net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch

   1 diff -urNp a/query.c b/query.c
   2 --- a/query.c   2009-03-19 11:35:28.452472164 -0700
   3 +++ b/query.c   2009-03-19 11:59:19.798221593 -0700
   4 @@ -476,6 +476,29 @@ static int doit(struct query *z,int stat
   5        }
   6      }
   7
   8 +    if (typematch(DNS_T_SOA,dtype)) {
   9 +      byte_copy(key,2,DNS_T_SOA);
  10 +      cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
  11 +      if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
  12 +        log_cachedanswer(d,DNS_T_SOA);
  13 +        if (!rqa(z)) goto DIE;
  14 +        pos = 0;
  15 +        while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
  16 +          pos = dns_packet_getname(cached,cachedlen,pos,&t2);
  17 +          if (!pos) break;
  18 +          pos = dns_packet_getname(cached,cachedlen,pos,&t3);
  19 +          if (!pos) break;
  20 +          if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
  21 +          if (!response_addname(t2)) goto DIE;
  22 +          if (!response_addname(t3)) goto DIE;
  23 +          if (!response_addbytes(misc,20)) goto DIE;
  24 +          response_rfinish(RESPONSE_ANSWER);
  25 +        }
  26 +        cleanup(z);
  27 +        return 1;
  28 +      }
  29 +    }
  30 +
  31      if (typematch(DNS_T_A,dtype)) {
  32        byte_copy(key,2,DNS_T_A);
  33        cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
  34 @@ -541,7 +564,7 @@ static int doit(struct query *z,int stat
  35        }
  36      }
  37
  38 -    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) {
  39 +    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) {
  40        byte_copy(key,2,dtype);
  41        cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
  42        if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
  43 @@ -769,15 +792,24 @@ static int doit(struct query *z,int stat
  44      else if (byte_equal(type,2,DNS_T_AXFR))
  45        ;
  46      else if (byte_equal(type,2,DNS_T_SOA)) {
  47 +      int non_authority = 0;
  48 +      save_start();
  49        while (i < j) {
  50          pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
  51          pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
  52          pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
  53          pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
  54 -        if (records[i] < posauthority)
  55 +        if (records[i] < posauthority) {
  56            log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
  57 +          save_data(misc,20);
  58 +          save_data(t2,dns_domain_length(t2));
  59 +          save_data(t3,dns_domain_length(t3));
  60 +          non_authority++;
  61 +        }
  62          ++i;
  63        }
  64 +      if (non_authority)
  65 +        save_finish(DNS_T_SOA,t1,ttl);
  66      }
  67      else if (byte_equal(type,2,DNS_T_CNAME)) {
  68        pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;