diff options
author | Renato Botelho <garga@FreeBSD.org> | 2015-05-06 19:59:08 +0000 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2015-05-06 19:59:08 +0000 |
commit | a1a664a4e12d98c3219ff09162921c0ca3bfa87a (patch) | |
tree | c747e031fa1eea2294129e7fd2d464bef6283f36 /dns/dnsmasq | |
parent | c41e917f29285feefde551ec2061c6f0260dd1af (diff) |
- Add a patch to fix CVE-2015-3294
- Bump PORTREVISION
PR: 199999
Approved by: mandree@ (maintainer)
Obtained from: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
MFH: 2015Q2
Security: CVE-2015-3294
Sponsored by: Netgate
Notes
Notes:
svn path=/head/; revision=385553
Diffstat (limited to 'dns/dnsmasq')
-rw-r--r-- | dns/dnsmasq/Makefile | 1 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-CVE-2015-3294 | 36 |
2 files changed, 37 insertions, 0 deletions
diff --git a/dns/dnsmasq/Makefile b/dns/dnsmasq/Makefile index 267cadbd81d2..76a039d4c650 100644 --- a/dns/dnsmasq/Makefile +++ b/dns/dnsmasq/Makefile @@ -3,6 +3,7 @@ PORTNAME= dnsmasq DISTVERSION= 2.72 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= dns ipv6 MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/ \ diff --git a/dns/dnsmasq/files/patch-CVE-2015-3294 b/dns/dnsmasq/files/patch-CVE-2015-3294 new file mode 100644 index 000000000000..37d25d308ccd --- /dev/null +++ b/dns/dnsmasq/files/patch-CVE-2015-3294 @@ -0,0 +1,36 @@ +X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Frfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9 + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 7a07b0c..a995ab5 100644 +--- a/src/rfc1035.c ++++ src/rfc1035.c +@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, + size_t setup_reply(struct dns_header *header, size_t qlen, + struct all_addr *addrp, unsigned int flags, unsigned long ttl) + { +- unsigned char *p = skip_questions(header, qlen); ++ unsigned char *p; ++ ++ if (!(p = skip_questions(header, qlen))) ++ return 0; + + /* clear authoritative and truncated flags, set QR flag */ + header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; +@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + SET_RCODE(header, NOERROR); /* empty domain */ + else if (flags == F_NXDOMAIN) + SET_RCODE(header, NXDOMAIN); +- else if (p && flags == F_IPV4) ++ else if (flags == F_IPV4) + { /* we know the address */ + SET_RCODE(header, NOERROR); + header->ancount = htons(1); +@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); + } + #ifdef HAVE_IPV6 +- else if (p && flags == F_IPV6) ++ else if (flags == F_IPV6) + { + SET_RCODE(header, NOERROR); + header->ancount = htons(1); |