FreeBSD Mail Archives

Date:      Wed, 6 May 2015 19:59:08 +0000 (UTC)
From:      Renato Botelho <garga@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r385553 - in head/dns/dnsmasq: . files
Message-ID:  <201505061959.t46Jx8Eu099319@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: garga
Date: Wed May  6 19:59:08 2015
New Revision: 385553
URL: https://svnweb.freebsd.org/changeset/ports/385553

Log:
  - Add a patch to fix CVE-2015-3294
  - Bump PORTREVISION
  
  PR:		199999
  Approved by:	mandree@ (maintainer)
  Obtained from:	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
  MFH:		2015Q2
  Security:	CVE-2015-3294
  Sponsored by:	Netgate

Added:
  head/dns/dnsmasq/files/patch-CVE-2015-3294   (contents, props changed)
Modified:
  head/dns/dnsmasq/Makefile

Modified: head/dns/dnsmasq/Makefile
==============================================================================
--- head/dns/dnsmasq/Makefile	Wed May  6 19:48:58 2015	(r385552)
+++ head/dns/dnsmasq/Makefile	Wed May  6 19:59:08 2015	(r385553)
@@ -3,6 +3,7 @@
 
 PORTNAME=	dnsmasq
 DISTVERSION=	2.72
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.thekelleys.org.uk/dnsmasq/ \

Added: head/dns/dnsmasq/files/patch-CVE-2015-3294
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/dnsmasq/files/patch-CVE-2015-3294	Wed May  6 19:59:08 2015	(r385553)
@@ -0,0 +1,36 @@
+X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Frfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 7a07b0c..a995ab5 100644
+--- a/src/rfc1035.c
++++ src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505061959.t46Jx8Eu099319>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation