diff --git a/backport-fixed-a-possible-reference-leak-in-dns_resolver_crea.patch b/backport-fixed-a-possible-reference-leak-in-dns_resolver_crea.patch new file mode 100644 index 0000000000000000000000000000000000000000..bb28d12013ec01f304dfe2fdfe5aafa5d48ce061 --- /dev/null +++ b/backport-fixed-a-possible-reference-leak-in-dns_resolver_crea.patch @@ -0,0 +1,40 @@ +From e8ab719bc2f8794c914e849f82cf06ae128b34f3 Mon Sep 17 00:00:00 2001 +From: Evan Hunt +Date: Tue, 30 Apr 2024 14:38:07 +0800 +Subject: [PATCH] fixed a possible reference leak in dns_resolver_create() + +If an error occurred while creating the resolver, the mctx could +remain attached. + +--- + lib/dns/resolver.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 4b3d1c0..a5ef9e8 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -10379,10 +10379,6 @@ dns_resolver_create(dns_view_t *view, isc_taskmgr_t *taskmgr, + res->quotaresp[dns_quotatype_zone] = DNS_R_DROP; + res->quotaresp[dns_quotatype_server] = DNS_R_SERVFAIL; + isc_refcount_init(&res->references, 1); +- atomic_init(&res->exiting, false); +- atomic_init(&res->priming, false); +- atomic_init(&res->zspill, 0); +- atomic_init(&res->nfctx, 0); + ISC_LIST_INIT(res->whenshutdown); + ISC_LIST_INIT(res->alternates); + +@@ -10494,8 +10490,7 @@ cleanup_buckets: + dns_badcache_destroy(&res->badcache); + + cleanup_res: +- isc_mem_put(view->mctx, res, sizeof(*res)); +- ++ isc_mem_putanddetach(&res->mctx, res, sizeof(*res)); + return (result); + } + +-- +2.27.0 + diff --git a/bind.spec b/bind.spec index aec8d67097b6cd2ebbd00ff152f4c35cf6f77848..179c21d3db9e7cfbe4badaffb34fed15b8a9fd49 100644 --- a/bind.spec +++ b/bind.spec @@ -29,7 +29,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.18.21 -Release: 2 +Release: 3 Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -64,6 +64,7 @@ Patch6000:backport-CVE-2023-4408.patch Patch6001:backport-CVE-2023-5517.patch Patch6002:backport-CVE-2023-5679.patch Patch6003:backport-CVE-2023-50387-CVE-2023-50868.patch +Patch6004:backport-fixed-a-possible-reference-leak-in-dns_resolver_crea.patch # Common patches %{?systemd_ordering} @@ -903,6 +904,12 @@ fi; %endif %changelog +* Tue Apr 30 2024 liuh - 32:9.18.21-3 +- Type:Bugfix +- CVE:NA +- SUG:NA +- DESC:fixed a possible reference leak in dns_resolver_create() + * Tue Mar 19 2024 chengyechun - 32:9.18.21-2 - Type:CVE - CVE:CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-50387 CVE-2023-50868