Critical vulnerability patch need in BINDx ports

Dennis Yusupoff denissia at mail.ru
Wed Jul 9 14:37:19 UTC 2008


Hello, Doug.

I hope, you've already seen patch for BINDx, that close critical
vulnerability.
Could you register it in your FreeBSD-port(s)?

http://www.isc.org/index.pl?/sw/bind/index.php
===
Index: inet_network.c
diff -u inet_network.c:1.5 inet_network.c:1.6
--- inet_network.c:1.5  Wed Apr 27 04:56:21 2005
+++ inet_network.c      Tue Jan 15 04:02:01 2008
@@ -84,9 +84,9 @@
        }
        if (!digit)
                return (INADDR_NONE);
+       if (pp >= parts + 4 || val > 0xffU)
+               return (INADDR_NONE);
        if (*cp == '.') {
-               if (pp >= parts + 4 || val > 0xffU)
-                       return (INADDR_NONE);
                *pp++ = val, cp++;
                goto again;
        }
===

---
With best regards,
sysadmin of Ozerki.Net
Dennis Yusupoff



More information about the freebsd-ports mailing list