- Add a patch to fix CVE-2015-3294

- Bump PORTREVISION PR: 199999 Approved by: mandree@ (maintainer) Obtained from: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8 MFH: 2015Q2 Security: CVE-2015-3294 Sponsored by: Netgate
author: garga <garga@FreeBSD.org> 2015-05-07 03:59:08 +0800
committer: garga <garga@FreeBSD.org> 2015-05-07 03:59:08 +0800
commit: 05b786d552472ad47e7183a3fff59522754b76c7 (patch)
tree: c747e031fa1eea2294129e7fd2d464bef6283f36 /dns
parent: 2dc9249c7eaebdbb6c329a006c5e5873cdd79b20 (diff)
download: freebsd-ports-gnome-05b786d552472ad47e7183a3fff59522754b76c7.tar.gz
freebsd-ports-gnome-05b786d552472ad47e7183a3fff59522754b76c7.tar.zst
freebsd-ports-gnome-05b786d552472ad47e7183a3fff59522754b76c7.zip
2 files changed, 37 insertions, 0 deletions
diff --git a/dns/dnsmasq/Makefile b/dns/dnsmasq/Makefile
index 267cadbd81d2..76a039d4c650 100644
--- a/dns/dnsmasq/Makefile
+++ b/dns/dnsmasq/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	dnsmasq
 DISTVERSION=	2.72
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.thekelleys.org.uk/dnsmasq/ \
diff --git a/dns/dnsmasq/files/patch-CVE-2015-3294 b/dns/dnsmasq/files/patch-CVE-2015-3294
new file mode 100644
index 000000000000..37d25d308ccd
--- /dev/null
+++ b/dns/dnsmasq/files/patch-CVE-2015-3294
@@ -0,0 +1,36 @@
+X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Frfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 7a07b0c..a995ab5 100644
+--- a/src/rfc1035.c
++++ src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
author	garga <garga@FreeBSD.org>	2015-05-07 03:59:08 +0800
committer	garga <garga@FreeBSD.org>	2015-05-07 03:59:08 +0800
commit	05b786d552472ad47e7183a3fff59522754b76c7 (patch)
tree	c747e031fa1eea2294129e7fd2d464bef6283f36 /dns
parent	2dc9249c7eaebdbb6c329a006c5e5873cdd79b20 (diff)
download	freebsd-ports-gnome-05b786d552472ad47e7183a3fff59522754b76c7.tar.gz freebsd-ports-gnome-05b786d552472ad47e7183a3fff59522754b76c7.tar.zst freebsd-ports-gnome-05b786d552472ad47e7183a3fff59522754b76c7.zip