3621. [security] Incorrect bounds checking on private type 'keydata'

author Mark Andrews <marka@isc.org>

Tue, 16 Jul 2013 22:03:50 +0000 (08:03 +1000)

committer Mark Andrews <marka@isc.org>

Tue, 16 Jul 2013 22:10:16 +0000 (08:10 +1000)
author Mark Andrews <marka@isc.org>
Tue, 16 Jul 2013 22:03:50 +0000 (08:03 +1000)
committer Mark Andrews <marka@isc.org>
Tue, 16 Jul 2013 22:10:16 +0000 (08:10 +1000)
diff --git a/CHANGES b/CHANGES

index 2cfcb7b292f8357559043c6a48a4af32c16a4a6d..26c5c44c0165876f7a32749196a83cd38d6aa8c3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3621.  [security]      Incorrect bounds checking on private type 'keydata'
+                       can lead to a remotely triggerable REQUIRE failure
+                       (CVE-2013-4854). [RT #34238]
+
         --- 9.8.5-P1 released ---
  
  3584.  [security]      Caching data from an incompletely signed zone could
diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c

index 2592c30f6a08b5ab04cbf229010cdab330102f16..317e1a87246a7ad1ed3eb479abdd4097527d3fae 100644 (file)
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
         UNUSED(options);
  
         isc_buffer_activeregion(source, &sr);
-       if (sr.length < 4)
+       if (sr.length < 16)
                 return (ISC_R_UNEXPECTEDEND);
  
         isc_buffer_forward(source, sr.length);
author	Mark Andrews <marka@isc.org>
	Tue, 16 Jul 2013 22:03:50 +0000 (08:03 +1000)
committer	Mark Andrews <marka@isc.org>
	Tue, 16 Jul 2013 22:10:16 +0000 (08:10 +1000)
CHANGES		patch \| blob \| blame \| history
lib/dns/rdata/generic/keydata_65533.c		patch \| blob \| blame \| history