1 Upstream patch to address CVE-2015-8899.

     2 

     3 From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001

     4 From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <[email protected]>

     5 Date: Sat, 14 Nov 2015 17:45:48 +0000

     6 Subject: [PATCH] Fix crash when empty address from DNS overlays A record from

     7  hosts.

     8 

     9 ---

    10  CHANGELOG   |    5 +++++

    11  src/cache.c |    2 +-

    12  2 files changed, 6 insertions(+), 1 deletion(-)

    13 

    14 diff --git a/CHANGELOG b/CHANGELOG

    15 index d6e309f..93c73d0 100644

    16 --- a/CHANGELOG

    17 +++ b/CHANGELOG

    18 @@ -13,6 +13,11 @@ version 2.76

    19  	    was a dangling symbolic link, even of --no-resolv set.

    20  	    Thanks to Alexander Kurtz for spotting the problem.

    21  

    22 +	    Fix crash when an A or AAAA record is defined locally,

    23 +	    in a hosts file, and an upstream server sends a reply

    24 +	    that the same name is empty. Thanks to Edwin Török for

    25 +	    the patch.

    26 +

    27  	

    28  version 2.75

    29              Fix reversion on 2.74 which caused 100% CPU use when a 

    30 diff --git a/src/cache.c b/src/cache.c

    31 index 178d654..1b76b67 100644

    32 --- a/src/cache.c

    33 +++ b/src/cache.c

    34 @@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,

    35  	 existing record is for an A or AAAA and

    36  	 the record we're trying to insert is the same, 

    37  	 just drop the insert, but don't error the whole process. */

    38 -      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))

    39 +      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)

    40  	{

    41  	  if ((flags & F_IPV4) && (new->flags & F_IPV4) &&

    42  	      new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr)

    43 -- 

    44 1.7.10.4