From 83a481d6d6380b9363c1cc88edd7cd38d39fd536 Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Wed, 22 Feb 2023 03:49:55 +0000
Subject: [PATCH] backport to fix upstream issue #610 #611

---
 ...-overflow-in-sldns_wire2str_pkt_scan.patch | 38 ++++++++++++++++++
 ...fine-shift-in-sldns_str2wire_hip_buf.patch | 39 +++++++++++++++++++
 unbound.spec                                  | 10 ++++-
 3 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
 create mode 100644 backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch

diff --git a/backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch b/backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
new file mode 100644
index 0000000..3c76354
--- /dev/null
+++ b/backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
@@ -0,0 +1,38 @@
+From c29b0e0a96c4d281aef40d69a11c564d6ed1a2c6 Mon Sep 17 00:00:00 2001
+From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
+Date: Thu, 3 Feb 2022 09:03:09 +0100
+Subject: [PATCH] - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
+
+---
+ sldns/wire2str.c | 11 +++++++++++
+ 1 files changed, 11 insertions(+)
+
+diff --git a/sldns/wire2str.c b/sldns/wire2str.c
+index 6a177ec0b..b70efe299 100644
+--- a/sldns/wire2str.c
++++ b/sldns/wire2str.c
+@@ -817,6 +817,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
+ 	unsigned i, counter=0;
+ 	unsigned maxcompr = MAX_COMPRESS_PTRS; /* loop detection, max compr ptrs */
+ 	int in_buf = 1;
++	size_t dname_len = 0;
+ 	if(comprloop) {
+ 		if(*comprloop != 0)
+ 			maxcompr = 30; /* for like ipv6 reverse name, per label */
+@@ -872,6 +873,16 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
+ 			labellen = (uint8_t)*dlen;
+ 		else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
+ 			labellen = (uint8_t)(pkt + pktlen - pos);
++		dname_len += ((size_t)labellen)+1;
++		if(dname_len > LDNS_MAX_DOMAINLEN) {
++			/* dname_len counts the uncompressed length we have
++			 * seen so far, and the domain name has become too
++			 * long, prevent the loop from printing overly long
++			 * content. */
++			w += sldns_str_print(s, slen,
++				"ErrorDomainNameTooLong");
++			return w;
++		}
+ 		for(i=0; i<(unsigned)labellen; i++) {
+ 			w += dname_char_print(s, slen, *pos++);
+ 		}
diff --git a/backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch b/backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch
new file mode 100644
index 0000000..cc7c349
--- /dev/null
+++ b/backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch
@@ -0,0 +1,39 @@
+From 12a1053dfa9f978d875402456c2c836140e9ad47 Mon Sep 17 00:00:00 2001
+From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
+Date: Tue, 25 Jan 2022 08:57:49 +0100
+Subject: [PATCH] - Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
+
+---
+ sldns/str2wire.c | 4 +++-
+ sldns/str2wire.h | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/sldns/str2wire.c b/sldns/str2wire.c
+index 1e57211c1..c61a5964a 100644
+--- a/sldns/str2wire.c
++++ b/sldns/str2wire.c
+@@ -25,8 +25,10 @@
+ #include <netdb.h>
+ #endif
+ 
++/** bits for the offset */
++#define RET_OFFSET_MASK (((unsigned)(~LDNS_WIREPARSE_MASK))>>LDNS_WIREPARSE_SHIFT)
+ /** return an error */
+-#define RET_ERR(e, off) ((int)((e)|((off)<<LDNS_WIREPARSE_SHIFT)))
++#define RET_ERR(e, off) ((int)(((e)&LDNS_WIREPARSE_MASK)|(((off)&RET_OFFSET_MASK)<<LDNS_WIREPARSE_SHIFT)))
+ /** Move parse error but keep its ID */
+ #define RET_ERR_SHIFT(e, move) RET_ERR(LDNS_WIREPARSE_ERROR(e), LDNS_WIREPARSE_OFFSET(e)+(move));
+ 
+diff --git a/sldns/str2wire.h b/sldns/str2wire.h
+index 0c3164989..baee4236f 100644
+--- a/sldns/str2wire.h
++++ b/sldns/str2wire.h
+@@ -187,7 +187,7 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
+ #define LDNS_WIREPARSE_MASK 0x0fff
+ #define LDNS_WIREPARSE_SHIFT 12
+ #define LDNS_WIREPARSE_ERROR(e) ((e)&LDNS_WIREPARSE_MASK)
+-#define LDNS_WIREPARSE_OFFSET(e) (((e)&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT)
++#define LDNS_WIREPARSE_OFFSET(e) ((((unsigned)(e))&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT)
+ /* use lookuptable to get error string, sldns_wireparse_errors */
+ #define LDNS_WIREPARSE_ERR_OK 0
+ #define LDNS_WIREPARSE_ERR_GENERAL 342
diff --git a/unbound.spec b/unbound.spec
index 2ebb668..ffd6aaf 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -2,7 +2,7 @@
 
 Name:          unbound
 Version:       1.13.2
-Release:       6
+Release:       7
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -25,6 +25,8 @@ Patch0:        backport-fix-q-doesnt-work-when-use-with-unbound-control-stats_sh
 Patch1:        unbound-remove-buildin-key.patch
 Patch2:        backport-CVE-2022-30698-and-CVE-2022-30699.patch
 Patch3:        backport-CVE-2022-3204.patch
+Patch4:        backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch
+Patch5:        backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
 
 BuildRequires: make flex swig pkgconfig systemd
 BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@@ -240,6 +242,12 @@ popd
 %{_mandir}/man*
 
 %changelog
+* Wed Feb 22 2023 gaihuiying <eaglegai@163.com> - 1.13.2-7
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport to fix upstream issue #610 #611
+
 * Thu Sep 22 2022 xingwei <xingwei14@h-partners.com> - 1.13.2-6
 - Type:cves
 - CVE:CVE-2022-3204
-- 
Gitee