File bsc1185382_CVE-2019-25031_f8875527.patch of Package unbound.22509
From f887552763477a606a9608b0f6b498685e0f6587 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 12:02:19 +0100
Subject: [PATCH] - Fix Config Injection in create_unbound_ad_servers.sh,
reported by X41 D-Sec.
---
contrib/create_unbound_ad_servers.sh | 7 +++++--
doc/Changelog | 2 ++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git contrib/create_unbound_ad_servers.sh contrib/create_unbound_ad_servers.sh
index d31f078b..49fdbffe 100644
--- contrib/create_unbound_ad_servers.sh
+++ contrib/create_unbound_ad_servers.sh
@@ -9,12 +9,13 @@
# Variables
dst_dir="/etc/opt/csw/unbound"
work_dir="/tmp"
-list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
+list_addr="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
# OS commands
CAT=`which cat`
ECHO=`which echo`
WGET=`which wget`
+TR=`which tr`
# Check Wget installed
if [ ! -f $WGET ]; then
@@ -22,8 +23,10 @@ if [ ! -f $WGET ]; then
exit 1
fi
+# remove special characters with tr to protect unbound.conf
$WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \
$CAT $work_dir/yoyo_ad_servers | \
+$TR -d '";$\\' | \
while read line ; \
do \
$ECHO "local-zone: \"$line\" redirect" ;\
@@ -36,4 +39,4 @@ echo "Done."
# the unbound_ad_servers file:
#
# include: $dst_dir/unbound_ad_servers
-#
\ No newline at end of file
+#
|diff --git doc/Changelog doc/Changelog
|index e6562e98..a4f6d873 100644
|--- doc/Changelog
|+++ doc/Changelog
|@@ -12,6 +12,8 @@
| reported by X41 D-Sec.
| - Fix Out-of-Bounds Read in dname_valid(),
| reported by X41 D-Sec.
|+ - Fix Config Injection in create_unbound_ad_servers.sh,
|+ reported by X41 D-Sec.
|
| 19 November 2019: Wouter
| - Fix CVE-2019-18934, shell execution in ipsecmod.
--
2.26.2
