chutzpah 15/04/28 18:16:54 Added: dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch Log: Revision bump, pull in a couple of crasher fixes from upstream including one that could lead to an information leak (bug #547966). Update dependency on lua to include slot operator. Clean out a couple of old versions. (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0xE3F69979BB4B8928DA78E3D17CBF44EF)
Revision Changes Path 1.1 net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch?rev=1.1&content-type=text/plain Index: dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch =================================================================== commit ad4a8ff7d9097008d7623df8543df435bfddeac8 Author: Simon Kelley <si...@thekelleys.org.uk> Date: Thu Apr 9 21:48:00 2015 +0100 Fix crash on receipt of certain malformed DNS requests. diff --git a/src/rfc1035.c b/src/rfc1035.c index 7a07b0c..a995ab5 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, size_t setup_reply(struct dns_header *header, size_t qlen, struct all_addr *addrp, unsigned int flags, unsigned long ttl) { - unsigned char *p = skip_questions(header, qlen); + unsigned char *p; + + if (!(p = skip_questions(header, qlen))) + return 0; /* clear authoritative and truncated flags, set QR flag */ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; @@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, SET_RCODE(header, NOERROR); /* empty domain */ else if (flags == F_NXDOMAIN) SET_RCODE(header, NXDOMAIN); - else if (p && flags == F_IPV4) + else if (flags == F_IPV4) { /* we know the address */ SET_RCODE(header, NOERROR); header->ancount = htons(1); @@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); } #ifdef HAVE_IPV6 - else if (p && flags == F_IPV6) + else if (flags == F_IPV6) { SET_RCODE(header, NOERROR); header->ancount = htons(1); 1.1 net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch?rev=1.1&content-type=text/plain Index: dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch =================================================================== commit 04b0ac05377936d121a36873bb63d492cde292c9 Author: Simon Kelley <si...@thekelleys.org.uk> Date: Mon Apr 6 17:19:13 2015 +0100 Fix crash caused by looking up servers.bind when many servers defined. diff --git a/src/cache.c b/src/cache.c index d7bea57..178d654 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t) } port = prettyprint_addr(&serv->addr, daemon->addrbuff); lenp = p++; /* length */ - bytes_avail = (p - buff) + bufflen; + bytes_avail = bufflen - (p - buff ); bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); if (bytes_needed >= bytes_avail) { @@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t) lenp = p - 1; buff = new; bufflen = newlen; - bytes_avail = (p - buff) + bufflen; + bytes_avail = bufflen - (p - buff ); bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); } *lenp = bytes_needed;