kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to

Browse source 
mailformed queries instead of just dropping them (as this facilitates
DNS spoofing attacks).  Bump PKGREVISION.
This commit is contained in:
ghen 2008-08-11 13:59:48 +00:00
parent ca45f34be7
commit d1485c64c0
3 changed files with 26 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
net/powerdns/Makefile
View file

@ -1,11 +1,11 @@
# $NetBSD: Makefile,v 1.3 2008/01/30 22:36:14 heinz Exp $
# $NetBSD: Makefile,v 1.4 2008/08/11 13:59:48 ghen Exp $
PKG_DESTDIR_SUPPORT= user-destdir
.include "Makefile.common"
PKGNAME= ${DISTNAME:S/pdns/powerdns/}
PKGREVISION= 1
PKGREVISION= 2
COMMENT= Modern, advanced and high performance nameserver
CONFIGURE_ARGS+= --with-modules="geo"

3
net/powerdns/distinfo
View file

@ -1,7 +1,8 @@
$NetBSD: distinfo,v 1.2 2007/05/09 08:05:24 ghen Exp $
$NetBSD: distinfo,v 1.3 2008/08/11 13:59:48 ghen Exp $
SHA1 (pdns-2.9.21.tar.gz) = 2b86e4b44ef43db308c62e32b10ed0d5221a45c9
RMD160 (pdns-2.9.21.tar.gz) = ed53de20a4e660ab2537b3c888b0a85225764a51
Size (pdns-2.9.21.tar.gz) = 991071 bytes
SHA1 (patch-aa) = 034845af3a9b66f57e482e3b43e43b61c17f51ab
SHA1 (patch-ab) = d47887faff80330122ccf1cfd047c11e114c1153
SHA1 (patch-ac) = aa7387cd9c283810d41d6097ecfbe6e688621432

22
net/powerdns/patches/patch-ac Normal file
View file

@ -0,0 +1,22 @@
$NetBSD: patch-ac,v 1.1 2008/08/11 13:59:48 ghen Exp $
Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
mailformed queries instead of just dropping them (as this facilitates
DNS spoofing attacks).
--- pdns/packethandler.cc.orig 2007-04-21 15:56:36.000000000 +0200
+++ pdns/packethandler.cc
@@ -576,9 +576,11 @@ DNSPacket *PacketHandler::questionOrRecu
if(!validDNSName(p->qdomain)) {
if(arg().mustDo("log-dns-details"))
- L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': dropping"<<endl;
+ L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': sending servfail"<<endl;
S.inc("corrupt-packets");
- return 0;
+ r=p->replyPacket();
+ r->setRcode(RCode::ServFail);
+ return r;
}
if(p->d.opcode) { // non-zero opcode (again thanks RA!)
if(p->d.opcode==Opcode::Update) {