bind:fix CVE-2020-8625

Signed-off-by: liuzy518 <570407222@qq.com>
2021-02-18 15:42:46 +08:00 · 2021-02-18 15:42:46 +08:00 · 8924d2ed64
commit 8924d2ed64
parent ff72424d98
2 changed files with 22 additions and 1 deletions
--- a/CVE-2020-8625.patch
+++ b/CVE-2020-8625.patch
@ -0,0 +1,13 @@
+diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
+index dea108bad05..13cf15d7404 100644
+--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
+@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
+ 		return (ASN1_OVERRUN);
+ 	}
+ 
+-	data->components = malloc(len * sizeof(*data->components));
+	data->components = malloc((len + 1) * sizeof(*data->components));
+ 	if (data->components == NULL) {
+ 		return (ENOMEM);
+ 	}
--- a/bind.spec
+++ b/bind.spec
@ -19,7 +19,7 @@ Name:           bind
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPLv2.0
 Version:        9.11.21
-Release:        4
+Release:        5
 Epoch:          32
 Url:            http://www.isc.org/products/BIND/
 Source0:        https://ftp.isc.org/isc/bind9/9.11.21/bind-%{version}.tar.gz
@ -160,6 +160,7 @@ Patch191: CVE-2020-8622.patch
 Patch192: CVE-2020-8623.patch
 Patch193: CVE-2020-8624.patch
 Patch194: Fix_the_difference_at_the_macro_definition_using_clock_gettime_instead_of_gettimeofda.patch
+Patch195: CVE-2020-8625.patch

 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@ -363,6 +364,7 @@ are used for building ISC DHCP.
 %patch192 -p1
 %patch193 -p1
 %patch194 -p1
+%patch195 -p1

 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data
@ -1148,6 +1150,12 @@ rm -rf ${RPM_BUILD_ROOT}


 %changelog
+* Thu Feb 18 2021 liulong <liulong20@huawei.com> - 9.11.21-5
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2020-8625
+
 * Wed Jan 13 2021 gaihuiying <gaihuiying1@huawei.com> - 9.11.21-4
 - Type:requirement
 - ID:NA