1 |
chutzpah 15/04/28 18:16:54 |
2 |
|
3 |
Added: |
4 |
dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch |
5 |
dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch |
6 |
Log: |
7 |
Revision bump, pull in a couple of crasher fixes from upstream including one that could lead to an information leak (bug #547966). Update dependency on lua to include slot operator. Clean out a couple of old versions. |
8 |
|
9 |
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0xE3F69979BB4B8928DA78E3D17CBF44EF) |
10 |
|
11 |
Revision Changes Path |
12 |
1.1 net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch |
13 |
|
14 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch?rev=1.1&view=markup |
15 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch?rev=1.1&content-type=text/plain |
16 |
|
17 |
Index: dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch |
18 |
=================================================================== |
19 |
commit ad4a8ff7d9097008d7623df8543df435bfddeac8 |
20 |
Author: Simon Kelley <simon@××××××××××××××.uk> |
21 |
Date: Thu Apr 9 21:48:00 2015 +0100 |
22 |
|
23 |
Fix crash on receipt of certain malformed DNS requests. |
24 |
|
25 |
diff --git a/src/rfc1035.c b/src/rfc1035.c |
26 |
index 7a07b0c..a995ab5 100644 |
27 |
--- a/src/rfc1035.c |
28 |
+++ b/src/rfc1035.c |
29 |
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, |
30 |
size_t setup_reply(struct dns_header *header, size_t qlen, |
31 |
struct all_addr *addrp, unsigned int flags, unsigned long ttl) |
32 |
{ |
33 |
- unsigned char *p = skip_questions(header, qlen); |
34 |
+ unsigned char *p; |
35 |
+ |
36 |
+ if (!(p = skip_questions(header, qlen))) |
37 |
+ return 0; |
38 |
|
39 |
/* clear authoritative and truncated flags, set QR flag */ |
40 |
header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; |
41 |
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, |
42 |
SET_RCODE(header, NOERROR); /* empty domain */ |
43 |
else if (flags == F_NXDOMAIN) |
44 |
SET_RCODE(header, NXDOMAIN); |
45 |
- else if (p && flags == F_IPV4) |
46 |
+ else if (flags == F_IPV4) |
47 |
{ /* we know the address */ |
48 |
SET_RCODE(header, NOERROR); |
49 |
header->ancount = htons(1); |
50 |
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, |
51 |
add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); |
52 |
} |
53 |
#ifdef HAVE_IPV6 |
54 |
- else if (p && flags == F_IPV6) |
55 |
+ else if (flags == F_IPV6) |
56 |
{ |
57 |
SET_RCODE(header, NOERROR); |
58 |
header->ancount = htons(1); |
59 |
|
60 |
|
61 |
|
62 |
1.1 net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch |
63 |
|
64 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch?rev=1.1&view=markup |
65 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch?rev=1.1&content-type=text/plain |
66 |
|
67 |
Index: dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch |
68 |
=================================================================== |
69 |
commit 04b0ac05377936d121a36873bb63d492cde292c9 |
70 |
Author: Simon Kelley <simon@××××××××××××××.uk> |
71 |
Date: Mon Apr 6 17:19:13 2015 +0100 |
72 |
|
73 |
Fix crash caused by looking up servers.bind when many servers defined. |
74 |
|
75 |
diff --git a/src/cache.c b/src/cache.c |
76 |
index d7bea57..178d654 100644 |
77 |
--- a/src/cache.c |
78 |
+++ b/src/cache.c |
79 |
@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t) |
80 |
} |
81 |
port = prettyprint_addr(&serv->addr, daemon->addrbuff); |
82 |
lenp = p++; /* length */ |
83 |
- bytes_avail = (p - buff) + bufflen; |
84 |
+ bytes_avail = bufflen - (p - buff ); |
85 |
bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); |
86 |
if (bytes_needed >= bytes_avail) |
87 |
{ |
88 |
@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t) |
89 |
lenp = p - 1; |
90 |
buff = new; |
91 |
bufflen = newlen; |
92 |
- bytes_avail = (p - buff) + bufflen; |
93 |
+ bytes_avail = bufflen - (p - buff ); |
94 |
bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); |
95 |
} |
96 |
*lenp = bytes_needed; |