diff --git a/backport-CVE-2024-43167.patch b/backport-CVE-2024-43167.patch new file mode 100644 index 0000000000000000000000000000000000000000..a8efd96e0749b9900b2fa3509bbb699e9f113efa --- /dev/null +++ b/backport-CVE-2024-43167.patch @@ -0,0 +1,45 @@ +From 8e43e2574c4e02f79c562a061581cdcefe136912 Mon Sep 17 00:00:00 2001 +From: zhailiangliang +Date: Tue, 21 May 2024 08:40:16 +0000 +Subject: [PATCH] fix null pointer dereference issue in function ub_ctx_set_fwd + of file libunbound/libunbound.c + +--- + libunbound/libunbound.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c +index 17057ec6..3c895514 100644 +--- a/libunbound/libunbound.c ++++ b/libunbound/libunbound.c +@@ -981,7 +981,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + if(!addr) { + /* disable fwd mode - the root stub should be first. */ + if(ctx->env->cfg->forwards && +- strcmp(ctx->env->cfg->forwards->name, ".") == 0) { ++ (ctx->env->cfg->forwards->name && ++ strcmp(ctx->env->cfg->forwards->name, ".") == 0)) { + s = ctx->env->cfg->forwards; + ctx->env->cfg->forwards = s->next; + s->next = NULL; +@@ -1001,7 +1002,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + /* it parses, add root stub in front of list */ + lock_basic_lock(&ctx->cfglock); + if(!ctx->env->cfg->forwards || +- strcmp(ctx->env->cfg->forwards->name, ".") != 0) { ++ (ctx->env->cfg->forwards->name && ++ strcmp(ctx->env->cfg->forwards->name, ".") != 0)) { + s = calloc(1, sizeof(*s)); + if(!s) { + lock_basic_unlock(&ctx->cfglock); +@@ -1019,6 +1021,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + ctx->env->cfg->forwards = s; + } else { + log_assert(ctx->env->cfg->forwards); ++ log_assert(ctx->env->cfg->forwards->name); + s = ctx->env->cfg->forwards; + } + dupl = strdup(addr); +-- +2.33.0 + diff --git a/backport-CVE-2024-43168.patch b/backport-CVE-2024-43168.patch new file mode 100644 index 0000000000000000000000000000000000000000..02dbd7a2d9e32be18e08034965263f3231d2fc5a --- /dev/null +++ b/backport-CVE-2024-43168.patch @@ -0,0 +1,28 @@ +From 193401e7543a1e561dd634a3eaae932fa462a2b9 Mon Sep 17 00:00:00 2001 +From: zhailiangliang +Date: Wed, 3 Apr 2024 15:40:58 +0800 +Subject: [PATCH] fix heap-buffer-overflow issue in function cfg_mark_ports of + file util/config_file.c + +--- + util/config_file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/util/config_file.c b/util/config_file.c +index 26185da0..e7b2f195 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1761,6 +1761,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + #endif + if(!mid) { + int port = atoi(str); ++ if(port < 0) { ++ log_err("Prevent out-of-bounds access to array avail"); ++ return 0; ++ } + if(port == 0 && strcmp(str, "0") != 0) { + log_err("cannot parse port number '%s'", str); + return 0; +-- +2.33.0 + diff --git a/unbound.spec b/unbound.spec index d3a38bba6fdc15ea9cf1113e34460bd0bb196b7d..f9f7fede9aedc1c4bf45e31cd71ac46ccb4a6cdd 100644 --- a/unbound.spec +++ b/unbound.spec @@ -2,7 +2,7 @@ Name: unbound Version: 1.13.2 -Release: 12 +Release: 13 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -28,6 +28,8 @@ Patch3: backport-CVE-2022-3204.patch Patch4: backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch Patch5: backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch Patch6: backport-CVE-2023-50387_CVE-2023-50868.patch +Patch7: backport-CVE-2024-43167.patch +Patch8: backport-CVE-2024-43168.patch BuildRequires: make flex swig pkgconfig systemd BuildRequires: libevent-devel expat-devel openssl-devel python3-devel @@ -252,6 +254,12 @@ popd %{_mandir}/man* %changelog +* Mon Aug 19 2024 gaihuiying - 1.13.2-13 +- Type:cves +- CVE:CVE-2024-43167 CVE-2024-43168 +- SUG:NA +- DESC:fix CVE-2024-43167 CVE-2024-43168 + * Tue Jun 25 2024 gaihuiying - 1.13.2-12 - Type:bugfix - CVE:NA