Re: squeeze update of dnsmasq?

Fri, 15 May 2015 07:25:16 -0700 

Hi Simon,

On Thu, May 14, 2015 at 09:57:24PM +0100, Simon Kelley wrote:
> Hi Raphael.
> 
> I'm over-committed trying to get the long-overdue 2.73 release of
> dnsmasq out at the moment, so if the LTS team could handle the Debian
> mechanics of this, that would really  help me.
> 

In that case, I can take care of it.

> I can confirm that the patch which fixes the issue is here
> 
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/rfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9
> 
> 
> The are three hunks in that patch, and hunks 1 and 3 apply to 2.55. (the
> version in squeeze) Hunk 2 is rejected by patch: this can be ignored, it
> simply removes a check which is now done more completely at the start of
> the function.
> 

I'm attaching the clean patch to fix CVE-2015-3294.

Regards,

Santiago


diff --git a/src/rfc1035.c b/src/rfc1035.c
index 3289bf3..2a376f3 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -939,7 +939,10 @@ unsigned short extract_request(HEADER *header, size_t qlen, char *name, unsigned
 size_t setup_reply(HEADER *header, size_t qlen,
 		struct all_addr *addrp, unsigned short flags, unsigned long ttl)
 {
-  unsigned char *p = skip_questions(header, qlen);
+  unsigned char *p;
+
+  if (!(p = skip_questions(header, qlen)))
+    return 0;
   
   header->qr = 1; /* response */
   header->aa = 0; /* authoritive */
@@ -954,7 +957,7 @@ size_t setup_reply(HEADER *header, size_t qlen,
     header->rcode = NOERROR; /* empty domain */
   else if (flags == F_NXDOMAIN)
     header->rcode = NXDOMAIN;
-  else if (p && flags == F_IPV4)
+  else if (flags == F_IPV4)
     { /* we know the address */
       header->rcode = NOERROR;
       header->ancount = htons(1);
@@ -962,7 +965,7 @@ size_t setup_reply(HEADER *header, size_t qlen,
       add_resource_record(header, NULL, NULL, sizeof(HEADER), &p, ttl, NULL, T_A, C_IN, "4", addrp);
     }
 #ifdef HAVE_IPV6
-  else if (p && flags == F_IPV6)
+  else if (flags == F_IPV6)
     {
       header->rcode = NOERROR;
       header->ancount = htons(1);

Attachment: signature.asc
Description: Digital signature

Reply via email to