ports/132366: [PATCH] dns/djbdns: Fix a recent bug (AXFRed subdomains overwrite domains)

Fri Mar 6 16:10:05 UTC 2009

>Number:         132366
>Category:       ports
>Synopsis:       [PATCH] dns/djbdns: Fix a recent bug (AXFRed subdomains overwrite domains)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 06 16:10:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Renato Botelho
>Release:        FreeBSD 8.0-CURRENT i386
>Organization:
FreeBSD.org
>Environment:
System: FreeBSD botelhor.bplab.local 8.0-CURRENT FreeBSD 8.0-CURRENT #48 r189278: Mon Mar  2 11:46:45
>Description:
If the administrator of example.com publishes the example.com DNS data
through tinydns and axfrdns, and includes data for sub.example.com
transferred from an untrusted third party, then that third party can
control cache entries for example.com, not just sub.example.com. This is
the result of a bug in djbdns pointed out by Matthew Dempsky. (In short,
axfrdns compresses some outgoing DNS packets incorrectly.)

More detailed description at:

Since i'm here, pacify a bit portlint removing quotes from BROKEN messages

Added file(s):
- files/patch-response.c

Port maintainer (roam at FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- djbdns-1.05_13.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/dns/djbdns/Makefile,v
retrieving revision 1.33
diff -u -u -r1.33 Makefile
--- Makefile	24 May 2008 03:19:29 -0000	1.33
+++ Makefile	6 Mar 2009 16:06:35 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME?=	djbdns
 PORTVERSION?=	${DJBDNS_VER}
-PORTREVISION?=	12
+PORTREVISION?=	13
 CATEGORIES?=	dns
 MASTER_SITES=	http://cr.yp.to/djbdns/ \
 		ftp://cr.yp.to/djbdns/
@@ -32,7 +32,7 @@
 
 .if defined(WITH_JUMBO)
 .if defined(WITH_IPV6) || defined(WITH_IGNOREIP) || defined(WITH_SRV)
-BROKEN=		"The jumbo patch currently conflicts with the IPv6 and ignoreip2 patches"
+BROKEN=		The jumbo patch currently conflicts with the IPv6 and ignoreip2 patches
 .endif
 
 PATCH_SITES+=	http://www.ro.kde.org/djbdns/mywork/jumbo/:jumbo
@@ -69,7 +69,7 @@
 
 .if defined(WITH_DUMPCACHE) && !defined(WITH_JUMBO)
 .if defined(WITH_IPV6)
-BROKEN=		"The IPv6 and dnscache-dumpcache patches are currently in conflict"
+BROKEN=		The IPv6 and dnscache-dumpcache patches are currently in conflict
 .endif
 PATCH_SITES+=	http://efge.free.fr/djbdns/:dumpcache
 PATCHFILES+=	patch-dnscache-dumpcache-v4.txt:dumpcache
Index: files/patch-response.c
===================================================================
RCS file: files/patch-response.c
diff -N files/patch-response.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-response.c	6 Mar 2009 16:06:35 -0000
@@ -0,0 +1,11 @@
+--- response.c.orig	2009-03-06 13:02:27.000000000 -0300
++++ response.c	2009-03-06 13:03:03.000000000 -0300
+@@ -34,7 +34,7 @@
+         uint16_pack_big(buf,49152 + name_ptr[i]);
+         return response_addbytes(buf,2);
+       }
+-    if (dlen <= 128)
++    if ((dlen <= 128) && (response_len < 16384))
+       if (name_num < NAMES) {
+ 	byte_copy(name[name_num],dlen,d);
+ 	name_ptr[name_num] = response_len;
--- djbdns-1.05_13.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

