From 1504f7ed10491b954a71940ad8380fb56894b312 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Thu, 4 Jan 2024 14:43:38 +0000
Subject: [PATCH] fix CVE-2022-2795,CVE-2022-38177 and CVE-2022-38178

(cherry picked from commit aba4b1f8fc588c440169d90ef983c26579656441)
---
 backport-CVE-2022-2795.patch  | 46 +++++++++++++++++++++++++++++++++++
 backport-CVE-2022-38177.patch | 21 ++++++++++++++++
 backport-CVE-2022-38178.patch | 21 ++++++++++++++++
 dhcp.spec                     | 11 ++++++++-
 4 files changed, 98 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-2795.patch
 create mode 100644 backport-CVE-2022-38177.patch
 create mode 100644 backport-CVE-2022-38178.patch

diff --git a/backport-CVE-2022-2795.patch b/backport-CVE-2022-2795.patch
new file mode 100644
index 0000000..239c28e
--- /dev/null
+++ b/backport-CVE-2022-2795.patch
@@ -0,0 +1,46 @@
+Reference:http://downloads.isc.org/isc/bind/9.16.33/patches/0001-CVE-2022-2795.patch
+---
+ bind/bind-9.11.14/lib/dns/resolver.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/bind/bind-9.11.14/lib/dns/resolver.c b/bind/bind-9.11.14/lib/dns/resolver.c
+index 45faf19..8334005 100644
+--- a/bind/bind-9.11.14/lib/dns/resolver.c
++++ b/bind/bind-9.11.14/lib/dns/resolver.c
+@@ -173,6 +173,13 @@
+ #define DEFAULT_MAX_QUERIES 75
+ #endif
+ 
++/*
++ * IP address lookups are performed for at most NS_PROCESSING_LIMIT NS RRs in
++ * any NS RRset encountered, to avoid excessive resource use while processing
++ * large delegations.
++ */
++#define NS_PROCESSING_LIMIT 20
++
+ /* Number of hash buckets for zone counters */
+ #ifndef RES_DOMAIN_BUCKETS
+ #define RES_DOMAIN_BUCKETS	523
+@@ -3273,6 +3280,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
+ 	dns_rdata_ns_t ns;
+ 	bool need_alternate = false;
+ 	bool all_spilled = true;
++	unsigned int ns_processed = 0;
+ 
+ 	FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
+ 
+@@ -3452,6 +3460,11 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
+ 
+ 		dns_rdata_reset(&rdata);
+ 		dns_rdata_freestruct(&ns);
++
++		if (++ns_processed >= NS_PROCESSING_LIMIT) {
++			result = ISC_R_NOMORE;
++			break;
++		}
+ 	}
+ 	if (result != ISC_R_NOMORE)
+ 		return (result);
+-- 
+2.33.0
+
diff --git a/backport-CVE-2022-38177.patch b/backport-CVE-2022-38177.patch
new file mode 100644
index 0000000..16d5be2
--- /dev/null
+++ b/backport-CVE-2022-38177.patch
@@ -0,0 +1,21 @@
+Reference:http://downloads.isc.org/isc/bind/9.16.33/patches/0003-CVE-2022-38177.patch
+---
+ bind/bind-9.11.14/lib/dns/opensslecdsa_link.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bind/bind-9.11.14/lib/dns/opensslecdsa_link.c b/bind/bind-9.11.14/lib/dns/opensslecdsa_link.c
+index 83b5b51..7576e04 100644
+--- a/bind/bind-9.11.14/lib/dns/opensslecdsa_link.c
++++ b/bind/bind-9.11.14/lib/dns/opensslecdsa_link.c
+@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
+ 		siglen = DNS_SIG_ECDSA384SIZE;
+ 
+ 	if (sig->length != siglen)
+-		return (DST_R_VERIFYFAILURE);
++		DST_RET(DST_R_VERIFYFAILURE);
+ 
+ 	if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
+ 		DST_RET (dst__openssl_toresult3(dctx->category,
+-- 
+2.33.0
+
diff --git a/backport-CVE-2022-38178.patch b/backport-CVE-2022-38178.patch
new file mode 100644
index 0000000..37c7649
--- /dev/null
+++ b/backport-CVE-2022-38178.patch
@@ -0,0 +1,21 @@
+Reference:http://downloads.isc.org/isc/bind/9.16.33/patches/0004-CVE-2022-38178.patch
+---
+ bind/bind-9.11.14/lib/dns/openssleddsa_link.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bind/bind-9.11.14/lib/dns/openssleddsa_link.c b/bind/bind-9.11.14/lib/dns/openssleddsa_link.c
+index 8b115ec..4f3c2a8 100644
+--- a/bind/bind-9.11.14/lib/dns/openssleddsa_link.c
++++ b/bind/bind-9.11.14/lib/dns/openssleddsa_link.c
+@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
+ 		siglen = DNS_SIG_ED448SIZE;
+ 
+ 	if (sig->length != siglen)
+-		return (DST_R_VERIFYFAILURE);
++		DST_RET(DST_R_VERIFYFAILURE);
+ 
+ 	isc_buffer_usedregion(buf, &tbsreg);
+ 
+-- 
+2.33.0
+
diff --git a/dhcp.spec b/dhcp.spec
index ef73402..99f62ad 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -3,7 +3,7 @@
 
 Name:      dhcp
 Version:   4.4.2
-Release:   9
+Release:   10
 Summary:   Dynamic host configuration protocol software
 #Please don't change the epoch on this package
 Epoch:     12
@@ -60,6 +60,9 @@ Patch39: backport-Fix-CVE-2021-25219.patch
 Patch40: backport-Fix-CVE-2021-25220.patch
 Patch41: backport-Fix-CVE-2022-2928.patch
 Patch42: backport-Fix-CVE-2022-2929.patch
+Patch43: backport-CVE-2022-2795.patch
+Patch44: backport-CVE-2022-38177.patch
+Patch45: backport-CVE-2022-38178.patch
 
 BuildRequires: gcc autoconf automake libtool openldap-devel krb5-devel libcap-ng-devel bind-export-devel
 BuildRequires: systemd systemd-devel
@@ -301,6 +304,12 @@ exit 0
 %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Thu Jan 4 2024 renmingshuai <renmingshuai@huawei.com> - 12:4.4.2-10
+- Type:CVE
+- ID:CVE-2022-2795,CVE-2022-38177,CVE-2022-38178
+- SUG:restart
+- DESC:fix CVE-2022-2795,CVE-2022-38177 and CVE-2022-38178
+
 * Mon Oct 17 2022 renmingshuai <renmingshuai@huawei.com> - 12:4.4.2-9
 - Type:cves
 - ID:CVE-2022-2928, CVE-2022-2929
-- 
Gitee