From 22a98bd7aa1a829cdeacdbc8ee7f1585cc21f19a Mon Sep 17 00:00:00 2001 From: sthen Date: Mon, 11 Mar 2024 16:35:48 +0000 Subject: [PATCH] apply https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-1931.diff to unbound, fixing an indefinite loop that could be triggered by a client against an unbound server where the (non-default) configuration "ede: yes" is used. https://nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt ok florian@ --- usr.sbin/unbound/util/data/msgencode.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/usr.sbin/unbound/util/data/msgencode.c b/usr.sbin/unbound/util/data/msgencode.c index a170eb7b8a6..93423f985bd 100644 --- a/usr.sbin/unbound/util/data/msgencode.c +++ b/usr.sbin/unbound/util/data/msgencode.c @@ -886,6 +886,9 @@ ede_trim_text(struct edns_option** list) curr->opt_len = 2; prev = curr; curr = curr->next; + } else { + prev = curr; + curr = curr->next; } } else { /* continue */ -- 2.20.1