/[smeserver]/rpms/djbdns/sme9/320-bugfix-dnscache-cache-soa-records.patch
ViewVC logotype

Contents of /rpms/djbdns/sme9/320-bugfix-dnscache-cache-soa-records.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download)
Wed Jul 12 04:56:19 2017 UTC (7 years, 3 months ago) by unnilennium
Branch: MAIN
CVS Tags: djbdns-1_05-11_el6_sme, djbdns-1_05-9_el6_sme, djbdns-1_05-10_el6_sme, HEAD 
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme
-- backport SME10 fixes [SME: 10381]
--import patches from openwrt and rename already applied patches
--fix security issues [SME: 10374]
- 020-dnsroots-update.patch: update list of root DNS servers
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
--bug fixes [SME: 10374]
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
--fix issue with short ttl cname like akamaid [SME: 8362]
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
--needed for previous patches to apply cleanly
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
- 080-dnscache-cache-negatives.patch: rfc2308 ? (for 200-*.patch)
- 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
--not backported from SME10 branch
- 050-tinydns-mmap-leak.patch: report cdb leak
1 --- a/query.c
2 +++ b/query.c
3 @@ -342,6 +342,29 @@ static int doit(struct query *z,int stat
4 }
5 }
6
7 + if (typematch(DNS_T_SOA,dtype)) {
8 + byte_copy(key,2,DNS_T_SOA);
9 + cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
10 + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
11 + log_cachedanswer(d,DNS_T_SOA);
12 + if (!rqa(z)) goto DIE;
13 + pos = 0;
14 + while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
15 + pos = dns_packet_getname(cached,cachedlen,pos,&t2);
16 + if (!pos) break;
17 + pos = dns_packet_getname(cached,cachedlen,pos,&t3);
18 + if (!pos) break;
19 + if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
20 + if (!response_addname(t2)) goto DIE;
21 + if (!response_addname(t3)) goto DIE;
22 + if (!response_addbytes(misc,20)) goto DIE;
23 + response_rfinish(RESPONSE_ANSWER);
24 + }
25 + cleanup(z);
26 + return 1;
27 + }
28 + }
29 +
30 if (typematch(DNS_T_A,dtype)) {
31 byte_copy(key,2,DNS_T_A);
32 cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
33 @@ -374,7 +397,7 @@ static int doit(struct query *z,int stat
34 }
35 }
36
37 - if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
38 + if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
39 byte_copy(key,2,dtype);
40 cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
41 if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
42 @@ -601,15 +624,24 @@ static int doit(struct query *z,int stat
43 else if (byte_equal(type,2,DNS_T_AXFR))
44 ;
45 else if (byte_equal(type,2,DNS_T_SOA)) {
46 + int non_authority = 0;
47 + save_start();
48 while (i < j) {
49 pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
50 pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
51 pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
52 pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
53 - if (records[i] < posauthority)
54 + if (records[i] < posauthority) {
55 log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
56 + save_data(misc,20);
57 + save_data(t2,dns_domain_length(t2));
58 + save_data(t3,dns_domain_length(t3));
59 + non_authority++;
60 + }
61 ++i;
62 }
63 + if (non_authority)
64 + save_finish(DNS_T_SOA,t1,ttl);
65 }
66 else if (byte_equal(type,2,DNS_T_CNAME)) {
67 pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed