pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/maradns Fix a Denial-of-Service vulnerability in m...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a19c4867d74d
branches: trunk
changeset: 539992:a19c4867d74d
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Wed Mar 19 22:55:21 2008 +0000
description:
Fix a Denial-of-Service vulnerability in maradns version 1.2.12.06
Crafted CNAME entries can be used to DoS MaraDNS without this patch
See CVE-2008-0061 for more details
Approved-by: wiz
diffstat:
net/maradns/Makefile | 3 ++-
net/maradns/distinfo | 3 ++-
net/maradns/patches/patch-am | 34 ++++++++++++++++++++++++++++++++++
3 files changed, 38 insertions(+), 2 deletions(-)
diffs (64 lines):
diff -r 0b9a17be91b3 -r a19c4867d74d net/maradns/Makefile
--- a/net/maradns/Makefile Wed Mar 19 22:47:56 2008 +0000
+++ b/net/maradns/Makefile Wed Mar 19 22:55:21 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2007/08/12 01:14:30 joerg Exp $
+# $NetBSD: Makefile,v 1.20 2008/03/19 22:55:21 tonnerre Exp $
DISTNAME= maradns-1.2.12.06
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= http://www.maradns.org/download/1.2/${DISTNAME:S/maradns-//}/
EXTRACT_SUFX= .tar.bz2
diff -r 0b9a17be91b3 -r a19c4867d74d net/maradns/distinfo
--- a/net/maradns/distinfo Wed Mar 19 22:47:56 2008 +0000
+++ b/net/maradns/distinfo Wed Mar 19 22:55:21 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2007/08/12 01:14:30 joerg Exp $
+$NetBSD: distinfo,v 1.10 2008/03/19 22:55:21 tonnerre Exp $
SHA1 (maradns-1.2.12.06.tar.bz2) = bb94f2bcb612fe6c8f47ef6721051a57840a386e
RMD160 (maradns-1.2.12.06.tar.bz2) = 8c88fd87bff54c0121348e19a5255869622228a6
@@ -12,3 +12,4 @@
SHA1 (patch-aj) = b8c98de240712dad2f396e25bee6b6564a0a6e5e
SHA1 (patch-ak) = f7fe72709a91a74dd6ff841f7155da0bd665162e
SHA1 (patch-al) = 72faa0c34b44fffb49a079e958816692f6c90c5f
+SHA1 (patch-am) = 725e408c7d395d65fe4adc0d3d7e018c2c6a6c17
diff -r 0b9a17be91b3 -r a19c4867d74d net/maradns/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/maradns/patches/patch-am Wed Mar 19 22:55:21 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-am,v 1.1 2008/03/19 22:55:21 tonnerre Exp $
+
+--- server/MaraDNS.c.orig 2007-05-17 06:01:44.000000000 +0200
++++ server/MaraDNS.c
+@@ -636,7 +636,8 @@ int udpsuccess(rr *where, int id, int so
+ is buggy if we round-robin rotate data when we allow more than
+ one additional record to be create per answer/authoritative
+ record. */
+- if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_last != 0) {
++ if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_last != 0
++ && first_rr_type != RR_NS) {
+ /* If it makes sense to do a round-robin rotation, do so.
+ * Make rotate_1st, which was the first record, the last
+ * record; make rotate_2nd, which was the second record,
+@@ -900,7 +901,8 @@ int udpsuccess(rr *where, int id, int so
+ rotate_last = where;
+ where = where->next;
+ /* If it makes sense to do a round-robin rotation, do so */
+- if(where == 0 && rotate_2nd != 0 && max_ar_chain == 1) {
++ if(where == 0 && rotate_2nd != 0 && max_ar_chain == 1
++ && first_rr_type != RR_NS) {
+ /* For records in the cache, we need to make sure that
+ the custodian properly points to the first record
+ in the chain or we will leak memory */
+@@ -1113,7 +1115,8 @@ int add_answer(rr *where,js_string *most
+ is buggy if we round-robin rotate data when we allow more than
+ one additional record to be create per answer/authoritative
+ record. */
+- if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_done == 0) {
++ if(rotate_2nd != 0 && max_ar_chain == 1 && rotate_done == 0
++ && first_rr_type != RR_NS) {
+ rotate_done = 1;
+ /* If it makes sense to do a round-robin rotation */
+ rotate_1st->next = where;
Home |
Main Index |
Thread Index |
Old Index