/[smeserver]/rpms/djbdns/sme9/450-dnscache-ghost-domain-CVE-2012-1191.patch
ViewVC logotype

Annotation of /rpms/djbdns/sme9/450-dnscache-ghost-domain-CVE-2012-1191.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jul 12 04:56:19 2017 UTC (7 years, 4 months ago) by unnilennium
Branch: MAIN
CVS Tags: djbdns-1_05-11_el6_sme, djbdns-1_05-9_el6_sme, djbdns-1_05-10_el6_sme, HEAD
* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme
-- backport SME10 fixes [SME: 10381]
--import patches from openwrt and rename already applied patches
--fix security issues [SME: 10374]
- 020-dnsroots-update.patch: update list of root DNS servers
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
--bug fixes [SME: 10374]
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
--fix issue with short ttl cname like akamaid [SME: 8362]
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
--needed for previous patches to apply cleanly
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
- 080-dnscache-cache-negatives.patch: rfc2308 ? (for 200-*.patch)
- 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
--not backported from SME10 branch
- 050-tinydns-mmap-leak.patch: report cdb leak

1 unnilennium 1.1 # initial patch http://marc.info/?l=djbdns&m=134190748729079&w=2
2     #--- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200
3     #+++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200
4     #@@ -578,6 +578,7 @@
5     # }
6     #
7     # if (!dns_domain_suffix(t1,control)) { i = j; continue; }
8     #+ if (byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) { i = j; continue; }
9     # if (!roots_same(t1,control)) { i = j; continue; }
10     #
11     # if (byte_equal(type,2,DNS_T_ANY))
12     #
13     # alternative http://marc.info/?l=djbdns&m=134219930603966&w=2
14     #--- djbdns-1.05.orig/query.c 2001-02-11 22:11:45.000000000 +0100
15     #+++ djbdns-1.05/query.c 2012-07-13 18:52:16.313862281 +0200
16     #@@ -578,6 +578,7 @@
17     # }
18     #
19     # if (!dns_domain_suffix(t1,control)) { i = j; continue; }
20     #+ if (byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control) && (posauthority <= records[i])) { i = j; continue; } if (!roots_same(t1,control)) { i = j; continue; }
21     # if (byte_equal(type,2,DNS_T_ANY))
22     #
23     #http://marc.info/?l=djbdns&m=134269902121506&w=2
24     # Created 2012 by Peter Conrad <conrad@tivano.de>
25     #
26     # This patch is public domain.
27     #
28     --- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200
29     +++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200
30     @@ -578,6 +578,10 @@
31     }
32    
33     if (!dns_domain_suffix(t1,control)) { i = j; continue; }
34     + if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) {
35     + char dummy[256];
36     + if (!roots(dummy,control)) { i = j; continue; }
37     + }
38     if (!roots_same(t1,control)) { i = j; continue; }
39    
40     if (byte_equal(type,2,DNS_T_ANY))
41    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed