Add a patch to fix CVE-2015-3294.
Remove myself as maintainer.
This commit is contained in:
roy
parent
f5d3ace1b2
commit
d22b321de9
3 changed files with 49 additions and 4 deletions
|
|
@ -1,11 +1,11 @@
|
|||
# $NetBSD: Makefile,v 1.27 2015/04/22 14:57:22 abs Exp $
|
||||
# $NetBSD: Makefile,v 1.28 2015/04/29 12:53:02 roy Exp $
|
||||
|
||||
DISTNAME= dnsmasq-2.67
|
||||
PKGREVISION= 2
|
||||
PKGREVISION= 3
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/
|
||||
|
||||
MAINTAINER= roy@NetBSD.org
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
HOMEPAGE= http://www.thekelleys.org.uk/dnsmasq/doc.html
|
||||
COMMENT= Lightweight, easy to configure DNS forwarder
|
||||
LICENSE= gnu-gpl-v3
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
$NetBSD: distinfo,v 1.25 2015/04/22 14:57:22 abs Exp $
|
||||
$NetBSD: distinfo,v 1.26 2015/04/29 12:53:02 roy Exp $
|
||||
|
||||
SHA1 (dnsmasq-2.67.tar.gz) = 550c7ea2bef2a74a089c664d95fc52420a8cb726
|
||||
RMD160 (dnsmasq-2.67.tar.gz) = c2f3f9d7978bc9eddbcb77add54acdf3c8103fa8
|
||||
Size (dnsmasq-2.67.tar.gz) = 600838 bytes
|
||||
SHA1 (patch-dnsmasq.conf.example) = 2974c722a26400915037259c79899e8a3e95bf8f
|
||||
SHA1 (patch-src_bpf.c) = 5a355bc116d2853b8e202ea31847a9e36cd000b0
|
||||
SHA1 (patch-src_rfc1035.c) = 3b3a2fa2c83db937f46e4ab2a7e06f0c191f62e9
|
||||
|
|
|
|||
44
net/dnsmasq/patches/patch-src_rfc1035.c
Normal file
44
net/dnsmasq/patches/patch-src_rfc1035.c
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 9 Apr 2015 21:48:00 +0100
|
||||
Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
src/rfc1035.c | 9 ++++++---
|
||||
2 files changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 7a07b0c..a995ab5 100644
|
||||
--- src/rfc1035.c
|
||||
+++ src/rfc1035.c
|
||||
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
|
||||
size_t setup_reply(struct dns_header *header, size_t qlen,
|
||||
struct all_addr *addrp, unsigned int flags, unsigned long ttl)
|
||||
{
|
||||
- unsigned char *p = skip_questions(header, qlen);
|
||||
+ unsigned char *p;
|
||||
+
|
||||
+ if (!(p = skip_questions(header, qlen)))
|
||||
+ return 0;
|
||||
|
||||
/* clear authoritative and truncated flags, set QR flag */
|
||||
header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
|
||||
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
|
||||
SET_RCODE(header, NOERROR); /* empty domain */
|
||||
else if (flags == F_NXDOMAIN)
|
||||
SET_RCODE(header, NXDOMAIN);
|
||||
- else if (p && flags == F_IPV4)
|
||||
+ else if (flags == F_IPV4)
|
||||
{ /* we know the address */
|
||||
SET_RCODE(header, NOERROR);
|
||||
header->ancount = htons(1);
|
||||
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
|
||||
add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
|
||||
}
|
||||
#ifdef HAVE_IPV6
|
||||
- else if (p && flags == F_IPV6)
|
||||
+ else if (flags == F_IPV6)
|
||||
{
|
||||
SET_RCODE(header, NOERROR);
|
||||
header->ancount = htons(1);
|
||||
Loading…
Reference in a new issue