os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add SA-16:12 and SA-16:13.

Browse source
This commit is contained in:
Xin LI 2016-03-10 10:18:18 +00:00
parent d6215fb9d9
commit 2e3c7704e0
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=48363
13 changed files with 4126 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

238
share/security/advisories/FreeBSD-SA-16:12.openssl.asc Normal file
View file

@ -0,0 +1,238 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:12.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2016-03-10
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-03-04 00:40:15 UTC (stable/10, 10.2-BETA3)
2016-03-03 07:30:55 UTC (releng/10.2, 10.2-RELEASE-p13)
2016-03-03 07:30:55 UTC (releng/10.1, 10.1-RELEASE-p30)
2016-03-10 03:58:48 UTC (stable/9, 9.3-STABLE)
2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
CVE Name: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705
CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and
non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP
or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability
is known as DROWN. [CVE-2016-0800]
A double free bug was discovered when OpenSSL parses malformed DSA private
keys and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare. [CVE-2016-0705]
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. [CVE-2016-0798]
In the BN_hex2bn function, the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL pointer dereference. For very large values of
|i|, the calculation |i * 4| could be a positive value smaller than |i|. In
this case memory is allocated to the internal BIGNUM data field, but it is
insufficiently sized leading to heap corruption. A similar issue exists in
BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is
ever called by user applications with very large untrusted hex/dec data. This
is anticipated to be a rare occurrence. [CVE-2016-0797]
The internal |fmtstr| function used in processing a "%s" formatted string in
the BIO_*printf functions could overflow while calculating the length of
a string and cause an out-of-bounds read when printing very long strings.
[CVE-2016-0799]
A side-channel attack was found which makes use of cache-bank conflicts on the
Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA
keys. [CVE-2016-0702]
s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they displace encrypted-key
bytes. [CVE-2016-0703]
s2_srvr.c overwrites the wrong bytes in the master key when applying
Bleichenbacher protection for export cipher suites. [CVE-2016-0704]
III. Impact
Servers that have SSLv2 protocol enabled are vulnerable to the "DROWN" attack
which allows a remote attacker to fast attack many recorded TLS connections
made to the server, even when the client did not make any SSLv2 connections
themselves.
An attacker who can supply malformed DSA private keys to OpenSSL applications
may be able to cause memory corruption which would lead to a Denial of
Service condition. [CVE-2016-0705]
An attacker connecting with an invalid username can cause memory leak, which
could eventually lead to a Denial of Service condition. [CVE-2016-0798]
An attacker who can inject malformed data into an application may be able
to cause memory corruption which would lead to a Denial of Service
condition. [CVE-2016-0797, CVE-2016-0799]
A local attacker who has control of code in a thread running on the same
hyper-threaded core as the victim thread which is performing decryptions
could recover RSA keys. [CVE-2016-0702]
An eavesdropper who can intercept SSLv2 handshake can conduct an efficient
divide-and-conquer key recovery attack and use the server as an oracle to
determine the SSLv2 master-key, using only 16 connections to the server
and negligible computation. [CVE-2016-0703]
An attacker can use the Bleichenbacher oracle, which enables more efficient
variant of the DROWN attack. [CVE-2016-0704]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Restart all deamons using the library, or reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz.asc
# gpg --verify openssl-9.3.patch.xz.asc
Note that the initial patch version contains a serious regression that
would lead to crash. The following patch must be applied to address it.
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch.asc
# gpg --verify openssl-9.3-fix.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz.asc
# gpg --verify openssl-10.1.patch.xz.asc
[FreeBSD 10.2]
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch
# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch.asc
# gpg --verify openssl-10.2.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r296598
releng/9.3/ r296611
stable/10/ r296371
releng/10.1/ r296341
releng/10.2/ r296341
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.openssl.org/news/secadv/20160301.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAEBCgAGBQJW4UchAAoJEO1n7NZdz2rnNC8P/2YSnc2DaOH37BZXKBKCt2iv
rzTlQ6Cdr2n3r0k6Ayp1MonEfndWl9d86us6Z5ssfMrNsmJGWZv3Yj1Y8H12HE8+
ZhHCJ44ZYbyaDSe/vigG1S+xYILKP6uOxJYPWH5lXD9Yr20dHIJ8s3e9Jsai8aY2
aXMSVz67t84QJUoxAf5yEDsmY2drA5myppkRCRB1Xcb3qVebgwwQ4XkB+rJjjNjg
rG0DFbTxLnStr/geEDC+WdeAzLH6D035gFRkHL6uIOfOX8UcYNnf4pVXUgymWJzI
E/su+Cij/ckhV6UuOyNvKgN8uEs5XCny/10LKHqpPDhcYY6L8Dg47rI+2acOdFUi
5+79rx7+gUs71zC4D6hFCldUqOVpNYDRBYhX+MNqYkLn5XYEffbckv5zSkg53+aE
Rf1G90VcC+yHRFu2hgCTOGXsayOAJhvCRTnuqLncKpznFSRD+1a3XUm2zS79gfpN
f/uYIYmPbE1/uCU4StAlemdiH5vhYoWsP8tkBJsL8s6jMbV1REqukPJUPdDSaJmj
rHLvige7yr1QTWYBQ1ghRXJml+3xDSst/RZzqn+QelsDoUwa1wJa6kc5Ki74eXmi
XyuklOME8cbfUc8TPLqv4Lqbvr0nGK71jT0M7zG+eQTJsUls5EFBPhWL/6+SU29I
Lb+5Q4Wn9Qlmxfj0Nm3U
=f6Cw
-----END PGP SIGNATURE-----

149
share/security/advisories/FreeBSD-SA-16:13.bind.asc Normal file
View file

@ -0,0 +1,149 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:13.bind Security Advisory
The FreeBSD Project
Topic: Multiple BIND vulnerabilities
Category: contrib
Module: bind
Announced: 2016-03-10
Credits: ISC
Affects: FreeBSD 9.x
Corrected: 2016-03-10 07:47:55 UTC (stable/9, 9.3-STABLE)
2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
CVE Name: CVE-2016-1285, CVE-2016-1286
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
II. Problem Description
Testing by ISC has uncovered a defect in control channel input handling
which can cause named to exit due to an assertion failure in sexpr.c
or alist.c when a malformed packet is sent to named's control channel
(the interface which allows named to be controlled using the "rndc"
server control utility). [CVE-2016-1285]
An error when parsing signature records for DNAME records having specific
properties can lead to named exiting due to an assertion failure in
resolver.c or db.c. [CVE-2016-1286]
III. Impact
A remote attacker can deliberately trigger the failed assertion if the
DNS server accepts remote rndc commands regardless if authentication
is configured. Note that this is not enabled by default. [CVE-2016-1285]
A remote attacker who can cause a server to make a query deliberately
chosen to generate a response containing a signature record which
would trigger a failed assertion and cause named to stop. Disabling
DNSsec does not provide protection against this vulnerability.
[CVE-2016-1286]
IV. Workaround
No workaround is available, but hosts not running named(8) are not
vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The named service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The named service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:13/bind.patch
# fetch https://security.FreeBSD.org/patches/SA-16:13/bind.patch.asc
# gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the named(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r296608
releng/9.3/ r296611
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://kb.isc.org/article/AA-01352>
<URL:https://kb.isc.org/article/AA-01353>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAEBCgAGBQJW4UdUAAoJEO1n7NZdz2rnmRwQAIXDSu/gX5A+CFv6+9/2ak+H
3JOMO8p7KSKWhc1Hh7uqTUEy04lmpUylzK6Kj3h5PDNVaObxCcqsCAdy9xLYv8Q6
scBLeaDRPnwVQ1Mb/pkx1pdKSG7oKjY00PY0/hTKOVJUC1tJIoiAX8ExFqt53UKc
LHjzrFrHh/0lBebYj8jmqW8Pxhi8nluuwWhtrwFgiG/XR15k69TRjPHnLOfXVwqs
ORJb/8pVHYsNkGP3JB1xWMVs1nKLjzc7+Gm43OmLCa6QeLgQWqYmguoUl0FEHpoI
nPqlukYT3V9BfMR+fwoNXXUjgjiK66onvS/O3yhyCPCrRgnw0ZVVSF2jbPUhT638
p1QwN9snoTzxY0CpCjcjpZvf9Zhfyzc8UFnl2hm0rmAuCiOPBTeJ16AG3a8S40vF
/xoq4P6gNxUTQrPpGmG3Z/tfUQsxIpzib9D6ncDD5feuRyLB9y/MQSK1wxZjXDjk
2Bmaqk5foXNJfNEViNfJ4yy2qqED114ZpPIcDbSyIX9HeiKBo9BTEZ7Q9nEUHurN
GcnvimUuhk+hYJDEsELDSGDSLT6aMaD/hXVTMQeQwxQKh7QDFfzJsUlA44tqB56V
sn6VfIiA++K/JAFrAExD2FhtaIlOsUx24dUYkhcfNuVVBm3lgGCECeKGFxdNu2SM
kRc1+1ihyNRolL47E3s/
=OncW
-----END PGP SIGNATURE-----

BIN
share/security/patches/SA-16:12/openssl-10.1.patch.xz Normal file
View file

Binary file not shown.

17
share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAABCgAGBQJW4Uc7AAoJEO1n7NZdz2rnFUkQAOUocmwrJu8r9mDZ0qrpdz9k
qR3UyO3MY6HAdo+j1Sa5t7QaKKM/Ddp+zAMgoNCkb7vzr0wn5HcXcmEzQ4TrCBW9
igFZSyqR6KRWjgJ5HbzkynIJ14983/vAkrVh6t1lU2Z9sBn3g0+I+GW7WLumCxt9
eXk+eqrHeWK/RfUNdTeQxBU4ZLgre85xiRJXEBJdoqnpfcvfQ7TtCL9O6tFPg1TX
ZoMPx8g2+SsNXyBkULWuntim4w+zF+eNo9XxRAIvmLzZki5fXIvb10lH6VZQJMKL
RP36m++1a6zI47xRBH7JoVdHcINAfCPdKmHNtcX34lEsCnF2N1bpUkcWlL9H1G0Q
qEXp6wuVttiB5TNC+tNCqui68F3QnZEzvgCBRDDBA9Qi8KZa6+B4jHAhGE0lVBBR
wYvYYlKgh0T/Tm0b2OWqlgV948A4uYa3jXUf3sLlH8VsUhLioL8L3Ou0dUqGWn9L
w1QZwey+6q7aGu5DTxfkD32fTJOkQET4Mjri9+aQSbGv25//4T9JRx3NYW+tX8KG
1rdLcI+f9SiBNtudI0nbSfKis6GKfTtgW+nNEXMc6WffRrQvx1/CDKmpAbjM/Tjc
jm+n4JS5UosWQKHmz9AahsKJSnJbiFH2PrRwADrdtcruxwj9apHm6RajPqOWHqsb
DF+5gvdzOebBGCd0C13t
=6ui0
-----END PGP SIGNATURE-----

2963
share/security/patches/SA-16:12/openssl-10.2.patch Normal file
View file

File diff suppressed because it is too large Load diff

17
share/security/patches/SA-16:12/openssl-10.2.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAABCgAGBQJW4Uc6AAoJEO1n7NZdz2rnrIoP/2/UGUonUC5BKXx4zf32rNSh
TbyYxBTZiQAEqhUaK3H8B/F0ez3gmhv7KN4mXBy0IzCNzCrstq467EaCIhzeYVwR
xwvKUwJptE75YjsqqGR5g6gr2AL9bSNdSt9nOCsRfYlvqU67V0VaLu4daxuok6Wz
V6T7kySTJlFWNKyLtL1GZwX8CU2C1r63+dzQHF/vNKCnHXott6zgvS2NjAfIOs8z
OFXh5RTEdZuyXzyTPd62SZGpZRVfvVIr/oZPOeVvQWbpUSN5UZjFHxA0l47rOJ/Z
3qZENsxm43JKpUOE7dw16mD/0GVT+lXNmwei4KBNzQPnCeuDCF391uq2Xy5c2d3C
af+PFH5305IgleKGV7yNfJ16AD+gQiOPORMcv4gtFiw8HN9hzXf0phKOfS6QEkW8
PgVFJz171iQsV0dRugCeNcGegRthLDJ02U+aZ345wH10cYCvIJnzr4tEQqsTz6sb
ZavJz62PWf1IpACdjJbEV+h16uHgqMXw9WImEhsjhIrtScvxfPzJVqAlkFbKJHPU
oRm4iDmz5NTIUDEgTGP5NhqeE5+r/6uqhwVl7iCdKRVwy19XgixIJUC3ltfP3oPl
eMq8Of5358n/vjB1h5gWJi+fIuLn+5NiRAAUu+kcXSdPuNb98DCKYXnD2plf2v1j
GUydikj+tgEMgvW/+BaZ
=X7i6
-----END PGP SIGNATURE-----

247
share/security/patches/SA-16:12/openssl-9.3-fix.patch Normal file
View file

@ -0,0 +1,247 @@
--- crypto/openssl/crypto/bn/bn_exp.c.orig
+++ crypto/openssl/crypto/bn/bn_exp.c
@@ -107,13 +107,13 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
- */
-
-#include "cryptlib.h"
-#include "constant_time_locl.h"
-#include "bn_lcl.h"
-
-/* maximum precomputation table size for *variable* sliding windows */
+ */
+
+#include "cryptlib.h"
+#include "constant_time_locl.h"
+#include "bn_lcl.h"
+
+/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
/* this one works - simple but works */
@@ -521,79 +521,79 @@
* pattern as far as cache lines are concerned. The following functions are
* used to transfer a BIGNUM from/to that table.
*/
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
- unsigned char *buf, int idx,
- int window)
-{
- int i, j;
- int width = 1 << window;
- BN_ULONG *table = (BN_ULONG *)buf;
-
- if (bn_wexpand(b, top) == NULL)
- return 0;
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+ int window)
+{
+ int i, j;
+ int width = 1 << window;
+ BN_ULONG *table = (BN_ULONG *)buf;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
while (b->top < top) {
- b->d[b->top++] = 0;
- }
-
- for (i = 0, j = idx; i < top; i++, j += width) {
- table[j] = b->d[i];
- }
-
- bn_correct_top(b);
+ b->d[b->top++] = 0;
+ }
+
+ for (i = 0, j = idx; i < top; i++, j += width) {
+ table[j] = b->d[i];
+ }
+
+ bn_correct_top(b);
return 1;
}
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
- unsigned char *buf, int idx,
- int window)
-{
- int i, j;
- int width = 1 << window;
- volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
-
- if (bn_wexpand(b, top) == NULL)
- return 0;
-
- if (window <= 3) {
- for (i = 0; i < top; i++, table += width) {
- BN_ULONG acc = 0;
-
- for (j = 0; j < width; j++) {
- acc |= table[j] &
- ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
- }
-
- b->d[i] = acc;
- }
- } else {
- int xstride = 1 << (window - 2);
- BN_ULONG y0, y1, y2, y3;
-
- i = idx >> (window - 2); /* equivalent of idx / xstride */
- idx &= xstride - 1; /* equivalent of idx % xstride */
-
- y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
- y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
- y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
- y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
-
- for (i = 0; i < top; i++, table += width) {
- BN_ULONG acc = 0;
-
- for (j = 0; j < xstride; j++) {
- acc |= ( (table[j + 0 * xstride] & y0) |
- (table[j + 1 * xstride] & y1) |
- (table[j + 2 * xstride] & y2) |
- (table[j + 3 * xstride] & y3) )
- & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
- }
-
- b->d[i] = acc;
- }
- }
-
- b->top = top;
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+ int window)
+{
+ int i, j;
+ int width = 1 << window;
+ volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+
+ if (window <= 3) {
+ for (i = 0; i < top; i++, table += width) {
+ BN_ULONG acc = 0;
+
+ for (j = 0; j < width; j++) {
+ acc |= table[j] &
+ ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+ }
+
+ b->d[i] = acc;
+ }
+ } else {
+ int xstride = 1 << (window - 2);
+ BN_ULONG y0, y1, y2, y3;
+
+ i = idx >> (window - 2); /* equivalent of idx / xstride */
+ idx &= xstride - 1; /* equivalent of idx % xstride */
+
+ y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+ y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
+ y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
+ y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
+
+ for (i = 0; i < top; i++, table += width) {
+ BN_ULONG acc = 0;
+
+ for (j = 0; j < xstride; j++) {
+ acc |= ( (table[j + 0 * xstride] & y0) |
+ (table[j + 1 * xstride] & y1) |
+ (table[j + 2 * xstride] & y2) |
+ (table[j + 3 * xstride] & y3) )
+ & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+ }
+
+ b->d[i] = acc;
+ }
+ }
+
+ b->top = top;
bn_correct_top(b);
return 1;
}
@@ -684,13 +684,13 @@
/*
* Initialize the intermediate result. Do this early to save double
* conversion, once each for a^0 and intermediate result.
- */
- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, window))
- goto err;
-
- /* Initialize computeTemp as a^1 with montgomery precalcs */
+ */
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, window))
+ goto err;
+
+ /* Initialize computeTemp as a^1 with montgomery precalcs */
computeTemp = BN_CTX_get(ctx);
am = BN_CTX_get(ctx);
if (computeTemp == NULL || am == NULL)
@@ -703,13 +703,13 @@
} else
aa = a;
if (!BN_to_montgomery(am, aa, mont, ctx))
- goto err;
- if (!BN_copy(computeTemp, am))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, window))
- goto err;
-
- /*
+ goto err;
+ if (!BN_copy(computeTemp, am))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, window))
+ goto err;
+
+ /*
* If the window size is greater than 1, then calculate
* val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers
* could instead be computed as (a^(i/2))^2 to use the slight performance
@@ -718,14 +718,14 @@
if (window > 1) {
for (i = 2; i < numPowers; i++) {
/* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery
- (computeTemp, am, computeTemp, mont, ctx))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i,
- window))
- goto err;
- }
- }
+ if (!BN_mod_mul_montgomery
+ (computeTemp, am, computeTemp, mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i,
+ window))
+ goto err;
+ }
+ }
/*
* Adjust the number of bits up to a multiple of the window size. If the
@@ -758,7 +758,7 @@
* Fetch the appropriate pre-computed value from the pre-buf
*/
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
- (computeTemp, top, powerbuf, wvalue, numPowers))
+ (computeTemp, top, powerbuf, wvalue, window))
goto err;
/* Multiply the result into the intermediate result */

17
share/security/patches/SA-16:12/openssl-9.3-fix.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAABCgAGBQJW4Uc6AAoJEO1n7NZdz2rnlbcQAOE5i1wKTaq6tM3neMf7CRfd
lsb+VIHnaPu4kZFhUKxCx0XhdaZ1UF/lB0x4VMOb8GKwLcz7r/0vjym0ibuyW+T6
/8oPzpZAsVM8KQEs4YzJDOPbG/Pq2TQJyvDSo1QtupyckaQlRMy9mPwWxxnrP6qQ
poxqDP3UHYx8bl4PtTzYIX9b14d3ZFfcdyTrHGOQhhyCN76EBMRyfmGQqpXrOxcn
BsHO94a/slwjB+8OL6InUe91y8hVVazC2zT+KkDP8IAx61Z0y0lHJaQd3eRB+shm
i67XBoOV+m12y4pI+ic3/Yg/BH9OwMMd+msJ83V/8bA6EmG7+AkuTEKcWXrCpHeX
zWG6HbycZM2vuPdUG6j7ofZlCanNI8uMlVk4rCRi7zAcj0jSMRX1sjukwITt2nJ2
32uIdAdGNJ1+6bjMgiAGGYzjaq7YFWrS6lMQsYTswJ5dQFxYhT0yqxbrWtgG6Dqw
GIWoUrcSvPtVjqOa48lH2G+gny0vOvuElb7OZYNmRmIWbR2YBolKjBE1Oz665OkV
9xfRAMdDMKAkLZAai+0HB5HNuoe9/M+jmQc+wBV94aH0KwW7E38HW1Njs7HSEuoT
YpD5ZA7VoLKKtZqzpoJH6qVrIyTc7T0hRYLI6IWE5xOX9mSRRSeMGshuzE4L0tce
TAsjrzJeJx/kCH7VmUIt
=enos
-----END PGP SIGNATURE-----

BIN
share/security/patches/SA-16:12/openssl-9.3.patch.xz Normal file
View file

Binary file not shown.

17
share/security/patches/SA-16:12/openssl-9.3.patch.xz.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAABCgAGBQJW4Uc7AAoJEO1n7NZdz2rnjuwP/0FNSZquQqyi82z9F21XXrZO
X/jXgY4YGYRuUj08G9rnGV1i7dBzVwILP+8dssDvYH/I+GvH4LxP2ZlAoB2eH6a5
zfXw4t8qx82gHDlSmB1Dl4x/Dp0KDHTVuyL4ndJ62mhdYEuYbp5nwGV91qJXSAKh
2gDqhT6OPQBVwMFE8aBAqzgjGATuix5Nghz0a0Y2U/rwTBo/lC2kEIUtwYijHlOp
ec9RKA4xGkZXQRPKZHKpNO55nLa/eCK2xNBj/mfFoPj2wObvc0oKBAKVHrHxanlZ
GzS1N4Q+Wez9wD4kwC4lHRf7sGu7S9wctRrguh30NFvfmV/ohDqrV9q9xJi4x7DR
kURN9AWm0i//jme62APHonfLRixBFb224tMeA8I9Ukq1vXLmiEhof1UH6XluuuMd
I7hqnsJI0OnnrMVOxUohWNLJKqwf/CrotSya0QA7V++zNXGTe1qhiQy6dzCnKv33
FRq4eHN7gvMFbWJEHrfD0lDL4w+uHgpF98X65mPUDHgdTu1gB1UapTIdHZq0liCB
KshW62lZnKWiKc1ruiJTRGW/lkRRxGmsIjkXu8z84+No6RVqnDrKEcnjIShTKI4W
QTWKvsli19xWzMV8Z0uEFI1ZytnT6quaEladlcV1twvDTIvMYmti3LePncy6ll4Y
l1lvgiSD5ZryDIirSEpz
=4aXD
-----END PGP SIGNATURE-----

428
share/security/patches/SA-16:13/bind.patch Normal file
View file

@ -0,0 +1,428 @@
--- contrib/bind9/bin/named/control.c.orig
+++ contrib/bind9/bin/named/control.c
@@ -69,7 +69,7 @@
#endif
data = isccc_alist_lookup(message, "_data");
- if (data == NULL) {
+ if (!isccc_alist_alistp(data)) {
/*
* No data section.
*/
--- contrib/bind9/bin/named/controlconf.c.orig
+++ contrib/bind9/bin/named/controlconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -396,7 +396,7 @@
* Limit exposure to replay attacks.
*/
_ctrl = isccc_alist_lookup(request, "_ctrl");
- if (_ctrl == NULL) {
+ if (!isccc_alist_alistp(_ctrl)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup_request;
}
--- contrib/bind9/bin/rndc/rndc.c.orig
+++ contrib/bind9/bin/rndc/rndc.c
@@ -252,8 +252,8 @@
DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
data = isccc_alist_lookup(response, "_data");
- if (data == NULL)
- fatal("no data section in response");
+ if (!isccc_alist_alistp(data))
+ fatal("bad or missing data section in response");
result = isccc_cc_lookupstring(data, "err", &errormsg);
if (result == ISC_R_SUCCESS) {
failed = ISC_TRUE;
@@ -316,8 +316,8 @@
DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
_ctrl = isccc_alist_lookup(response, "_ctrl");
- if (_ctrl == NULL)
- fatal("_ctrl section missing");
+ if (!isccc_alist_alistp(_ctrl))
+ fatal("bad or missing ctrl section in response");
nonce = 0;
if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
nonce = 0;
--- contrib/bind9/lib/dns/resolver.c.orig
+++ contrib/bind9/lib/dns/resolver.c
@@ -5385,14 +5385,11 @@
}
static inline isc_result_t
-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
- dns_name_t *oname, dns_fixedname_t *fixeddname)
+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
+ unsigned int nlabels, dns_fixedname_t *fixeddname)
{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
- unsigned int nlabels;
- int order;
- dns_namereln_t namereln;
dns_rdata_dname_t dname;
dns_fixedname_t prefix;
@@ -5407,21 +5404,6 @@
if (result != ISC_R_SUCCESS)
return (result);
- /*
- * Get the prefix of qname.
- */
- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
- if (namereln != dns_namereln_subdomain) {
- char qbuf[DNS_NAME_FORMATSIZE];
- char obuf[DNS_NAME_FORMATSIZE];
-
- dns_rdata_freestruct(&dname);
- dns_name_format(qname, qbuf, sizeof(qbuf));
- dns_name_format(oname, obuf, sizeof(obuf));
- log_formerr(fctx, "unrelated DNAME in answer: "
- "%s is not in %s", qbuf, obuf);
- return (DNS_R_FORMERR);
- }
dns_fixedname_init(&prefix);
dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
dns_fixedname_init(fixeddname);
@@ -6034,13 +6016,13 @@
answer_response(fetchctx_t *fctx) {
isc_result_t result;
dns_message_t *message;
- dns_name_t *name, *qname, tname, *ns_name;
+ dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t done, external, chaining, aa, found, want_chaining;
isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
unsigned int aflag;
dns_rdatatype_t type;
- dns_fixedname_t dname, fqname;
+ dns_fixedname_t fdname, fqname;
dns_view_t *view;
FCTXTRACE("answer_response");
@@ -6068,10 +6050,15 @@
view = fctx->res->view;
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (!done && result == ISC_R_SUCCESS) {
+ dns_namereln_t namereln;
+ int order;
+ unsigned int nlabels;
+
name = NULL;
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
- if (dns_name_equal(name, qname)) {
+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
+ if (namereln == dns_namereln_equal) {
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
@@ -6196,10 +6183,11 @@
*/
INSIST(!external);
if (aflag ==
- DNS_RDATASETATTR_ANSWER)
+ DNS_RDATASETATTR_ANSWER) {
have_answer = ISC_TRUE;
- name->attributes |=
- DNS_NAMEATTR_ANSWER;
+ name->attributes |=
+ DNS_NAMEATTR_ANSWER;
+ }
rdataset->attributes |= aflag;
if (aa)
rdataset->trust =
@@ -6254,6 +6242,8 @@
if (wanted_chaining)
chaining = ISC_TRUE;
} else {
+ dns_rdataset_t *dnameset = NULL;
+
/*
* Look for a DNAME (or its SIG). Anything else is
* ignored.
@@ -6261,32 +6251,56 @@
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
- rdataset = ISC_LIST_NEXT(rdataset, link)) {
- isc_boolean_t found_dname = ISC_FALSE;
- dns_name_t *dname_name;
+ rdataset = ISC_LIST_NEXT(rdataset, link))
+ {
+ /*
+ * Only pass DNAME or RRSIG(DNAME).
+ */
+ if (rdataset->type != dns_rdatatype_dname &&
+ (rdataset->type != dns_rdatatype_rrsig ||
+ rdataset->covers != dns_rdatatype_dname))
+ continue;
- found = ISC_FALSE;
+ /*
+ * If we're not chaining, then the DNAME and
+ * its signature should not be external.
+ */
+ if (!chaining && external) {
+ char qbuf[DNS_NAME_FORMATSIZE];
+ char obuf[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(name, qbuf,
+ sizeof(qbuf));
+ dns_name_format(&fctx->domain, obuf,
+ sizeof(obuf));
+ log_formerr(fctx, "external DNAME or "
+ "RRSIG covering DNAME "
+ "in answer: %s is "
+ "not in %s", qbuf, obuf);
+ return (DNS_R_FORMERR);
+ }
+
+ if (namereln != dns_namereln_subdomain) {
+ char qbuf[DNS_NAME_FORMATSIZE];
+ char obuf[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(qname, qbuf,
+ sizeof(qbuf));
+ dns_name_format(name, obuf,
+ sizeof(obuf));
+ log_formerr(fctx, "unrelated DNAME "
+ "in answer: %s is "
+ "not in %s", qbuf, obuf);
+ return (DNS_R_FORMERR);
+ }
+
aflag = 0;
if (rdataset->type == dns_rdatatype_dname) {
- /*
- * We're looking for something else,
- * but we found a DNAME.
- *
- * If we're not chaining, then the
- * DNAME should not be external.
- */
- if (!chaining && external) {
- log_formerr(fctx,
- "external DNAME");
- return (DNS_R_FORMERR);
- }
- found = ISC_TRUE;
want_chaining = ISC_TRUE;
POST(want_chaining);
aflag = DNS_RDATASETATTR_ANSWER;
- result = dname_target(fctx, rdataset,
- qname, name,
- &dname);
+ result = dname_target(rdataset, qname,
+ nlabels, &fdname);
if (result == ISC_R_NOSPACE) {
/*
* We can't construct the
@@ -6298,90 +6312,73 @@
} else if (result != ISC_R_SUCCESS)
return (result);
else
- found_dname = ISC_TRUE;
+ dnameset = rdataset;
- dname_name = dns_fixedname_name(&dname);
+ dname = dns_fixedname_name(&fdname);
if (!is_answertarget_allowed(view,
- qname,
- rdataset->type,
- dname_name,
- &fctx->domain)) {
+ qname, rdataset->type,
+ dname, &fctx->domain)) {
return (DNS_R_SERVFAIL);
}
- } else if (rdataset->type == dns_rdatatype_rrsig
- && rdataset->covers ==
- dns_rdatatype_dname) {
+ } else {
/*
* We've found a signature that
* covers the DNAME.
*/
- found = ISC_TRUE;
aflag = DNS_RDATASETATTR_ANSWERSIG;
}
- if (found) {
+ /*
+ * We've found an answer to our
+ * question.
+ */
+ name->attributes |= DNS_NAMEATTR_CACHE;
+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
+ rdataset->trust = dns_trust_answer;
+ if (!chaining) {
/*
- * We've found an answer to our
- * question.
+ * This data is "the" answer to
+ * our question only if we're
+ * not chaining.
*/
- name->attributes |=
- DNS_NAMEATTR_CACHE;
- rdataset->attributes |=
- DNS_RDATASETATTR_CACHE;
- rdataset->trust = dns_trust_answer;
- if (!chaining) {
- /*
- * This data is "the" answer
- * to our question only if
- * we're not chaining.
- */
- INSIST(!external);
- if (aflag ==
- DNS_RDATASETATTR_ANSWER)
- have_answer = ISC_TRUE;
+ INSIST(!external);
+ if (aflag == DNS_RDATASETATTR_ANSWER) {
+ have_answer = ISC_TRUE;
name->attributes |=
DNS_NAMEATTR_ANSWER;
- rdataset->attributes |= aflag;
- if (aa)
- rdataset->trust =
- dns_trust_authanswer;
- } else if (external) {
- rdataset->attributes |=
- DNS_RDATASETATTR_EXTERNAL;
}
-
- /*
- * DNAME chaining.
- */
- if (found_dname) {
- /*
- * Copy the dname into the
- * qname fixed name.
- *
- * Although we check for
- * failure of the copy
- * operation, in practice it
- * should never fail since
- * we already know that the
- * result fits in a fixedname.
- */
- dns_fixedname_init(&fqname);
- result = dns_name_copy(
- dns_fixedname_name(&dname),
- dns_fixedname_name(&fqname),
- NULL);
- if (result != ISC_R_SUCCESS)
- return (result);
- wanted_chaining = ISC_TRUE;
- name->attributes |=
- DNS_NAMEATTR_CHAINING;
- rdataset->attributes |=
- DNS_RDATASETATTR_CHAINING;
- qname = dns_fixedname_name(
- &fqname);
- }
+ rdataset->attributes |= aflag;
+ if (aa)
+ rdataset->trust =
+ dns_trust_authanswer;
+ } else if (external) {
+ rdataset->attributes |=
+ DNS_RDATASETATTR_EXTERNAL;
}
}
+
+ /*
+ * DNAME chaining.
+ */
+ if (dnameset != NULL) {
+ /*
+ * Copy the dname into the qname fixed name.
+ *
+ * Although we check for failure of the copy
+ * operation, in practice it should never fail
+ * since we already know that the result fits
+ * in a fixedname.
+ */
+ dns_fixedname_init(&fqname);
+ qname = dns_fixedname_name(&fqname);
+ result = dns_name_copy(dname, qname, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ wanted_chaining = ISC_TRUE;
+ name->attributes |= DNS_NAMEATTR_CHAINING;
+ dnameset->attributes |=
+ DNS_RDATASETATTR_CHAINING;
+ }
if (wanted_chaining)
chaining = ISC_TRUE;
}
--- contrib/bind9/lib/isccc/cc.c.orig
+++ contrib/bind9/lib/isccc/cc.c
@@ -287,10 +287,10 @@
* Extract digest.
*/
_auth = isccc_alist_lookup(alist, "_auth");
- if (_auth == NULL)
+ if (!isccc_alist_alistp(_auth))
return (ISC_R_FAILURE);
hmd5 = isccc_alist_lookup(_auth, "hmd5");
- if (hmd5 == NULL)
+ if (!isccc_sexpr_binaryp(hmd5))
return (ISC_R_FAILURE);
/*
* Compute digest.
@@ -545,7 +545,7 @@
REQUIRE(ackp != NULL && *ackp == NULL);
_ctrl = isccc_alist_lookup(message, "_ctrl");
- if (_ctrl == NULL ||
+ if (!isccc_alist_alistp(_ctrl) ||
isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
return (ISC_R_FAILURE);
@@ -590,7 +590,7 @@
isccc_sexpr_t *_ctrl;
_ctrl = isccc_alist_lookup(message, "_ctrl");
- if (_ctrl == NULL)
+ if (!isccc_alist_alistp(_ctrl))
return (ISC_FALSE);
if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
return (ISC_TRUE);
@@ -603,7 +603,7 @@
isccc_sexpr_t *_ctrl;
_ctrl = isccc_alist_lookup(message, "_ctrl");
- if (_ctrl == NULL)
+ if (!isccc_alist_alistp(_ctrl))
return (ISC_FALSE);
if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
return (ISC_TRUE);
@@ -623,7 +623,7 @@
_ctrl = isccc_alist_lookup(message, "_ctrl");
_data = isccc_alist_lookup(message, "_data");
- if (_ctrl == NULL || _data == NULL ||
+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
return (ISC_R_FAILURE);
@@ -812,7 +812,7 @@
isccc_sexpr_t *_ctrl;
_ctrl = isccc_alist_lookup(message, "_ctrl");
- if (_ctrl == NULL ||
+ if (!isccc_alist_alistp(_ctrl) ||
isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
return (ISC_R_FAILURE);

17
share/security/patches/SA-16:13/bind.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAABCgAGBQJW4UdnAAoJEO1n7NZdz2rnkqEP/jy9S6RFnw/Xs6JOtzCU2ytH
d4KQZcqcrR7imlvRu04HJVgYQHXdLOu6matartTAx5pXrLpN6R0KvPMhNdA5A03z
eGkJ9/O6eeA4y4dRa37mhXt18XAdUPJStxdCayFo30eef9RHNE6vvd0v0WJ1pree
RTHsDo/gmztdjP9cFT+FqX6rcfZT9rtlfgoEeJLCtGauWFSwQLSWf+FbYT+z/9Te
sVOANzu8lhmsOiRJlX+c5AsrkcAdtkRCd8NuzSasvACsSJNEZe6lKpCLV/mo5EQ0
ab6juv5TbRAB6FFlkTmt5sKnaPnzRkoYQ6NBP+MIkJwEFfRkr+vIN+HL8Nkppi8f
NYuchcREi3xh36Kngcxf+XlAUwLJUfphy5ozzQd1SRDwo8Ne18uQkvCFv80tVXAP
0NdRo3HhdFUCgsZNZkwDjQ62XEsZAvXmkdAi9K3cUttDFGLcMUxoiat1vyr+D8x2
suHMf2TMnqMkt7Kemu4oIUpFBKPv39MNS/jpCKloXpg0+pe9rzA+0kJI+Oavv8Ug
bibRdKfZBxUYwXAK7UB40Rr3iN8dD5DP7E+sW3IvZW5BKug4tg4BqsEeV5oBij5t
4pjudghKkBlZcRJFsUuwdIY6NDj0b07AwfCg3cPl0QL5KPZMpywCLQ/5Wu2ZtLMh
xro5vBX3tMouYg1Pqgcj
=EOBy
-----END PGP SIGNATURE-----

16
share/xml/advisories.xml
View file

@ -7,6 +7,22 @@
<year>
<name>2016</name>
<month>
<name>3</name>
<day>
<name>10</name>
<advisory>
<name>FreeBSD-SA-16:13.bind</name>
</advisory>
<advisory>
<name>FreeBSD-SA-16:12.openssl</name>
</advisory>
</day>
</month>
<month>
<name>1</name>