bind:fix CVE-2020-8625

Signed-off-by: liuzy518 <570407222@qq.com>
2021-02-18 15:21:47 +08:00 · 2021-02-18 15:21:47 +08:00 · a1628b046b
commit a1628b046b
parent d16eefdb91
2 changed files with 23 additions and 2 deletions
--- a/CVE-2020-8625.patch
+++ b/CVE-2020-8625.patch
@ -0,0 +1,13 @@
+diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
+index dea108bad05..13cf15d7404 100644
+--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
+@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
+ 		return (ASN1_OVERRUN);
+ 	}
+ 
+-	data->components = malloc(len * sizeof(*data->components));
+	data->components = malloc((len + 1) * sizeof(*data->components));
+ 	if (data->components == NULL) {
+ 		return (ENOMEM);
+ 	}
--- a/bind.spec
+++ b/bind.spec
@ -19,7 +19,7 @@ Name:           bind
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPLv2.0
 Version:        9.11.21
-Release:        6
+Release:        7
 Epoch:          32
 Url:            https://www.isc.org/downloads/bind/
 Source0:        https://ftp.isc.org/isc/bind9/9.11.21/bind-%{version}.tar.gz
@ -161,6 +161,7 @@ Patch191: CVE-2020-8622.patch
 Patch192: CVE-2020-8623.patch
 Patch193: CVE-2020-8624.patch
 Patch194: Fix_the_difference_at_the_macro_definition_using_clock_gettime_instead_of_gettimeofda.patch
+Patch195: CVE-2020-8625.patch
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
 Patch12: bind-9.10-sdb.patch
@ -364,6 +365,7 @@ are used for building ISC DHCP.
 %patch192 -p1
 %patch193 -p1
 %patch194 -p1
+%patch195 -p1

 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data
@ -1171,7 +1173,13 @@ rm -rf ${RPM_BUILD_ROOT}


 %changelog
-* Wed Dec 9 2020 hanzhijun <hanzhijun1@huawei.com> - 9.11.21-6
+* Thu Feb 18 2021 liulong <liulong20@huawei.com> - 9.11.21-7
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:Fix CVE-2020-8625
+
+* Thu Jan 7 2021 hanzhijun <hanzhijun1@huawei.com> - 9.11.21-6
 - Type:bugfix
 - ID:NA
 - SUG:NA