master

分支 (24)

标签 (19)

管理

管理

master

openEuler-24.03-LTS

openEuler-22.03-LTS-SP3

openEuler-24.03-LTS-Next

openEuler-24.09

openEuler-22.03-LTS-SP4

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP1

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-SP4

openEuler-23.09

openEuler-23.03

openEuler-22.09

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS

openEuler-20.03-LTS-Next

openEuler-21.09

openEuler-22.03-LTS-SP4-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

unbound
/
backport-CVE-2024-43167-CVE-2024-4316...

From 9ffcad93b6452d1a7c1c13fa2bc23f46c47f2dc6 Mon Sep 17 00:00:00 2001
From: wangxiaomeng <wangxiaomeng@kylinos.cn>
Date: Tue, 13 Aug 2024 15:03:59 +0800
Subject: [PATCH] backport CVE-2024-43167 CVE-2024-43168

---
 libunbound/libunbound.c | 7 +++++--
 util/config_file.c      | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c
index 80a82bb..c52114d 100644
--- a/libunbound/libunbound.c
+++ b/libunbound/libunbound.c
@@ -976,7 +976,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
 	if(!addr) {
 		/* disable fwd mode - the root stub should be first. */
 		if(ctx->env->cfg->forwards &&
-			strcmp(ctx->env->cfg->forwards->name, ".") == 0) {
+			(ctx->env->cfg->forwards->name &&
+			strcmp(ctx->env->cfg->forwards->name, ".") == 0)) {
 			s = ctx->env->cfg->forwards;
 			ctx->env->cfg->forwards = s->next;
 			s->next = NULL;
@@ -996,7 +997,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
 	/* it parses, add root stub in front of list */
 	lock_basic_lock(&ctx->cfglock);
 	if(!ctx->env->cfg->forwards ||
-		strcmp(ctx->env->cfg->forwards->name, ".") != 0) {
+		(ctx->env->cfg->forwards->name &&
+		strcmp(ctx->env->cfg->forwards->name, ".") != 0)) {
 		s = calloc(1, sizeof(*s));
 		if(!s) {
 			lock_basic_unlock(&ctx->cfglock);
@@ -1014,6 +1016,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
 		ctx->env->cfg->forwards = s;
 	} else {
 		log_assert(ctx->env->cfg->forwards);
+		log_assert(ctx->env->cfg->forwards->name);
 		s = ctx->env->cfg->forwards;
 	}
 	dupl = strdup(addr);
diff --git a/util/config_file.c b/util/config_file.c
index 6d357c5..7d0124f 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1745,6 +1745,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
 #endif
 	if(!mid) {
 		int port = atoi(str);
+		if(port < 0) {
+			log_err("Prevent out-of-bounds access to array avail");
+			return 0;
+		}
 		if(port == 0 && strcmp(str, "0") != 0) {
 			log_err("cannot parse port number '%s'", str);
 			return 0;
--
2.43.0