/[smeserver]/rpms/djbdns/sme10/320-bugfix-dnscache-cache-soa-records.patch
ViewVC logotype

Annotation of /rpms/djbdns/sme10/320-bugfix-dnscache-cache-soa-records.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Wed Jul 12 03:39:09 2017 UTC (6 years, 10 months ago) by unnilennium
Branch: MAIN
CVS Tags: djbdns-1_05-10_el7_sme, djbdns-1_05-9_el7_sme, djbdns-1_05-11_el7_sme, HEAD 
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme
--import patches from openwrt and rename already applied patches
--fix security issues [SME: 10374]
- 020-dnsroots-update.patch: update list of root DNS servers
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
--bug fixes [SME: 10374]
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
--fix issue with short ttl cname like akamaid [SME: 8362]
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
--needed for previous patches to apply cleanly
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
- 050-tinydns-mmap-leak.patch: report cdb leak
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
1 unnilennium 1.1 --- a/query.c
2     +++ b/query.c
3     @@ -342,6 +342,29 @@ static int doit(struct query *z,int stat
4     }
5     }
6    
7     + if (typematch(DNS_T_SOA,dtype)) {
8     + byte_copy(key,2,DNS_T_SOA);
9     + cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
10     + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
11     + log_cachedanswer(d,DNS_T_SOA);
12     + if (!rqa(z)) goto DIE;
13     + pos = 0;
14     + while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
15     + pos = dns_packet_getname(cached,cachedlen,pos,&t2);
16     + if (!pos) break;
17     + pos = dns_packet_getname(cached,cachedlen,pos,&t3);
18     + if (!pos) break;
19     + if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
20     + if (!response_addname(t2)) goto DIE;
21     + if (!response_addname(t3)) goto DIE;
22     + if (!response_addbytes(misc,20)) goto DIE;
23     + response_rfinish(RESPONSE_ANSWER);
24     + }
25     + cleanup(z);
26     + return 1;
27     + }
28     + }
29     +
30     if (typematch(DNS_T_A,dtype)) {
31     byte_copy(key,2,DNS_T_A);
32     cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
33     @@ -374,7 +397,7 @@ static int doit(struct query *z,int stat
34     }
35     }
36    
37     - if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
38     + if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
39     byte_copy(key,2,dtype);
40     cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
41     if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
42     @@ -601,15 +624,24 @@ static int doit(struct query *z,int stat
43     else if (byte_equal(type,2,DNS_T_AXFR))
44     ;
45     else if (byte_equal(type,2,DNS_T_SOA)) {
46     + int non_authority = 0;
47     + save_start();
48     while (i < j) {
49     pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
50     pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
51     pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
52     pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
53     - if (records[i] < posauthority)
54     + if (records[i] < posauthority) {
55     log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
56     + save_data(misc,20);
57     + save_data(t2,dns_domain_length(t2));
58     + save_data(t3,dns_domain_length(t3));
59     + non_authority++;
60     + }
61     ++i;
62     }
63     + if (non_authority)
64     + save_finish(DNS_T_SOA,t1,ttl);
65     }
66     else if (byte_equal(type,2,DNS_T_CNAME)) {
67     pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed