summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch')
-rw-r--r--net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch
new file mode 100644
index 000000000000..9230e7583ddd
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch
@@ -0,0 +1,70 @@
+diff --git a/query.c b/query.c
+index 46cdc00..4574e97 100644
+--- a/query.c
++++ b/query.c
+@@ -319,6 +319,29 @@ static int doit(struct query *z,int state)
+ }
+ }
+
++ if (typematch(DNS_T_SOA,dtype)) {
++ byte_copy(key,2,DNS_T_SOA);
++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
++ log_cachedanswer(d,DNS_T_SOA);
++ if (!rqa(z)) goto DIE;
++ pos = 0;
++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
++ pos = dns_packet_getname(cached,cachedlen,pos,&t2);
++ if (!pos) break;
++ pos = dns_packet_getname(cached,cachedlen,pos,&t3);
++ if (!pos) break;
++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
++ if (!response_addname(t2)) goto DIE;
++ if (!response_addname(t3)) goto DIE;
++ if (!response_addbytes(misc,20)) goto DIE;
++ response_rfinish(RESPONSE_ANSWER);
++ }
++ cleanup(z);
++ return 1;
++ }
++ }
++
+ if (typematch(DNS_T_A,dtype)) {
+ byte_copy(key,2,DNS_T_A);
+ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+@@ -351,7 +374,7 @@ static int doit(struct query *z,int state)
+ }
+ }
+
+- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
+ byte_copy(key,2,dtype);
+ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
+@@ -585,15 +608,24 @@ static int doit(struct query *z,int state)
+ else if (byte_equal(type,2,DNS_T_AXFR))
+ ;
+ else if (byte_equal(type,2,DNS_T_SOA)) {
++ int non_authority = 0;
++ save_start();
+ while (i < j) {
+ pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
+ pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
+ pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
+ pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
+- if (records[i] < posauthority)
++ if (records[i] < posauthority) {
+ log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
++ save_data(misc,20);
++ save_data(t2,dns_domain_length(t2));
++ save_data(t3,dns_domain_length(t3));
++ non_authority++;
++ }
+ ++i;
+ }
++ if (non_authority)
++ save_finish(DNS_T_SOA,t1,ttl);
+ }
+ else if (byte_equal(type,2,DNS_T_CNAME)) {
+ pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
+