net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch

   1 diff --git a/query.c b/query.c
   2 index 46cdc00..4574e97 100644
   3 --- a/query.c
   4 +++ b/query.c
   5 @@ -319,6 +319,29 @@ static int doit(struct query *z,int state)
   6        }
   7      }
   8
   9 +    if (typematch(DNS_T_SOA,dtype)) {
  10 +      byte_copy(key,2,DNS_T_SOA);
  11 +      cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
  12 +      if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
  13 +        log_cachedanswer(d,DNS_T_SOA);
  14 +        if (!rqa(z)) goto DIE;
  15 +        pos = 0;
  16 +        while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
  17 +          pos = dns_packet_getname(cached,cachedlen,pos,&t2);
  18 +          if (!pos) break;
  19 +          pos = dns_packet_getname(cached,cachedlen,pos,&t3);
  20 +          if (!pos) break;
  21 +          if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
  22 +          if (!response_addname(t2)) goto DIE;
  23 +          if (!response_addname(t3)) goto DIE;
  24 +          if (!response_addbytes(misc,20)) goto DIE;
  25 +          response_rfinish(RESPONSE_ANSWER);
  26 +        }
  27 +        cleanup(z);
  28 +        return 1;
  29 +      }
  30 +    }
  31 +
  32      if (typematch(DNS_T_A,dtype)) {
  33        byte_copy(key,2,DNS_T_A);
  34        cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
  35 @@ -351,7 +374,7 @@ static int doit(struct query *z,int state)
  36        }
  37      }
  38
  39 -    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
  40 +    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
  41        byte_copy(key,2,dtype);
  42        cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
  43        if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
  44 @@ -585,15 +608,24 @@ static int doit(struct query *z,int state)
  45      else if (byte_equal(type,2,DNS_T_AXFR))
  46        ;
  47      else if (byte_equal(type,2,DNS_T_SOA)) {
  48 +      int non_authority = 0;
  49 +      save_start();
  50        while (i < j) {
  51          pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
  52          pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
  53          pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
  54          pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
  55 -        if (records[i] < posauthority)
  56 +        if (records[i] < posauthority) {
  57            log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
  58 +          save_data(misc,20);
  59 +          save_data(t2,dns_domain_length(t2));
  60 +          save_data(t3,dns_domain_length(t3));
  61 +          non_authority++;
  62 +        }
  63          ++i;
  64        }
  65 +      if (non_authority)
  66 +        save_finish(DNS_T_SOA,t1,ttl);
  67      }
  68      else if (byte_equal(type,2,DNS_T_CNAME)) {
  69        pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
  70