/[smeserver]/rpms/djbdns/sme10/330-fix-dnscache-cname-handling.patch
ViewVC logotype

Annotation of /rpms/djbdns/sme10/330-fix-dnscache-cname-handling.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jul 12 03:39:09 2017 UTC (7 years, 4 months ago) by unnilennium
Branch: MAIN
CVS Tags: djbdns-1_05-10_el7_sme, djbdns-1_05-9_el7_sme, djbdns-1_05-11_el7_sme, HEAD
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme
--import patches from openwrt and rename already applied patches
--fix security issues [SME: 10374]
- 020-dnsroots-update.patch: update list of root DNS servers
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
--bug fixes [SME: 10374]
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
--fix issue with short ttl cname like akamaid [SME: 8362]
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
--needed for previous patches to apply cleanly
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
- 050-tinydns-mmap-leak.patch: report cdb leak
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)

1 unnilennium 1.1 --- djbdns-1.05/query.c 2012-08-30 22:14:28.885825918 +0800
2     +++ djbdns-1.05-new/query.c 2012-08-30 22:22:23.887727783 +0800
3     @@ -220,7 +217,7 @@
4    
5    
6     NEWNAME:
7     - if (++z->loop == 100) goto DIE;
8     + if (++z->loop == 150) goto DIE;
9     d = z->name[z->level];
10     dtype = z->level ? DNS_T_A : z->type;
11     dlen = dns_domain_length(d);
12     @@ -489,7 +486,7 @@
13    
14    
15     HAVEPACKET:
16     - if (++z->loop == 100) goto DIE;
17     + if (++z->loop == 150) goto DIE;
18     buf = z->qm->dt.packet;
19     len = z->qm->dt.packetlen;
20    
21     @@ -722,6 +716,7 @@
22     alloc_free(records); records = 0;
23    
24     if (byte_diff(DNS_T_CNAME,2,dtype)) {
25     + int flagcname = 0;
26     /* This code assumes that the CNAME chain is presented in the correct
27     ** order. The example algorithm in RFC 1034 will actually result in this
28     ** being the case, but the words do not require it to be so.
29     @@ -734,20 +729,29 @@
30     if (dns_domain_equal(t1,d))
31     if (byte_equal(header + 2,2,DNS_C_IN)) { /* should always be true */
32     if (typematch(header,DNS_T_CNAME)) {
33     + flagcname = 1;
34     ttl = ttlget(header + 4);
35     if (z->level == 0) {
36     if (!move_name_to_alias(z,ttl)) goto DIE ;
37     }
38     + if (!dns_domain_copy(&owner_name, control)) goto DIE ;
39     if (!dns_packet_getname(buf,len,pos,&z->name[z->level])) goto DIE;
40     d = z->name[z->level];
41     - if (!dns_domain_suffix(d,control) || !roots_same(d,control))
42     + if (!dns_domain_suffix(d,owner_name) || !roots_same(d,owner_name)) {
43     + dns_domain_free(&owner_name);
44     goto NEWNAME ; /* Cannot trust the chain further - restart using current name */
45     }
46     + control = d + dns_domain_suffixpos(d,owner_name);
47     + z->control[z->level] = control;
48     + dns_domain_free(&owner_name);
49     + }
50     }
51    
52     uint16_unpack_big(header + 8,&datalen);
53     pos += datalen;
54     }
55     + if (flagcname != 0)
56     + goto HAVENS;
57     }
58    
59     /* A "no such name" error applies to the end of any CNAME chain, not to the start. */

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed