From: Mark Andrews Date: Thu, 31 Dec 2015 02:43:21 +0000 (+1100) Subject: 4285. [security] Specific APL data could trigger a INSIST. X-Git-Tag: v9.11.0a1~228 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=1b3d21180244529f0099894fe9d29beb3f11efb3;p=thirdparty%2Fbind9.git 4285. [security] Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] --- diff --git a/CHANGES b/CHANGES index 01af9bda639..1ea58e2f4f8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4285. [security] Specific APL data could trigger a INSIST. + (CVE-2015-8704) [RT #41396] + 4284. [bug] Some GeoIP options were incorrectly documented using abbreviated forms which were not accepted by named. The code has been updated to allow both diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 1ec28bffaa4..27e81fab31e 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -153,6 +153,12 @@ named to allow access to unintended clients. + + + Specfic APL data could trigger a INSIST. This flaw was discovered + by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]. + +
New Features diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c index bedd38ebaab..28eb7f280b3 100644 --- a/lib/dns/rdata/in_1/apl_42.c +++ b/lib/dns/rdata/in_1/apl_42.c @@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { isc_uint8_t len; isc_boolean_t neg; unsigned char buf[16]; - char txt[sizeof(" !64000")]; + char txt[sizeof(" !64000:")]; const char *sep = ""; int n; @@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) { isc_region_consume(&sr, 1); INSIST(len <= sr.length); n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, - neg ? "!": "", afi); + neg ? "!" : "", afi); INSIST(n < (int)sizeof(txt)); RETERR(str_totext(txt, target)); switch (afi) {