OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
OpenSDE Packages Database (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7839 Commits
49 Branches
0 Tags
34 MiB
Tree: 0f6c682c2d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0f6c682c2d'
${ noResults }
package-nopast/network/djbdns/AXFR_vulnerability.patch

58 lines
2.6 KiB
Raw Normal View History

djbdns: added upstream patch against a vulnerability in AXFR
16 years ago
  1. # --- SDE-COPYRIGHT-NOTE-BEGIN ---
  2. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
  3. #
  4. # Filename: package/.../djbdns/AXFR_vulnerability.patch
  5. # Copyright (C) 2009 The OpenSDE Project
  6. #
  7. # More information can be found in the files COPYING and README.
  8. #
  9. # This patch file is dual-licensed. It is available under the license the
  10. # patched project is licensed under, as long as it is an OpenSource license
  11. # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  12. # of the GNU General Public License as published by the Free Software
  13. # Foundation; either version 2 of the License, or (at your option) any later
  14. # version.
  15. # --- SDE-COPYRIGHT-NOTE-END ---
  17. Mailing-List: contact dns-help@list.cr.yp.to; run by ezmlm
  18. Date: 4 Mar 2009 01:34:21 -0000
  19. Message-ID: <20090304013421.60368.qmail@cr.yp.to>
  20. Mail-Followup-To: dns@list.cr.yp.to
  21. Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html.
  22. From: "D. J. Bernstein" <djb@cr.yp.to>
  23. To: dns@list.cr.yp.to
  24. Subject: djbdns<=1.05 lets AXFRed subdomains overwrite domains
  26. If the administrator of example.com publishes the example.com DNS data
  27. through tinydns and axfrdns, and includes data for sub.example.com
  28. transferred from an untrusted third party, then that third party can
  29. control cache entries for example.com, not just sub.example.com. This is
  30. the result of a bug in djbdns pointed out by Matthew Dempsky. (In short,
  31. axfrdns compresses some outgoing DNS packets incorrectly.)
  33. Even though this bug affects very few users, it is a violation of the
  34. expected security policy in a reasonable situation, so it is a security
  35. hole in djbdns. Third-party DNS service is discouraged in the djbdns
  36. documentation but is nevertheless supported. Dempsky is hereby awarded
  37. $1000.
  39. The next release of djbdns will be backed by a new security guarantee.
  40. In the meantime, if any users are in the situation described above,
  41. those users are advised to apply Dempsky's patch and requested to accept
  42. my apologies. The patch is also recommended for other users; it corrects
  43. the bug without any side effects. A copy of the patch appears below.
  45. ---D. J. Bernstein
  46. Research Professor, Computer Science, University of Illinois at Chicago
  48. --- ./response.c.orig 2009-03-05 22:16:18.000000000 +0200
  49. +++ ./response.c 2009-03-05 22:16:57.000000000 +0200
  50. @@ -34,7 +34,7 @@
  51. uint16_pack_big(buf,49152 + name_ptr[i]);
  52. return response_addbytes(buf,2);
  53. }
  54. - if (dlen <= 128)
  55. + if ((dlen <= 128) && (response_len < 16384))
  56. if (name_num < NAMES) {
  57. byte_copy(name[name_num],dlen,d);
  58. name_ptr[name_num] = response_len;