ISC_R_SUCCESS) {
+				isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+					      DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+					      "could not mark server as lame: %s",
+					      isc_result_totext(result));
+			}
+		}
+ 		broken_server = DNS_R_LAME;
+ 		keep_trying = true;
+ 		FCTXTRACE("lame server");
--- a/bind.spec
+++ b/bind.spec
@ -19,7 +19,7 @@ Name:           bind
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPLv2.0
 Version:        9.11.21
-Release:        12
+Release:        13
 Epoch:          32
 Url:            https://www.isc.org/downloads/bind/
 Source0:        https://ftp.isc.org/isc/bind9/9.11.21/bind-%{version}.tar.gz
@ -163,6 +163,7 @@ Patch194: Fix_the_difference_at_the_macro_definition_using_clock_gettime_instead
 Patch195: CVE-2020-8625.patch
 Patch196: backport-CVE-2021-25214.patch
 Patch197: backport-CVE-2021-25215.patch
+Patch198: backport-CVE-2021-25219.patch
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
 Patch12: bind-9.10-sdb.patch
@ -369,6 +370,7 @@ are used for building ISC DHCP.
 %patch195 -p1
 %patch196 -p1
 %patch197 -p1
+%patch198 -p1

 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data
@ -1157,6 +1159,12 @@ rm -rf ${RPM_BUILD_ROOT}


 %changelog
+* Mon Nov 15 2021 jiangheng <jiangheng12@huawei.com> - 9.11.21-13
+- Type:CVE
+- ID:CVE-2021-25219
+- SUG:NA
+- DESC:fix CVE-2021-25219
+
 * Sat Jul 24 2021 jiangheng <jiangheng12@huawei.com> - 9.11.21-12
 - Type:bugfix
 - ID:NA