21093410 problem in SERVICE/DNSMASQ s11u2-sru
authorsaurabh.vyas@oracle.com
Mon, 18 May 2015 16:22:16 -0700
branchs11u2-sru
changeset 4442 f5d31dce31a6
parent 4420 392caaf7a495
child 4443 19990f188a99
21093410 problem in SERVICE/DNSMASQ
components/dnsmasq/patches/04-CVE-2015-3294.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/dnsmasq/patches/04-CVE-2015-3294.patch	Mon May 18 16:22:16 2015 -0700
@@ -0,0 +1,64 @@
+Upstream patch to address CVE-2015-3294.
+
+From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <[email protected]>
+Date: Thu, 9 Apr 2015 21:48:00 +0100
+Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.
+
+---
+ CHANGELOG     |    3 +++
+ src/rfc1035.c |    9 ++++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 6aa3d85..9af6170 100644
+
+--- a/CHANGELOG
++++ b/CHANGELOG
[email protected]@ -125,6 +125,9 @@ version 2.72
+             Fix problem with --local-service option on big-endian platforms
+ 	    Thanks to Richard Genoud for the patch.
+ 
++	    Fix crash on receipt of certain malformed DNS requests. Thanks
++	    to Nick Sampanis for spotting the problem.
++	
+ 
+ version 2.71
+             Subtle change to error handling to help DNSSEC validation 
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 7a07b0c..a995ab5 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
[email protected]@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
[email protected]@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
[email protected]@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1)
+-- 
+1.7.10.4
+