Parent Directory
| 
Revision Log
| 
Revision Graph
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme --import patches from openwrt and rename already applied patches --fix security issues [SME: 10374] - 020-dnsroots-update.patch: update list of root DNS servers - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch - 080-dnscache-cache-negatives.patch: rfc2308 ? - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch - 270-dnscache-sigpipe-fix.patch: SIGPIPE - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 --bug fixes [SME: 10374] - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records --fix issue with short ttl cname like akamaid [SME: 8362] - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl - 500-cutom-dnscache-maxloop.patch: set max loop to 200 --needed for previous patches to apply cleanly - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) - 050-tinydns-mmap-leak.patch: report cdb leak - 080-dnscache-cache-negatives.patch: rfc2308 ? - 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
| 1 | unnilennium | 1.1 | --- djbdns-1.05/query.c 2012-08-30 22:14:28.885825918 +0800 |
| 2 | +++ djbdns-1.05-new/query.c 2012-08-30 22:22:23.887727783 +0800 | ||
| 3 | @@ -220,7 +217,7 @@ | ||
| 4 | |||
| 5 | |||
| 6 | NEWNAME: | ||
| 7 | - if (++z->loop == 100) goto DIE; | ||
| 8 | + if (++z->loop == 150) goto DIE; | ||
| 9 | d = z->name[z->level]; | ||
| 10 | dtype = z->level ? DNS_T_A : z->type; | ||
| 11 | dlen = dns_domain_length(d); | ||
| 12 | @@ -489,7 +486,7 @@ | ||
| 13 | |||
| 14 | |||
| 15 | HAVEPACKET: | ||
| 16 | - if (++z->loop == 100) goto DIE; | ||
| 17 | + if (++z->loop == 150) goto DIE; | ||
| 18 | buf = z->qm->dt.packet; | ||
| 19 | len = z->qm->dt.packetlen; | ||
| 20 | |||
| 21 | @@ -722,6 +716,7 @@ | ||
| 22 | alloc_free(records); records = 0; | ||
| 23 | |||
| 24 | if (byte_diff(DNS_T_CNAME,2,dtype)) { | ||
| 25 | + int flagcname = 0; | ||
| 26 | /* This code assumes that the CNAME chain is presented in the correct | ||
| 27 | ** order. The example algorithm in RFC 1034 will actually result in this | ||
| 28 | ** being the case, but the words do not require it to be so. | ||
| 29 | @@ -734,20 +729,29 @@ | ||
| 30 | if (dns_domain_equal(t1,d)) | ||
| 31 | if (byte_equal(header + 2,2,DNS_C_IN)) { /* should always be true */ | ||
| 32 | if (typematch(header,DNS_T_CNAME)) { | ||
| 33 | + flagcname = 1; | ||
| 34 | ttl = ttlget(header + 4); | ||
| 35 | if (z->level == 0) { | ||
| 36 | if (!move_name_to_alias(z,ttl)) goto DIE ; | ||
| 37 | } | ||
| 38 | + if (!dns_domain_copy(&owner_name, control)) goto DIE ; | ||
| 39 | if (!dns_packet_getname(buf,len,pos,&z->name[z->level])) goto DIE; | ||
| 40 | d = z->name[z->level]; | ||
| 41 | - if (!dns_domain_suffix(d,control) || !roots_same(d,control)) | ||
| 42 | + if (!dns_domain_suffix(d,owner_name) || !roots_same(d,owner_name)) { | ||
| 43 | + dns_domain_free(&owner_name); | ||
| 44 | goto NEWNAME ; /* Cannot trust the chain further - restart using current name */ | ||
| 45 | } | ||
| 46 | + control = d + dns_domain_suffixpos(d,owner_name); | ||
| 47 | + z->control[z->level] = control; | ||
| 48 | + dns_domain_free(&owner_name); | ||
| 49 | + } | ||
| 50 | } | ||
| 51 | |||
| 52 | uint16_unpack_big(header + 8,&datalen); | ||
| 53 | pos += datalen; | ||
| 54 | } | ||
| 55 | + if (flagcname != 0) | ||
| 56 | + goto HAVENS; | ||
| 57 | } | ||
| 58 | |||
| 59 | /* A "no such name" error applies to the end of any CNAME chain, not to the start. */ |
| admin@koozali.org | ViewVC Help |
| Powered by ViewVC 1.2.1 |  |