swegener 14/12/18 21:06:24 Added: pdns-recursor-3.6.1-CVE-2014-8601.patch Log: Revision bump for 3.6.1 with patch for security bug #531992. (Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x64D4CF24)
Revision Changes Path 1.1 net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch?rev=1.1&content-type=text/plain Index: pdns-recursor-3.6.1-CVE-2014-8601.patch =================================================================== https://downloads.powerdns.com/patches/2014-02/3.6.1.patch diff --git a/pdns_recursor.cc b/pdns_recursor.cc index f1ef93c..8e43d6e 100644 --- a/pdns_recursor.cc +++ b/pdns_recursor.cc @@ -550,7 +550,14 @@ void startDoResolve(void *p) // if there is a RecursorLua active, and it 'took' the query in preResolve, we don't launch beginResolve if(!t_pdl->get() || !(*t_pdl)->preresolve(dc->d_remote, g_listenSocketsAddresses[dc->d_socket], dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res, &variableAnswer)) { - res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret); + try { + res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret); + } + catch(ImmediateServFailException &e) { + L<<Logger::Error<<"Sending SERVFAIL during resolve of '"<<dc->d_mdp.d_qname<<"' because: "<<e.reason<<endl; + + res = RCode::ServFail; + } if(t_pdl->get()) { if(res == RCode::NoError) { diff --git a/syncres.cc b/syncres.cc index 4dc78b4..d09e44b 100644 --- a/syncres.cc +++ b/syncres.cc @@ -923,6 +923,7 @@ int SyncRes::doResolveAt(set<string, CIStringCompare> nameservers, string auth, } else { s_outqueries++; d_outqueries++; + if(d_outqueries > 50) throw ImmediateServFailException("more than 50 queries sent while resolving "+qname); TryTCP: if(doTCP) { LOG(prefix<<qname<<": using TCP with "<< remoteIP->toStringWithPort() <<endl); diff --git a/syncres.hh b/syncres.hh index 5182527..b22de89 100644 --- a/syncres.hh +++ b/syncres.hh @@ -593,6 +593,13 @@ private: static AtomicCounter s_currentConnections; //!< total number of current TCP connections }; +class ImmediateServFailException +{ +public: + ImmediateServFailException(string r){reason=r;}; + + string reason; //! Print this to tell the user what went wrong +}; struct RemoteKeeper {
