Upstream patch to address CVE-2015-8899.

From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <[email protected]>
Date: Sat, 14 Nov 2015 17:45:48 +0000
Subject: [PATCH] Fix crash when empty address from DNS overlays A record from
 hosts.

---
 CHANGELOG   |    5 +++++
 src/cache.c |    2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index d6e309f..93c73d0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,11 @@ version 2.76
 	    was a dangling symbolic link, even of --no-resolv set.
 	    Thanks to Alexander Kurtz for spotting the problem.
 
+	    Fix crash when an A or AAAA record is defined locally,
+	    in a hosts file, and an upstream server sends a reply
+	    that the same name is empty. Thanks to Edwin Török for
+	    the patch.
+
 	
 version 2.75
             Fix reversion on 2.74 which caused 100% CPU use when a 
diff --git a/src/cache.c b/src/cache.c
index 178d654..1b76b67 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
 	 existing record is for an A or AAAA and
 	 the record we're trying to insert is the same, 
 	 just drop the insert, but don't error the whole process. */
-      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))
+      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)
 	{
 	  if ((flags & F_IPV4) && (new->flags & F_IPV4) &&
 	      new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr)
-- 
1.7.10.4