dhcp/backport-0001-CVE-2024-1737.patch

From fdabf4b9570a60688f9f7d1e88d885f7a3718bca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Fri, 1 Mar 2024 08:26:07 +0100
Subject: [PATCH 1/3] Add a limit to the number of RRs in RRSets
 
Previously, the number of RRs in the RRSets were internally unlimited.
As the data structure that holds the RRs is just a linked list, and
there are places where we just walk through all of the RRs, adding an
RRSet with huge number of RRs inside would slow down processing of said
RRSets.
 
The fix for end-of-life branches make the limit compile-time only for
simplicity and the limit can be changed at the compile time by adding
following define to CFLAGS:
 
    -DDNS_RDATASET_MAX_RECORDS=<limit>
 
(cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e)
 
Conflict:NA
Reference:https://gitlab.isc.org/isc-projects/bind9/-/commit/5360c90612abf51deb4a80b30e1da84fd61212a5
 
---
 bind/bind-9.11.36/configure           |  2 +-
 bind/bind-9.11.36/configure.ac        |  2 +-
 bind/bind-9.11.36/lib/dns/rdataslab.c | 12 ++++++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)
 
diff --git a/bind/bind-9.11.36/configure b/bind/bind-9.11.36/configure
index 368112f..736ff49 100755
--- a/bind/bind-9.11.36/configure
+++ b/bind/bind-9.11.36/configure
@@ -12185,7 +12185,7 @@ fi
 XTARGETS=
 case "$enable_developer" in
 yes)
-	STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1"
+	STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"
 	test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
 	test "${enable_querytrace+set}" = set || enable_querytrace=yes
 	test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes
diff --git a/bind/bind-9.11.36/configure.ac b/bind/bind-9.11.36/configure.ac
index 030c4d7..cc36b6c 100644
--- a/bind/bind-9.11.36/configure.ac
+++ b/bind/bind-9.11.36/configure.ac
@@ -100,7 +100,7 @@ AC_ARG_ENABLE(developer,
 XTARGETS=
 case "$enable_developer" in
 yes)
-	STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1"
+	STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"
 	test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
 	test "${enable_querytrace+set}" = set || enable_querytrace=yes
 	test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes
diff --git a/bind/bind-9.11.36/lib/dns/rdataslab.c b/bind/bind-9.11.36/lib/dns/rdataslab.c
index b0f77b1..347b7d2 100644
--- a/bind/bind-9.11.36/lib/dns/rdataslab.c
+++ b/bind/bind-9.11.36/lib/dns/rdataslab.c
@@ -115,6 +115,10 @@ fillin_offsets(unsigned char *offsetbase, unsigned int *offsettable,
 }
 #endif
 
+#ifndef DNS_RDATASET_MAX_RECORDS
+#define DNS_RDATASET_MAX_RECORDS 100
+#endif /* DNS_RDATASET_MAX_RECORDS */
+
 isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 			   isc_region_t *region, unsigned int reservelen)
@@ -161,6 +165,10 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
 		return (ISC_R_SUCCESS);
 	}
 
+	if (nitems > DNS_RDATASET_MAX_RECORDS) {
+		return (DNS_R_TOOMANYRECORDS);
+	}
+
 	if (nitems > 0xffff)
 		return (ISC_R_NOSPACE);
 
@@ -654,6 +662,10 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab,
 #endif
 	INSIST(ocount > 0 && ncount > 0);
 
+	if (ocount + ncount > DNS_RDATASET_MAX_RECORDS) {
+		return (DNS_R_TOOMANYRECORDS);
+	}
+
 #if DNS_RDATASET_FIXED
 	oncount = ncount;
 #endif
-- 
2.33.0
[Backport] fix CVE-2024-1975 CVE-2024-1737 CVE:CVE-2024-1975,CVE-2024-1737 Reference: https://downloads.isc.org/isc/bind9/9.18.28/patches/0003-CVE-2024-1975.patch https://gitlab.isc.org/isc-projects/bind9/-/commit/8ef414a7f38a04cfc11df44adaedaf3126fa3878 https://gitlab.isc.org/isc-projects/bind9/-/commit/5360c90612abf51deb4a80b30e1da84fd61212a5 https://gitlab.isc.org/isc-projects/bind9/-/commit/5360c90612abf51deb4a80b30e1da84fd61212a5 https://gitlab.isc.org/isc-projects/bind9/-/commit/b27c6bcce894786a8e082eafd59eccbf6f2731cb https://gitlab.isc.org/isc-projects/bind9/-/commit/57cd34441a1b4ecc9874a4a106c2c95b8d7a3120 Conflict:yes Type: CVE (cherry picked from commit 0fedc4d5ad2af61f78c06695bd1265880f2925f2) 2024-11-11 19:28:06 +08:00			`From fdabf4b9570a60688f9f7d1e88d885f7a3718bca Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>`
			`Date: Fri, 1 Mar 2024 08:26:07 +0100`
			`Subject: [PATCH 1/3] Add a limit to the number of RRs in RRSets`

			`Previously, the number of RRs in the RRSets were internally unlimited.`
			`As the data structure that holds the RRs is just a linked list, and`
			`there are places where we just walk through all of the RRs, adding an`
			`RRSet with huge number of RRs inside would slow down processing of said`
			`RRSets.`

			`The fix for end-of-life branches make the limit compile-time only for`
			`simplicity and the limit can be changed at the compile time by adding`
			`following define to CFLAGS:`

			`-DDNS_RDATASET_MAX_RECORDS=<limit>`

			`(cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e)`

			`Conflict:NA`
			`Reference:https://gitlab.isc.org/isc-projects/bind9/-/commit/5360c90612abf51deb4a80b30e1da84fd61212a5`

			`---`
			`bind/bind-9.11.36/configure \| 2 +-`
			`bind/bind-9.11.36/configure.ac \| 2 +-`
			`bind/bind-9.11.36/lib/dns/rdataslab.c \| 12 ++++++++++++`
			`3 files changed, 14 insertions(+), 2 deletions(-)`

			`diff --git a/bind/bind-9.11.36/configure b/bind/bind-9.11.36/configure`
			`index 368112f..736ff49 100755`
			`--- a/bind/bind-9.11.36/configure`
			`+++ b/bind/bind-9.11.36/configure`
			`@@ -12185,7 +12185,7 @@ fi`
			`XTARGETS=`
			`case "$enable_developer" in`
			`yes)`
			`- STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1"`
			`+ STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"`
			`test "${enable_fixed_rrset+set}" = set \|\| enable_fixed_rrset=yes`
			`test "${enable_querytrace+set}" = set \|\| enable_querytrace=yes`
			`test "${enable_filter_aaaa+set}" = set \|\| enable_filter_aaaa=yes`
			`diff --git a/bind/bind-9.11.36/configure.ac b/bind/bind-9.11.36/configure.ac`
			`index 030c4d7..cc36b6c 100644`
			`--- a/bind/bind-9.11.36/configure.ac`
			`+++ b/bind/bind-9.11.36/configure.ac`
			`@@ -100,7 +100,7 @@ AC_ARG_ENABLE(developer,`
			`XTARGETS=`
			`case "$enable_developer" in`
			`yes)`
			`- STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1"`
			`+ STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"`
			`test "${enable_fixed_rrset+set}" = set \|\| enable_fixed_rrset=yes`
			`test "${enable_querytrace+set}" = set \|\| enable_querytrace=yes`
			`test "${enable_filter_aaaa+set}" = set \|\| enable_filter_aaaa=yes`
			`diff --git a/bind/bind-9.11.36/lib/dns/rdataslab.c b/bind/bind-9.11.36/lib/dns/rdataslab.c`
			`index b0f77b1..347b7d2 100644`
			`--- a/bind/bind-9.11.36/lib/dns/rdataslab.c`
			`+++ b/bind/bind-9.11.36/lib/dns/rdataslab.c`
			`@@ -115,6 +115,10 @@ fillin_offsets(unsigned char offsetbase, unsigned int offsettable,`
			`}`
			`#endif`

			`+#ifndef DNS_RDATASET_MAX_RECORDS`
			`+#define DNS_RDATASET_MAX_RECORDS 100`
			`+#endif /* DNS_RDATASET_MAX_RECORDS */`
			`+`
			`isc_result_t`
			`dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,`
			`isc_region_t *region, unsigned int reservelen)`
			`@@ -161,6 +165,10 @@ dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,`
			`return (ISC_R_SUCCESS);`
			`}`

			`+ if (nitems > DNS_RDATASET_MAX_RECORDS) {`
			`+ return (DNS_R_TOOMANYRECORDS);`
			`+ }`
			`+`
			`if (nitems > 0xffff)`
			`return (ISC_R_NOSPACE);`

			`@@ -654,6 +662,10 @@ dns_rdataslab_merge(unsigned char oslab, unsigned char nslab,`
			`#endif`
			`INSIST(ocount > 0 && ncount > 0);`

			`+ if (ocount + ncount > DNS_RDATASET_MAX_RECORDS) {`
			`+ return (DNS_R_TOOMANYRECORDS);`
			`+ }`
			`+`
			`#if DNS_RDATASET_FIXED`
			`oncount = ncount;`
			`#endif`
			`--`
			`2.33.0`