chutzpah 15/04/28 18:16:54
Added:
dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch
dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch
Log:
Revision bump, pull in a couple of crasher fixes from upstream including one
that could lead to an information leak (bug #547966). Update dependency on lua
to include slot operator. Clean out a couple of old versions.
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key
0xE3F69979BB4B8928DA78E3D17CBF44EF)
Revision Changes Path
1.1
net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch?rev=1.1&content-type=text/plain
Index: dnsmasq-2.72-Fix-crash-on-receipt-of-certain-malformed-DNS-requests.patch
===================================================================
commit ad4a8ff7d9097008d7623df8543df435bfddeac8
Author: Simon Kelley <si...@thekelleys.org.uk>
Date: Thu Apr 9 21:48:00 2015 +0100
Fix crash on receipt of certain malformed DNS requests.
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 7a07b0c..a995ab5 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header,
size_t qlen, char *name,
size_t setup_reply(struct dns_header *header, size_t qlen,
struct all_addr *addrp, unsigned int flags, unsigned long ttl)
{
- unsigned char *p = skip_questions(header, qlen);
+ unsigned char *p;
+
+ if (!(p = skip_questions(header, qlen)))
+ return 0;
/* clear authoritative and truncated flags, set QR flag */
header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
SET_RCODE(header, NOERROR); /* empty domain */
else if (flags == F_NXDOMAIN)
SET_RCODE(header, NXDOMAIN);
- else if (p && flags == F_IPV4)
+ else if (flags == F_IPV4)
{ /* we know the address */
SET_RCODE(header, NOERROR);
header->ancount = htons(1);
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p,
ttl, NULL, T_A, C_IN, "4", addrp);
}
#ifdef HAVE_IPV6
- else if (p && flags == F_IPV6)
+ else if (flags == F_IPV6)
{
SET_RCODE(header, NOERROR);
header->ancount = htons(1);
1.1
net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch?rev=1.1&content-type=text/plain
Index:
dnsmasq-2.72-Fix-crash-caused-by-looking-up-servers.bind-when-many-servers-defined.patch
===================================================================
commit 04b0ac05377936d121a36873bb63d492cde292c9
Author: Simon Kelley <si...@thekelleys.org.uk>
Date: Mon Apr 6 17:19:13 2015 +0100
Fix crash caused by looking up servers.bind when many servers defined.
diff --git a/src/cache.c b/src/cache.c
index d7bea57..178d654 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t)
}
port = prettyprint_addr(&serv->addr, daemon->addrbuff);
lenp = p++; /* length */
- bytes_avail = (p - buff) + bufflen;
+ bytes_avail = bufflen - (p - buff );
bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u",
daemon->addrbuff, port, queries, failed_queries);
if (bytes_needed >= bytes_avail)
{
@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t)
lenp = p - 1;
buff = new;
bufflen = newlen;
- bytes_avail = (p - buff) + bufflen;
+ bytes_avail = bufflen - (p - buff );
bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u",
daemon->addrbuff, port, queries, failed_queries);
}
*lenp = bytes_needed;
