From 1b3d21180244529f0099894fe9d29beb3f11efb3 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 31 Dec 2015 13:43:21 +1100 Subject: [PATCH] 4285. [security] Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] --- CHANGES | 3 +++ doc/arm/notes.xml | 6 ++++++ lib/dns/rdata/in_1/apl_42.c | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 01af9bda63..1ea58e2f4f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4285. [security] Specific APL data could trigger a INSIST. + (CVE-2015-8704) [RT #41396] + 4284. [bug] Some GeoIP options were incorrectly documented using abbreviated forms which were not accepted by named. The code has been updated to allow both diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 1ec28bffaa..27e81fab31 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -153,6 +153,12 @@ named to allow access to unintended clients. + + + Specfic APL data could trigger a INSIST. This flaw was discovered + by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]. + +
New Features diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c index bedd38ebaa..28eb7f280b 100644 --- a/lib/dns/rdata/in_1/apl_42.c +++ b/lib/dns/rdata/in_1/apl_42.c @@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { isc_uint8_t len; isc_boolean_t neg; unsigned char buf[16]; - char txt[sizeof(" !64000")]; + char txt[sizeof(" !64000:")]; const char *sep = ""; int n; @@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) { isc_region_consume(&sr, 1); INSIST(len <= sr.length); n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, - neg ? "!": "", afi); + neg ? "!" : "", afi); INSIST(n < (int)sizeof(txt)); RETERR(str_totext(txt, target)); switch (afi) {