diff options
| author | Peter Pentchev <roam@FreeBSD.org> | 2009-03-06 16:20:16 +0000 |
|---|---|---|
| committer | Peter Pentchev <roam@FreeBSD.org> | 2009-03-06 16:20:16 +0000 |
| commit | 12744b2e80aad8bf94dd3a73fcab327131f1f3cd (patch) | |
| tree | 799d4de6c24d12982043d3da664f790e49d942d3 /dns | |
| parent | e0310356272e863b35a1075bf16495b33878bad1 (diff) | |
Fix the AXFR subdomain overwrite vulnerability discovered by
Matthew Dempsky. Also, fix the quoting of the BROKEN messages.
PR: 132366, 132349
Submitted by: Renato Botelho <garga@FreeBSD.org>,
Howard Goldstein <hg@queue.to>
Notes
Notes:
svn path=/head/; revision=229572
Diffstat (limited to 'dns')
| -rw-r--r-- | dns/djbdns/Makefile | 6 | ||||
| -rw-r--r-- | dns/djbdns/files/patch-response.c | 11 |
2 files changed, 14 insertions, 3 deletions
diff --git a/dns/djbdns/Makefile b/dns/djbdns/Makefile index 66401adc90c8..0e42a9f678a6 100644 --- a/dns/djbdns/Makefile +++ b/dns/djbdns/Makefile @@ -7,7 +7,7 @@ PORTNAME?= djbdns PORTVERSION?= ${DJBDNS_VER} -PORTREVISION?= 12 +PORTREVISION?= 13 CATEGORIES?= dns MASTER_SITES= http://cr.yp.to/djbdns/ \ ftp://cr.yp.to/djbdns/ @@ -32,7 +32,7 @@ OPTIONS= DUMPCACHE "persistent cache for dnscache" off \ .if defined(WITH_JUMBO) .if defined(WITH_IPV6) || defined(WITH_IGNOREIP) || defined(WITH_SRV) -BROKEN= "The jumbo patch currently conflicts with the IPv6 and ignoreip2 patches" +BROKEN= The jumbo patch currently conflicts with the IPv6 and ignoreip2 patches .endif PATCH_SITES+= http://www.ro.kde.org/djbdns/mywork/jumbo/:jumbo @@ -69,7 +69,7 @@ EXTRA_PATCHES+= ${FILESDIR}/uint32.patch .if defined(WITH_DUMPCACHE) && !defined(WITH_JUMBO) .if defined(WITH_IPV6) -BROKEN= "The IPv6 and dnscache-dumpcache patches are currently in conflict" +BROKEN= The IPv6 and dnscache-dumpcache patches are currently in conflict .endif PATCH_SITES+= http://efge.free.fr/djbdns/:dumpcache PATCHFILES+= patch-dnscache-dumpcache-v4.txt:dumpcache diff --git a/dns/djbdns/files/patch-response.c b/dns/djbdns/files/patch-response.c new file mode 100644 index 000000000000..8a82a1e4d240 --- /dev/null +++ b/dns/djbdns/files/patch-response.c @@ -0,0 +1,11 @@ +--- response.c.orig 2009-03-06 13:02:27.000000000 -0300 ++++ response.c 2009-03-06 13:03:03.000000000 -0300 +@@ -34,7 +34,7 @@ + uint16_pack_big(buf,49152 + name_ptr[i]); + return response_addbytes(buf,2); + } +- if (dlen <= 128) ++ if ((dlen <= 128) && (response_len < 16384)) + if (name_num < NAMES) { + byte_copy(name[name_num],dlen,d); + name_ptr[name_num] = response_len; |