src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch

   1 From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001
   2 From: Simon Kelley <simon@thekelleys.org.uk>
   3 Date: Sun, 12 Apr 2015 21:52:47 +0100
   4 Subject: [PATCH 74/98] Fix crash in auth code with odd configuration.
   5
   6 ---
   7  CHANGELOG  | 32 +++++++++++++++++++++-----------
   8  src/auth.c | 13 ++++++++-----
   9  2 files changed, 29 insertions(+), 16 deletions(-)
  10
  11 diff --git a/CHANGELOG b/CHANGELOG
  12 index 9af617056f1f..f2142c71cbdc 100644
  13 --- a/CHANGELOG
  14 +++ b/CHANGELOG
  15 @@ -68,18 +68,31 @@ version 2.73
  16             Fix broken DNSSEC validation of ECDSA signatures.
  17
  18             Add --dnssec-timestamp option, which provides an automatic
  19 -           way to detect when the system time becomes valid after boot
  20 -           on systems without an RTC, whilst allowing DNS queries before the
  21 -           clock is valid so that NTP can run. Thanks to
  22 -           Kevin Darbyshire-Bryant for developing this idea.
  23 +           way to detect when the system time becomes valid after
  24 +           boot on systems without an RTC, whilst allowing DNS
  25 +           queries before the clock is valid so that NTP can run.
  26 +           Thanks to Kevin Darbyshire-Bryant for developing this idea.
  27
  28             Add --tftp-no-fail option. Thanks to Stefan Tomanek for
  29             the patch.
  30
  31 -           Fix crash caused by looking up servers.bind, CHAOS text record,
  32 -           when more than about five --servers= lines are in the dnsmasq
  33 -           config. This causes memory corruption which causes a crash later.
  34 -           Thanks to Matt Coddington for sterling work chasing this down.
  35 +           Fix crash caused by looking up servers.bind, CHAOS text
  36 +           record, when more than about five --servers= lines are
  37 +           in the dnsmasq config. This causes memory corruption
  38 +           which causes a crash later. Thanks to Matt Coddington for
  39 +           sterling work chasing this down.
  40 +
  41 +           Fix crash on receipt of certain malformed DNS requests.
  42 +           Thanks to Nick Sampanis for spotting the problem.
  43 +
  44 +            Fix crash in authoritative DNS code, if a .arpa zone
  45 +           is declared as authoritative, and then a PTR query which
  46 +           is not to be treated as authoritative arrived. Normally,
  47 +           directly declaring .arpa zone as authoritative is not
  48 +           done, so this crash wouldn't be seen. Instead the
  49 +           relevant .arpa zone should be specified as a subnet
  50 +           in the auth-zone declaration. Thanks to Johnny S. Lee
  51 +           for the bugreport and initial patch.
  52
  53
  54  version 2.72
  55 @@ -125,10 +138,7 @@ version 2.72
  56              Fix problem with --local-service option on big-endian platforms
  57             Thanks to Richard Genoud for the patch.
  58
  59 -           Fix crash on receipt of certain malformed DNS requests. Thanks
  60 -           to Nick Sampanis for spotting the problem.
  61
  62 -
  63  version 2.71
  64              Subtle change to error handling to help DNSSEC validation
  65             when servers fail to provide NODATA answers for
  66 diff --git a/src/auth.c b/src/auth.c
  67 index 15721e52793f..4a5c39fc5c07 100644
  68 --- a/src/auth.c
  69 +++ b/src/auth.c
  70 @@ -141,7 +141,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
  71               for (zone = daemon->auth_zones; zone; zone = zone->next)
  72                 if ((subnet = find_subnet(zone, flag, &addr)))
  73                   break;
  74 -
  75 +
  76               if (!zone)
  77                 {
  78                   auth = 0;
  79 @@ -186,7 +186,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
  80
  81           if (intr)
  82             {
  83 -             if (in_zone(zone, intr->name, NULL))
  84 +             if (local_query || in_zone(zone, intr->name, NULL))
  85                 {
  86                   found = 1;
  87                   log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
  88 @@ -208,8 +208,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
  89                     *p = 0; /* must be bare name */
  90
  91                   /* add  external domain */
  92 -                 strcat(name, ".");
  93 -                 strcat(name, zone->domain);
  94 +                 if (zone)
  95 +                   {
  96 +                     strcat(name, ".");
  97 +                     strcat(name, zone->domain);
  98 +                   }
  99                   log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
 100                   found = 1;
 101                   if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
 102 @@ -217,7 +220,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 103                                           T_PTR, C_IN, "d", name))
 104                     anscount++;
 105                 }
 106 -             else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
 107 +             else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL)))
 108                 {
 109                   log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
 110                   found = 1;
 111 --
 112 2.1.0
 113