diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-03-19 22:55:21 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-03-19 22:55:21 +0000 |
commit | fc39e60feab8de6b55b65c4c6a056d2ab93475d3 (patch) | |
tree | a2d12be7290a5629a37a3d4b45c224fb107630ea /net | |
parent | 59c4b873a4a15b05ed1e424baa886284523d6302 (diff) | |
download | pkgsrc-fc39e60feab8de6b55b65c4c6a056d2ab93475d3.tar.gz |
Fix a Denial-of-Service vulnerability in maradns version 1.2.12.06
Crafted CNAME entries can be used to DoS MaraDNS without this patch
See CVE-2008-0061 for more details
Approved-by: wiz
Diffstat (limited to 'net')
-rw-r--r-- | net/maradns/Makefile | 3 | ||||
-rw-r--r-- | net/maradns/distinfo | 3 | ||||
-rw-r--r-- | net/maradns/patches/patch-am | 34 |
3 files changed, 38 insertions, 2 deletions
diff --git a/net/maradns/Makefile b/net/maradns/Makefile index 0c65f2edde8..6d322f90a57 100644 --- a/net/maradns/Makefile +++ b/net/maradns/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.19 2007/08/12 01:14:30 joerg Exp $ +# $NetBSD: Makefile,v 1.20 2008/03/19 22:55:21 tonnerre Exp $ DISTNAME= maradns-1.2.12.06 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= http://www.maradns.org/download/1.2/${DISTNAME:S/maradns-//}/ EXTRACT_SUFX= .tar.bz2 diff --git a/net/maradns/distinfo b/net/maradns/distinfo index c8181482ffe..0a8b1cc0e05 100644 --- a/net/maradns/distinfo +++ b/net/maradns/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.9 2007/08/12 01:14:30 joerg Exp $ +$NetBSD: distinfo,v 1.10 2008/03/19 22:55:21 tonnerre Exp $ SHA1 (maradns-1.2.12.06.tar.bz2) = bb94f2bcb612fe6c8f47ef6721051a57840a386e RMD160 (maradns-1.2.12.06.tar.bz2) = 8c88fd87bff54c0121348e19a5255869622228a6 @@ -12,3 +12,4 @@ SHA1 (patch-ai) = 7bf925bef4d0b9682af9ccea8779bab686987e2d SHA1 (patch-aj) = b8c98de240712dad2f396e25bee6b6564a0a6e5e SHA1 (patch-ak) = f7fe72709a91a74dd6ff841f7155da0bd665162e SHA1 (patch-al) = 72faa0c34b44fffb49a079e958816692f6c90c5f +SHA1 (patch-am) = 725e408c7d395d65fe4adc0d3d7e018c2c6a6c17 diff --git a/net/maradns/patches/patch-am b/net/maradns/patches/patch-am new file mode 100644 index 00000000000..d8a18143c53 --- /dev/null +++ b/net/maradns/patches/patch-am @@ -0,0 +1,34 @@ +$NetBSD: patch-am,v 1.1 2008/03/19 22:55:21 tonnerre Exp $ + +--- server/MaraDNS.c.orig 2007-05-17 06:01:44.000000000 +0200 ++++ server/MaraDNS.c +@@ -636,7 +636,8 @@ int udpsuccess(rr *where, int id, int so + is buggy if we round-robin rotate data when we allow more than + one additional record to be create per answer/authoritative + record. */ +- if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_last != 0) { ++ if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_last != 0 ++ && first_rr_type != RR_NS) { + /* If it makes sense to do a round-robin rotation, do so. + * Make rotate_1st, which was the first record, the last + * record; make rotate_2nd, which was the second record, +@@ -900,7 +901,8 @@ int udpsuccess(rr *where, int id, int so + rotate_last = where; + where = where->next; + /* If it makes sense to do a round-robin rotation, do so */ +- if(where == 0 && rotate_2nd != 0 && max_ar_chain == 1) { ++ if(where == 0 && rotate_2nd != 0 && max_ar_chain == 1 ++ && first_rr_type != RR_NS) { + /* For records in the cache, we need to make sure that + the custodian properly points to the first record + in the chain or we will leak memory */ +@@ -1113,7 +1115,8 @@ int add_answer(rr *where,js_string *most + is buggy if we round-robin rotate data when we allow more than + one additional record to be create per answer/authoritative + record. */ +- if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_done == 0) { ++ if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_done == 0 ++ && first_rr_type != RR_NS) { + rotate_done = 1; + /* If it makes sense to do a round-robin rotation */ + rotate_1st->next = where; |