Fix CVE2008-4392

Package-Manager: portage-2.1.6.4/cvs/Linux 2.6.28.4 x86_64
author: René Nussbaumer <killerfox@gentoo.org> 2009-03-01 09:40:26 +0000
committer: René Nussbaumer <killerfox@gentoo.org> 2009-03-01 09:40:26 +0000
commit: c514b45567c842a87cbf62a8298fc02adbfa4855 (patch)
tree: b5483452c0d6ed568784f3bc627364544b320337 /net-dns/djbdns
parent: Add id3tag USE flag to alsaplayer (and patch configure.ac accordingly). Reso... (diff)
download: historical-c514b45567c842a87cbf62a8298fc02adbfa4855.tar.gz
historical-c514b45567c842a87cbf62a8298fc02adbfa4855.tar.bz2
historical-c514b45567c842a87cbf62a8298fc02adbfa4855.zip
5 files changed, 555 insertions, 13 deletions
diff --git a/net-dns/djbdns/ChangeLog b/net-dns/djbdns/ChangeLog
index 3abdb2f2b76e..e55d5118861b 100644
--- a/net-dns/djbdns/ChangeLog
+++ b/net-dns/djbdns/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-dns/djbdns
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.101 2008/11/17 21:17:08 flameeyes Exp $
+# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.102 2009/03/01 09:40:26 killerfox Exp $
+
+*djbdns-1.05-r22 (01 Mar 2009)
+
+  01 Mar 2009; René Nussbaumer <killerfox@gentoo.org>
+  +files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch,
+  +files/CVE2008-4392_0002-dnscache-cache-soa-records.patch,
+  +djbdns-1.05-r22.ebuild:
+  Fix CVE2008-4392
 
   17 Nov 2008; Diego E. Pettenò <flameeyes@gentoo.org>
   files/headtail.patch:
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
index 58434412ae70..c9a539fb0461 100644
--- a/net-dns/djbdns/Manifest
+++ b/net-dns/djbdns/Manifest
@@ -1,7 +1,6 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 AUX 1.05-errno.patch 238 RMD160 b479d8c16dd8fe7206cba19125dd8866c2584301 SHA1 f23206f3ffc1a8aa6768fdb2ef588012c17eaa79 SHA256 40e01efac08e95bf87b46e2d86378b0a60c234c64080b7f42039178ac6de61af
+AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch 9914 RMD160 c416dd6575819cfd40ef0d306ccb14d34a5afc90 SHA1 8dd3ce7758d3a97cafbe6a60ea83f48e916f496d SHA256 b5e030e96ed98d96d36c39e3466e04d98d39c5f1c7e94254ea3da5e99381eed6
+AUX CVE2008-4392_0002-dnscache-cache-soa-records.patch 2944 RMD160 0b58e57bc11b36113c5fef73a64c869895f83889 SHA1 ac9b6a62c62588205cc4dc71da4e0ad6630f9635 SHA256 1cd7b848305646d3015d8f2817acdced65894b8ab6e9dacb02077acebc50841b
 AUX djbdns-setup 11152 RMD160 6de107a57748468996c2d7b5ed00641abf51d67e SHA1 dc9b478709699ce66b64f82f0f1fd1749af2f58a SHA256 f9cac2b3050ce0869afdb1f27af9690fd5fb4817acad1144d8b879233d979713
 AUX djbdns-setup-r17 10881 RMD160 eabdbfd226d6ee4172e55a62beed77bb68aa222c SHA1 f056a51a5f511c54b98536c238eff8c1fecb5755 SHA256 33c64d8341ea868e124e7fe0da6a8f9ba6fc799a79584e002a82c572921ed5e4
 AUX dnscache-setup 6007 RMD160 d5a29943ac29d84a8c83308a497721010ab017bc SHA1 764e3dbecca295c307589c3141fc24c3ff0bc5a5 SHA256 5a69f71468172e9e9636f1cb22e08718a084daa0f31953aae604539d66a2603e
@@ -25,12 +24,6 @@ DIST tinydns-data-semantic-error.patch 5096 RMD160 a57c1a3262f5b71ca7b0fdfdb644c
 EBUILD djbdns-1.05-r17.ebuild 5056 RMD160 ba3c7b670539f88b12c5c821908a7960057f5a76 SHA1 fb8f8528702f23636fda0dadc5a85dfe42024638 SHA256 13ce07f6904d378365dfc168e6cb40e183a332b456199f243058eaaff4f8179e
 EBUILD djbdns-1.05-r19.ebuild 5591 RMD160 2ff41c6ab18c2bed511e55ef14580ba833aaa946 SHA1 4e307120389b1f925579ae1ae11a0b20471fded7 SHA256 d827b404a5bf0ac7c794ad9cbbd836faa4a92e3a8fdf3d4f50d3b1abd419c6ee
 EBUILD djbdns-1.05-r21.ebuild 3219 RMD160 8ed5402131bf61b6c42a5315dff16c12867e83ba SHA1 c62e395457c34f70eba38bd4672edaacf7ed67d6 SHA256 feb1a2e6183ffdcc2768bbff345f673fdc39cee12becbe0199891b39febc79ca
-MISC ChangeLog 16367 RMD160 7705172a3c0bfde2d2d2f197aa99d57b223283b9 SHA1 c6ad1d5821ed7af66ebc3fba79d46a1dfdb14dfa SHA256 634e7e1f5c88672ec777a7109098f5bcbdd7c0d0affe4dca39d52575f5f82888
+EBUILD djbdns-1.05-r22.ebuild 3410 RMD160 00d9bbc318949c9bbe218c0f85d3146cc7782194 SHA1 3def1ca4cd1c39c42708dffde06285b0dc37022f SHA256 79bb0c438d989492fbcec2823c9a9356e4b077986b1cf193ede6dadebdd5f530
+MISC ChangeLog 16636 RMD160 43c5dae14f6149455070adf22ca72fe74e22967c SHA1 e919ae67e345dcae17feafbd4fbbd7881692a19a SHA256 03ebeb1794ac2fcb6794de6f57bdf6a50ac814a0141d89822377f594f1eabcae
 MISC metadata.xml 927 RMD160 869063a5348898678380f8ee4ed1ac5e0977deca SHA1 938d47ae4f6dc0c5dfe47a8188fbbf1b25a1ebc2 SHA256 324393413cb202a412ed5778927daa7b536c3a9b26ceb86edac69b4790c85c98
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.9 (GNU/Linux)
-
-iEYEARECAAYFAkkh31kACgkQAiZjviIA2XgfdgCgoE/Jn/IwGzfHC81ChFn4tRkN
-7kcAn3IJKJ1lEUEyeo6vVBnuE0Big/t2
-=CgvZ
------END PGP SIGNATURE-----
diff --git a/net-dns/djbdns/djbdns-1.05-r22.ebuild b/net-dns/djbdns/djbdns-1.05-r22.ebuild
new file mode 100644
index 000000000000..deeeac784b7b
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r22.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r22.ebuild,v 1.1 2009/03/01 09:40:26 killerfox Exp $
+
+IUSE="doc ipv6 selinux static"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Excellent high-performance DNS services"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test23"
+
+SRC_URI="
+	http://cr.yp.to/djbdns/${P}.tar.gz
+	ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )
+"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+RDEPEND="
+	>=sys-process/daemontools-0.70
+	sys-apps/ucspi-tcp
+	doc? ( app-doc/djbdns-man )
+	selinux? ( sec-policy/selinux-djbdns )
+"
+
+src_unpack() {
+	unpack "${P}.tar.gz"
+	cd "${S}"
+
+	echo
+	elog 'Several patches have been dropped from this djbdns ebuild revision.'
+	elog 'Please use the DJBDNS_PATCH_DIR variable to specify a directory'
+	elog 'of custom patches.'
+	elog
+	elog 'Some of them can be found at http://tinydns.org/ or'
+	elog 'http://homepages.tesco.net/J.deBoynePollard/Softwares/djbdns/'
+	elog
+
+	epatch \
+		"${FILESDIR}/headtail.patch" \
+		"${FILESDIR}/dnsroots.patch" \
+		"${FILESDIR}/dnstracesort.patch"
+
+	# Fix CVE2008-4392
+	epatch \
+		"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \
+		"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+
+	if use ipv6; then
+		elog "At present dnstrace does NOT support IPv6. It will"\
+		     "be compiled without IPv6 support."
+		cp -pR "${S}" "${S}-noipv6"
+		# Careful -- >=test21 of the IPv6 patch includes the errno patch
+		epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2"
+		cd "${S}-noipv6"
+	fi
+
+	epatch "${FILESDIR}/${PV}-errno.patch"
+
+	if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]]
+	then
+		echo
+		ewarn "You enabled custom patches from ${DJBDNS_PATCH_DIR}."
+		ewarn "Be warned that you won't get any support when using "
+		ewarn "this feature. You're on your own from now!"
+		echo
+		ebeep
+		cd "${S}" && epatch "${DJBDNS_PATCH_DIR}/"*
+	fi
+}
+
+src_compile() {
+	use static && append-ldflags -static
+	echo "$(tc-getCC) ${CFLAGS}" > conf-cc
+	echo "$(tc-getCC) ${LDFLAGS}" > conf-ld
+	echo "/usr" > conf-home
+	emake -j1 || die "emake failed"
+
+	# If djbdns is compiled with IPv6 support, it breaks dnstrace.
+	# Therefore we must compile dnstrace separately without IPv6
+	# support.
+	if use ipv6; then
+		elog "Compiling dnstrace without ipv6 support"
+		cd "${S}-noipv6"
+		echo "$(tc-getCC) ${CFLAGS}" > conf-cc
+		echo "$(tc-getCC) ${LDFLAGS}" > conf-ld
+		echo "/usr" > conf-home
+		emake -j1 dnstrace || die "emake failed"
+	fi
+}
+
+src_install() {
+	insinto /etc
+	doins dnsroots.global
+
+	into /usr
+	dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+		*-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+		dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+	use ipv6 && dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace"
+
+	dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION
+
+	dobin "${FILESDIR}/dnscache-setup"
+	dobin "${FILESDIR}/tinydns-setup"
+	newbin "${FILESDIR}/djbdns-setup-${PR}" djbdns-setup
+}
+
+pkg_setup() {
+	# The nofiles group is provided by baselayout
+	enewuser dnscache -1 -1 -1 nofiles
+	enewuser dnslog -1 -1 -1 nofiles
+	enewuser tinydns -1 -1 -1 nofiles
+}
+
+pkg_postinst() {
+	elog "Use dnscache-setup & tinydns-setup or djbdns-setup to configure djbdns."
+}
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch
new file mode 100644
index 000000000000..a0391ff00712
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch
@@ -0,0 +1,349 @@
+diff --git a/Makefile b/Makefile
+index 1429643..bc047c0 100644
+--- a/Makefile
++++ b/Makefile
+@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+ 	./compile dns_txt.c
+ 
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+ 	./load dnscache droproot.o okclient.o log.o cache.o \
+-	query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++	query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ 	env.a alloc.a buffer.a libtai.a unix.a byte.a  `cat \
+ 	socket.lib`
+ 
+@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+ 	./compile dnscache.c
+ 
+ dnsfilter: \
+@@ -687,11 +687,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+ 	./compile qlog.c
+ 
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++	./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+ 	./compile query.c
+ 
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index 8c899a3..5ccb16a 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -22,6 +22,7 @@
+ #include "log.h"
+ #include "okclient.h"
+ #include "droproot.h"
++#include "maxclient.h"
+ 
+ static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2])
+ {
+@@ -54,7 +55,6 @@ uint64 numqueries = 0;
+ 
+ static int udp53;
+ 
+-#define MAXUDP 200
+ static struct udpclient {
+   struct query q;
+   struct taia start;
+@@ -131,7 +131,6 @@ void u_new(void)
+ 
+ static int tcp53;
+ 
+-#define MAXTCP 20
+ struct tcpclient {
+   struct query q;
+   struct taia start;
+diff --git a/log.c b/log.c
+index c43e8b0..b8cd7ce 100644
+--- a/log.c
++++ b/log.c
+@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
+   line();
+ }
+ 
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++  string("txpb ");
++  logtype(qtype); space(); name(q); space(); name(control);
++  line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+   string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index fe62fa3..d9a829b 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+ 
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+ 
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++    const char *control)
++{
++  if (!dns_domain_copy(&qmk->q, q)) return 0;
++  byte_copy(qmk->qtype, 2, qtype);
++  if (!dns_domain_copy(&qmk->control, control)) return 0;
++  return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++  return
++    byte_equal(a->qtype, 2, b->qtype) &&
++    dns_domain_equal(a->q, b->q) &&
++    dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++  dns_domain_free(&qmk->q);
++  dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++  struct qmerge *qm;
++
++  qm = *x;
++  *x = 0;
++  if (!qm || !qm->active) return;
++
++  qm->active--;
++  if (!qm->active) {
++    qmerge_key_free(&qm->key);
++    dns_transmit_free(&qm->dt);
++  }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++    const char *q, const char qtype[2], const char localip[4],
++    const char *control)
++{
++  struct qmerge_key k;
++  int i;
++  int r;
++
++  qmerge_free(qm);
++
++  byte_zero(&k, sizeof k);
++  if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++  for (i = 0; i < QMERGE_MAX; i++) {
++    if (!inprogress[i].active) continue;
++    if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++    log_tx_piggyback(q, qtype, control);
++    inprogress[i].active++;
++    *qm = &inprogress[i];
++    qmerge_key_free(&k);
++    return 0;
++  }
++
++  for (i = 0; i < QMERGE_MAX; i++)
++    if (!inprogress[i].active)
++      break;
++  if (i == QMERGE_MAX) return -1;
++
++  log_tx(q, qtype, control, servers, 0);
++  r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++  if (r == -1) { qmerge_key_free(&k); return -1; }
++  inprogress[i].active++;
++  inprogress[i].state = 0;
++  qmerge_key_free(&inprogress[i].key);
++  byte_copy(&inprogress[i].key, sizeof k, &k);
++  *qm = &inprogress[i];
++  return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++  if (qm->state == 0) {
++    dns_transmit_io(&qm->dt, io, deadline);
++    qm->state = 1;
++  }
++  else {
++    io->fd = -1;
++    io->events = 0;
++  }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++  int r;
++  struct qmerge *qm;
++
++  qm = *x;
++  if (qm->state == -1) return -1; /* previous error */
++  if (qm->state == 0) return 0; /* no packet */
++  if (qm->state == 2) return 1; /* already got packet */
++
++  r = dns_transmit_get(&qm->dt, io, when);
++  if (r == -1) { qm->state = -1; return -1; } /* error */
++  if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++  if (r == 1) { qm->state = 2; return 1; } /* got packet */
++  return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++  char *q;
++  char qtype[2];
++  char *control;
++};
++
++struct qmerge {
++  int active;
++  struct qmerge_key key;
++  struct dns_transmit dt;
++  int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index 46cdc00..f091fdd 100644
+--- a/query.c
++++ b/query.c
+@@ -81,7 +81,7 @@ static void cleanup(struct query *z)
+   int j;
+   int k;
+ 
+-  dns_transmit_free(&z->dt);
++  qmerge_free(&z->qm);
+   for (j = 0;j < QUERY_MAXALIAS;++j)
+     dns_domain_free(&z->alias[j]);
+   for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -429,14 +429,8 @@ static int doit(struct query *z,int state)
+   if (j == 64) goto SERVFAIL;
+ 
+   dns_sortip(z->servers[z->level],64);
+-  if (z->level) {
+-    log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level);
+-    if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE;
+-  }
+-  else {
+-    log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+-    if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+-  }
++  dtype = z->level ? DNS_T_A : z->type;
++  if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
+   return 0;
+ 
+ 
+@@ -450,10 +444,10 @@ static int doit(struct query *z,int state)
+ 
+   HAVEPACKET:
+   if (++z->loop == 100) goto DIE;
+-  buf = z->dt.packet;
+-  len = z->dt.packetlen;
++  buf = z->qm->dt.packet;
++  len = z->qm->dt.packetlen;
+ 
+-  whichserver = z->dt.servers + 4 * z->dt.curserver;
++  whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver;
+   control = z->control[z->level];
+   d = z->name[z->level];
+   dtype = z->level ? DNS_T_A : z->type;
+@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
+ 
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+-  switch(dns_transmit_get(&z->dt,x,stamp)) {
++  switch(qmerge_get(&z->qm,x,stamp)) {
+     case 1:
+       return doit(z,1);
+     case -1:
+@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ 
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+-  dns_transmit_io(&z->dt,x,deadline);
++  qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index eff68b2..06feab4 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+ 
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+ 
+ #define QUERY_MAXLEVEL 5
+@@ -20,7 +20,7 @@ struct query {
+   char localip[4];
+   char type[2];
+   char class[2];
+-  struct dns_transmit dt;
++  struct qmerge *qm;
+ } ;
+ 
+ extern int query_start(struct query *,char *,char *,char *,char *);
diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch
new file mode 100644
index 000000000000..9230e7583ddd
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch
@@ -0,0 +1,70 @@
+diff --git a/query.c b/query.c
+index 46cdc00..4574e97 100644
+--- a/query.c
++++ b/query.c
+@@ -319,6 +319,29 @@ static int doit(struct query *z,int state)
+       }
+     }
+ 
++    if (typematch(DNS_T_SOA,dtype)) {
++      byte_copy(key,2,DNS_T_SOA);
++      cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
++      if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
++        log_cachedanswer(d,DNS_T_SOA);
++        if (!rqa(z)) goto DIE;
++        pos = 0;
++        while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
++          pos = dns_packet_getname(cached,cachedlen,pos,&t2);
++          if (!pos) break;
++          pos = dns_packet_getname(cached,cachedlen,pos,&t3);
++          if (!pos) break;
++          if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
++          if (!response_addname(t2)) goto DIE;
++          if (!response_addname(t3)) goto DIE;
++          if (!response_addbytes(misc,20)) goto DIE;
++          response_rfinish(RESPONSE_ANSWER);
++        }
++        cleanup(z);
++        return 1;
++      }
++    }
++
+     if (typematch(DNS_T_A,dtype)) {
+       byte_copy(key,2,DNS_T_A);
+       cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+@@ -351,7 +374,7 @@ static int doit(struct query *z,int state)
+       }
+     }
+ 
+-    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
++    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
+       byte_copy(key,2,dtype);
+       cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+       if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
+@@ -585,15 +608,24 @@ static int doit(struct query *z,int state)
+     else if (byte_equal(type,2,DNS_T_AXFR))
+       ;
+     else if (byte_equal(type,2,DNS_T_SOA)) {
++      int non_authority = 0;
++      save_start();
+       while (i < j) {
+         pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
+         pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
+         pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
+         pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
+-        if (records[i] < posauthority)
++        if (records[i] < posauthority) {
+           log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
++          save_data(misc,20);
++          save_data(t2,dns_domain_length(t2));
++          save_data(t3,dns_domain_length(t3));
++          non_authority++;
++        }
+         ++i;
+       }
++      if (non_authority)
++        save_finish(DNS_T_SOA,t1,ttl);
+     }
+     else if (byte_equal(type,2,DNS_T_CNAME)) {
+       pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
+
author	René Nussbaumer <killerfox@gentoo.org>	2009-03-01 09:40:26 +0000
committer	René Nussbaumer <killerfox@gentoo.org>	2009-03-01 09:40:26 +0000
commit	c514b45567c842a87cbf62a8298fc02adbfa4855 (patch)
tree	b5483452c0d6ed568784f3bc627364544b320337 /net-dns/djbdns
parent	Add id3tag USE flag to alsaplayer (and patch configure.ac accordingly). Reso... (diff)
download	historical-c514b45567c842a87cbf62a8298fc02adbfa4855.tar.gz historical-c514b45567c842a87cbf62a8298fc02adbfa4855.tar.bz2 historical-c514b45567c842a87cbf62a8298fc02adbfa4855.zip