1 files changed, 89 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
new file mode 100644
index 0000000000..19d8df1c2d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
@@ -0,0 +1,89 @@
+The patch to fix CVE-2011-4313
+
+Upstream-Status: Backport
+
+Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
+
+query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
+through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
+through 9.9.0b1 allows remote attackers to cause a denial of service
+(assertion failure and named exit) via unknown vectors related to recursive DNS
+queries, error logging, and the caching of an invalid record by the resolver.
+
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ bin/named/query.c |   19 ++++++++-----------
+ lib/dns/rbtdb.c   |    4 ++--
+ 2 files changed, 10 insertions(+), 13 deletions(-)
+
+--- a/bin/named/query.c
++++ b/bin/named/query.c
+@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			/*
+-			 * Negative cache entries don't have sigrdatasets.
+-			 */
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
+ 		goto setcache;
+ 	if (result == DNS_R_NCACHENXRRSET) {
+ 		dns_rdataset_disassociate(rdataset);
+-		/*
+-		 * Negative cache entries don't have sigrdatasets.
+-		 */
+-		INSIST(! dns_rdataset_isassociated(sigrdataset));
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
+ 	}
+ 	if (result == ISC_R_SUCCESS) {
+ 		/* Remember the result as a cache */
+--- a/lib/dns/rbtdb.c
++++ b/lib/dns/rbtdb.c
+@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
+ 			      rdataset);
+ 		if (need_headerupdate(found, search.now))
+ 			update = found;
+-		if (foundsig != NULL) {
++		if (!NEGATIVE(found) && foundsig != NULL) {
+ 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
+ 				      sigrdataset);
+ 			if (need_headerupdate(foundsig, search.now))
+@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
+ 	}
+ 	if (found != NULL) {
+ 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+ 				      sigrdataset);
+ 	}
+@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
+ 	}
+ 	if (found != NULL) {
+ 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+ 				      sigrdataset);
+ 	}