|
1 Upstream patch to address CVE-2015-8899. |
|
2 |
|
3 From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001 |
|
4 From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <[email protected]> |
|
5 Date: Sat, 14 Nov 2015 17:45:48 +0000 |
|
6 Subject: [PATCH] Fix crash when empty address from DNS overlays A record from |
|
7 hosts. |
|
8 |
|
9 --- |
|
10 CHANGELOG | 5 +++++ |
|
11 src/cache.c | 2 +- |
|
12 2 files changed, 6 insertions(+), 1 deletion(-) |
|
13 |
|
14 diff --git a/CHANGELOG b/CHANGELOG |
|
15 index d6e309f..93c73d0 100644 |
|
16 --- a/CHANGELOG |
|
17 +++ b/CHANGELOG |
|
18 @@ -13,6 +13,11 @@ version 2.76 |
|
19 was a dangling symbolic link, even of --no-resolv set. |
|
20 Thanks to Alexander Kurtz for spotting the problem. |
|
21 |
|
22 + Fix crash when an A or AAAA record is defined locally, |
|
23 + in a hosts file, and an upstream server sends a reply |
|
24 + that the same name is empty. Thanks to Edwin Török for |
|
25 + the patch. |
|
26 + |
|
27 |
|
28 version 2.75 |
|
29 Fix reversion on 2.74 which caused 100% CPU use when a |
|
30 diff --git a/src/cache.c b/src/cache.c |
|
31 index 178d654..1b76b67 100644 |
|
32 --- a/src/cache.c |
|
33 +++ b/src/cache.c |
|
34 @@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr, |
|
35 existing record is for an A or AAAA and |
|
36 the record we're trying to insert is the same, |
|
37 just drop the insert, but don't error the whole process. */ |
|
38 - if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD)) |
|
39 + if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr) |
|
40 { |
|
41 if ((flags & F_IPV4) && (new->flags & F_IPV4) && |
|
42 new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) |
|
43 -- |
|
44 1.7.10.4 |