From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Mar 5 23:20:02 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD5CB1065670 for ; Thu, 5 Mar 2009 23:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9215F8FC1E for ; Thu, 5 Mar 2009 23:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n25NK2Xe024914 for ; Thu, 5 Mar 2009 23:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n25NK2CR024913; Thu, 5 Mar 2009 23:20:02 GMT (envelope-from gnats) Resent-Date: Thu, 5 Mar 2009 23:20:02 GMT Resent-Message-Id: <200903052320.n25NK2CR024913@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Howard Goldstein Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA48F106564A for ; Thu, 5 Mar 2009 23:14:03 +0000 (UTC) (envelope-from hg@cally.queue.to) Received: from pickle.queue.to (pickle.queue.to [71.180.69.18]) by mx1.freebsd.org (Postfix) with ESMTP id 80AE88FC08 for ; Thu, 5 Mar 2009 23:14:03 +0000 (UTC) (envelope-from hg@cally.queue.to) Received: (qmail 61969 invoked from network); 5 Mar 2009 17:47:21 -0500 Received: from cally.queue.to (172.16.0.6) by with ESMTP; 5 Mar 2009 17:47:21 -0500 Received: (qmail 99423 invoked by uid 1000); 5 Mar 2009 17:47:21 -0500 Message-Id: <20090305224721.99422.qmail@cally.queue.to> Date: 5 Mar 2009 17:47:21 -0500 From: Howard Goldstein To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/132349: dns/djbdns (PATCH) dns/djbdns authority poisoning X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 23:20:03 -0000 >Number: 132349 >Category: ports >Synopsis: dns/djbdns (PATCH) dns/djbdns authority poisoning >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 05 23:20:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Howard Goldstein >Release: FreeBSD 7.1-STABLE i386 >Organization: >Environment: System: FreeBSD cally.queue.to 7.1-STABLE FreeBSD 7.1-STABLE #0: Mon Feb 16 12:31:40 EST 2009 hg@cally.queue.to:/usr/obj/usr/src/sys/CALLY i386 >Description: Dempsky reports and DJB confirms authority poisoning vulnerability in some tinydns/axfrdns configurations. See for ex. http://article.gmane.org/gmane.comp.security.bugtraq/39157 Maintainer, please update. Thanks! >How-To-Repeat: See Dempsky's bugtraq email >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # dns/djbdns/files/patch-dempsky.response-boundsck # echo x - dns/djbdns/files/patch-dempsky.response-boundsck sed 's/^X//' >dns/djbdns/files/patch-dempsky.response-boundsck << 'aa16f48be84c6056ed15e3d3ca7179c8' X--- response.c.orig 2001-02-11 16:11:45.000000000 -0500 X+++ response.c 2009-03-05 17:15:10.000000000 -0500 X@@ -34,7 +34,7 @@ X uint16_pack_big(buf,49152 + name_ptr[i]); X return response_addbytes(buf,2); X } X- if (dlen <= 128) X+ if ((dlen <= 128) && (response_len < 16384)) X if (name_num < NAMES) { X byte_copy(name[name_num],dlen,d); X name_ptr[name_num] = response_len; aa16f48be84c6056ed15e3d3ca7179c8 exit >Release-Note: >Audit-Trail: >Unformatted: