karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

djbdns: added upstream patch against a vulnerability in AXFR

cross
Alejandro Mery 16 years ago
parent
b21c038880
commit
10a67fbfe0
1 changed files with 58 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 58
      network/djbdns/AXFR_vulnerability.patch

58
network/djbdns/AXFR_vulnerability.patch
Unescape View File

@ -0,0 +1,58 @@
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../djbdns/AXFR_vulnerability.patch
# Copyright (C) 2009 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
Mailing-List: contact dns-help@list.cr.yp.to; run by ezmlm
Date: 4 Mar 2009 01:34:21 -0000
Message-ID: <20090304013421.60368.qmail@cr.yp.to>
Mail-Followup-To: dns@list.cr.yp.to
Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html.
From: "D. J. Bernstein" <djb@cr.yp.to>
To: dns@list.cr.yp.to
Subject: djbdns<=1.05 lets AXFRed subdomains overwrite domains
If the administrator of example.com publishes the example.com DNS data
through tinydns and axfrdns, and includes data for sub.example.com
transferred from an untrusted third party, then that third party can
control cache entries for example.com, not just sub.example.com. This is
the result of a bug in djbdns pointed out by Matthew Dempsky. (In short,
axfrdns compresses some outgoing DNS packets incorrectly.)
Even though this bug affects very few users, it is a violation of the
expected security policy in a reasonable situation, so it is a security
hole in djbdns. Third-party DNS service is discouraged in the djbdns
documentation but is nevertheless supported. Dempsky is hereby awarded
$1000.
The next release of djbdns will be backed by a new security guarantee.
In the meantime, if any users are in the situation described above,
those users are advised to apply Dempsky's patch and requested to accept
my apologies. The patch is also recommended for other users; it corrects
the bug without any side effects. A copy of the patch appears below.
---D. J. Bernstein
Research Professor, Computer Science, University of Illinois at Chicago
--- ./response.c.orig 2009-03-05 22:16:18.000000000 +0200
+++ ./response.c 2009-03-05 22:16:57.000000000 +0200
@@ -34,7 +34,7 @@
uint16_pack_big(buf,49152 + name_ptr[i]);
return response_addbytes(buf,2);
}
- if (dlen <= 128)
+ if ((dlen <= 128) && (response_len < 16384))
if (name_num < NAMES) {
byte_copy(name[name_num],dlen,d);
name_ptr[name_num] = response_len;
Write Preview
Loading…
Cancel
Save