aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErwin Lansing <erwin@FreeBSD.org>2013-07-31 11:42:42 +0000
committerErwin Lansing <erwin@FreeBSD.org>2013-07-31 11:42:42 +0000
commitc0f8015ed0bc204456389f62b00f1e03c8b589b8 (patch)
tree6565dd4092e39e2b73b4391e4165f46fa4dadd20
parent6f34f6a389ca8199c4b20c17f62d7d924baef7fb (diff)
downloadsrc-c0f8015ed0bc204456389f62b00f1e03c8b589b8.tar.gz
src-c0f8015ed0bc204456389f62b00f1e03c8b589b8.zip
Vendor import of BIND 9.8.5-P2vendor/bind9/9.8.5-P2
Approved by: delphij (mentor, implicit) Sponsored by: DK Hostmaster A/S
Notes
Notes: svn path=/vendor/bind9/dist/; revision=253837 svn path=/vendor/bind9/9.8.5-P2/; revision=253838; tag=vendor/bind9/9.8.5-P2
-rw-r--r--CHANGES6
-rw-r--r--lib/dns/rdata/generic/keydata_65533.c2
-rw-r--r--version2
3 files changed, 8 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 2cfcb7b292f8..e8383c62baf4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+ --- 9.8.5-P2 released ---
+
+3621. [security] Incorrect bounds checking on private type 'keydata'
+ can lead to a remotely triggerable REQUIRE failure
+ (CVE-2013-4854). [RT #34238]
+
--- 9.8.5-P1 released ---
3584. [security] Caching data from an incompletely signed zone could
diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index 2592c30f6a08..317e1a87246a 100644
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
UNUSED(options);
isc_buffer_activeregion(source, &sr);
- if (sr.length < 4)
+ if (sr.length < 16)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_forward(source, sr.length);
diff --git a/version b/version
index 722bbe7f9b2f..7a518ed3ba84 100644
--- a/version
+++ b/version
@@ -9,4 +9,4 @@ MAJORVER=9
MINORVER=8
PATCHVER=5
RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2