djbdns/450-dnscache-ghost-domain-CVE-2012-1191.patch

42 lines
1.6 KiB
Diff
Raw Permalink Normal View History

# initial patch http://marc.info/?l=djbdns&m=134190748729079&w=2
#--- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200
#+++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200
#@@ -578,6 +578,7 @@
# }
#
# if (!dns_domain_suffix(t1,control)) { i = j; continue; }
#+ if (byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) { i = j; continue; }
# if (!roots_same(t1,control)) { i = j; continue; }
#
# if (byte_equal(type,2,DNS_T_ANY))
#
# alternative http://marc.info/?l=djbdns&m=134219930603966&w=2
#--- djbdns-1.05.orig/query.c 2001-02-11 22:11:45.000000000 +0100
#+++ djbdns-1.05/query.c 2012-07-13 18:52:16.313862281 +0200
#@@ -578,6 +578,7 @@
# }
#
# if (!dns_domain_suffix(t1,control)) { i = j; continue; }
#+ if (byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control) && (posauthority <= records[i])) { i = j; continue; } if (!roots_same(t1,control)) { i = j; continue; }
# if (byte_equal(type,2,DNS_T_ANY))
#
#http://marc.info/?l=djbdns&m=134269902121506&w=2
# Created 2012 by Peter Conrad <conrad@tivano.de>
#
# This patch is public domain.
#
--- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200
+++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200
@@ -578,6 +578,10 @@
}
if (!dns_domain_suffix(t1,control)) { i = j; continue; }
+ if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) {
+ char dummy[256];
+ if (!roots(dummy,control)) { i = j; continue; }
+ }
if (!roots_same(t1,control)) { i = j; continue; }
if (byte_equal(type,2,DNS_T_ANY))