dnsmasq: Import more patches from upstream

[ipfire-2.x.git] / src / patches / dnsmasq / 0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch

diff --git a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch
new file mode 100644 (file)
index 0000000..705229f
--- /dev/null
+++ b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch
@@ -0,0 +1,106 @@
+From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 16 Apr 2015 15:05:30 +0100
+Subject: [PATCH 75/78] Auth: correct replies to NS and SOA in .arpa zones.
+
+---
+ CHANGELOG  |  8 ++++++++
+ src/auth.c | 51 ++++++++++++++++++++++++++++++---------------------
+ 2 files changed, 38 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index f2142c71cbdc..0619788e9cef 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -94,6 +94,14 @@ version 2.73
+           in the auth-zone declaration. Thanks to Johnny S. Lee
+           for the bugreport and initial patch.
+ 
++          Fix authoritative DNS code to correctly reply to NS 
++          and SOA queries for .arpa zones for which we are 
++          declared authoritative by means of a subnet in auth-zone.
++          Previously we provided correct answers to PTR queries
++          in such zones (including NS and SOA) but not direct
++          NS and SOA queries. Thanks to Johnny S. Lee for 
++          pointing out the problem.
++
+       
+ version 2.72
+             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/auth.c b/src/auth.c
+index 4a5c39fc5c07..2b0b7d6b052d 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+         continue;
+       }
+ 
+-      if (qtype == T_PTR)
++      if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) &&
++        (flag = in_arpa_name_2_addr(name, &addr)) &&
++        !local_query)
+       {
+-        if (!(flag = in_arpa_name_2_addr(name, &addr)))
+-          continue;
+-
+-        if (!local_query)
++        for (zone = daemon->auth_zones; zone; zone = zone->next)
++          if ((subnet = find_subnet(zone, flag, &addr)))
++            break;
++        
++        if (!zone)
+           {
+-            for (zone = daemon->auth_zones; zone; zone = zone->next)
+-              if ((subnet = find_subnet(zone, flag, &addr)))
+-                break;
+-                      
+-            if (!zone)
+-              {
+-                auth = 0;
+-                continue;
+-              }
++            auth = 0;
++            continue;
+           }
++        else if (qtype == T_SOA)
++          soa = 1, found = 1;
++        else if (qtype == T_NS)
++          ns = 1, found = 1;
++      }
+ 
++      if (qtype == T_PTR && flag)
++      {
+         intr = NULL;
+ 
+         if (flag == F_IPV4)
+@@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+       }
+       
+     cname_restart:
+-      for (zone = daemon->auth_zones; zone; zone = zone->next)
+-      if (in_zone(zone, name, &cut))
+-        break;
+-      
+-      if (!zone)
++      if (found)
++      /* NS and SOA .arpa requests have set found above. */
++      cut = NULL;
++      else
+       {
+-        auth = 0;
+-        continue;
++        for (zone = daemon->auth_zones; zone; zone = zone->next)
++          if (in_zone(zone, name, &cut))
++            break;
++        
++        if (!zone)
++          {
++            auth = 0;
++            continue;
++          }
+       }
+ 
+       for (rec = daemon->mxnames; rec; rec = rec->next)
+-- 
+2.1.0
+