- Update inspircd to 2.0.5 [1]

- document CVE-2012-1836 [2] PR: ports/167975 Submitted by: maintainer, feld@feld.me [1], jgh@ [2] Security: CVE-2012-1836
author: jgh <jgh@FreeBSD.org> 2012-05-18 00:52:36 +0800
committer: jgh <jgh@FreeBSD.org> 2012-05-18 00:52:36 +0800
commit: 7d8381eb5add208bdc471d08ba7b79860fe59ae5 (patch)
tree: 3fd7d1aa9753eb6a625f4667312ea7fb0a40c5f6 /irc/inspircd
parent: 400ff4fbf338e465180a6b612de131e2bdcc9c48 (diff)
download: freebsd-ports-gnome-7d8381eb5add208bdc471d08ba7b79860fe59ae5.tar.gz
freebsd-ports-gnome-7d8381eb5add208bdc471d08ba7b79860fe59ae5.tar.zst
freebsd-ports-gnome-7d8381eb5add208bdc471d08ba7b79860fe59ae5.zip
4 files changed, 142 insertions, 7 deletions
diff --git a/irc/inspircd/Makefile b/irc/inspircd/Makefile
index 245445a6dd28..559bebdc0d29 100644
--- a/irc/inspircd/Makefile
+++ b/irc/inspircd/Makefile
@@ -6,15 +6,16 @@
 #
 
 PORTNAME=	inspircd
-PORTVERSION=	2.0.2
-PORTREVISION=	1
+PORTVERSION=	2.0.5
 CATEGORIES=	irc
-MASTER_SITES=	SF/${PORTNAME}/InspIRCd-2.0/${PORTVERSION}
+MASTER_SITES=	http://cloud.github.com/downloads/inspircd/inspircd/
 DISTNAME=	InspIRCd-${PORTVERSION}
 
 MAINTAINER=	feld@feld.me
 COMMENT=	A modular C++ IRC daemon
 
+CONFLICTS=	inspircd-1.*
+
 USE_BZIP2=	yes
 USE_RC_SUBR=	${PORTNAME}
 MAKEFILE=	BSDmakefile
diff --git a/irc/inspircd/distinfo b/irc/inspircd/distinfo
index ff2879382d55..bfc666f95d11 100644
--- a/irc/inspircd/distinfo
+++ b/irc/inspircd/distinfo
@@ -1,2 +1,2 @@
-SHA256 (InspIRCd-2.0.2.tar.bz2) = 2ebd2af56da57d68f779c1f707c804b7a480d50c8c943d440f78732e416ab220
-SIZE (InspIRCd-2.0.2.tar.bz2) = 583791
+SHA256 (InspIRCd-2.0.5.tar.bz2) = 425bf79ae1348b398ce6d2348f6cc8baeebe8125f62337e98c136942223f4fc6
+SIZE (InspIRCd-2.0.5.tar.bz2) = 575852
diff --git a/irc/inspircd/files/patch-src_dns.cpp b/irc/inspircd/files/patch-src_dns.cpp
new file mode 100644
index 000000000000..3f5990254f9a
--- /dev/null
+++ b/irc/inspircd/files/patch-src_dns.cpp
@@ -0,0 +1,135 @@
+--- src/dns.cpp.orig	2012-05-15 21:45:31.840274636 -0500
++++ src/dns.cpp	2012-05-15 21:45:58.653278686 -0500
+@@ -38,6 +49,8 @@
+ #include "configreader.h"
+ #include "socket.h"
+ 
++#define DN_COMP_BITMASK	0xC000		/* highest 6 bits in a DN label header */
++
+ /** Masks to mask off the responses we get from the DNSRequest methods
+  */
+ enum QueryInfo
+@@ -98,7 +111,7 @@
+ 
+ 	DNSRequest(DNS* dns, int id, const std::string &original);
+ 	~DNSRequest();
+-	DNSInfo ResultIsReady(DNSHeader &h, int length);
++	DNSInfo ResultIsReady(DNSHeader &h, unsigned length);
+ 	int SendRequests(const DNSHeader *header, const int length, QueryType qt);
+ };
+ 
+@@ -161,7 +174,10 @@
+ /* Allocate the processing buffer */
+ DNSRequest::DNSRequest(DNS* dns, int rid, const std::string &original) : dnsobj(dns)
+ {
+-	res = new unsigned char[512];
++	/* hardening against overflow here:  make our work buffer twice the theoretical
++	 * maximum size so that hostile input doesn't screw us over.
++	 */
++	res = new unsigned char[sizeof(DNSHeader) * 2];
+ 	*res = 0;
+ 	orig = original;
+ 	RequestTimeout* RT = new RequestTimeout(ServerInstance->Config->dns_timeout ? ServerInstance->Config->dns_timeout : 5, this, rid);
+@@ -688,11 +704,11 @@
+ }
+ 
+ /** A result is ready, process it */
+-DNSInfo DNSRequest::ResultIsReady(DNSHeader &header, int length)
++DNSInfo DNSRequest::ResultIsReady(DNSHeader &header, unsigned length)
+ {
+-	int i = 0;
++	unsigned i = 0, o;
+ 	int q = 0;
+-	int curanswer, o;
++	int curanswer;
+ 	ResourceRecord rr;
+  	unsigned short ptr;
+ 
+@@ -755,7 +771,7 @@
+ 				else i += header.payload[i] + 1; /* skip length and label */
+ 			}
+ 		}
+-		if (length - i < 10)
++		if (static_cast<int>(length - i) < 10)
+ 			return std::make_pair((unsigned char*)NULL,"Incorrectly sized DNS reply");
+ 
+ 		/* XXX: We actually initialise 'rr' here including its ttl field */
+@@ -790,17 +806,37 @@
+ 
+ 	switch (rr.type)
+ 	{
++		/*
++		 * CNAME and PTR are compressed.  We need to decompress them.
++		 */
+ 		case DNS_QUERY_CNAME:
+-			/* CNAME and PTR have the same processing code */
+ 		case DNS_QUERY_PTR:
++		{
++			unsigned short lowest_pos = length;
+ 			o = 0;
+ 			q = 0;
+ 			while (q == 0 && i < length && o + 256 < 1023)
+ 			{
++				/* DN label found (byte over 63) */
+ 				if (header.payload[i] > 63)
+ 				{
+ 					memcpy(&ptr,&header.payload[i],2);
+-					i = ntohs(ptr) - 0xC000 - 12;
++
++					i = ntohs(ptr);
++
++					/* check that highest two bits are set. if not, we've been had */
++					if ((i & DN_COMP_BITMASK) != DN_COMP_BITMASK)
++						return std::make_pair((unsigned char *) NULL, "DN label decompression header is bogus");
++
++					/* mask away the two highest bits. */
++					i &= ~DN_COMP_BITMASK;
++
++					/* and decrease length by 12 bytes. */
++					i -= 12;
++
++					if (i >= lowest_pos)
++						return std::make_pair((unsigned char *) NULL, "Invalid decompression pointer");
++					lowest_pos = i;
+ 				}
+ 				else
+ 				{
+@@ -813,25 +849,35 @@
+ 						res[o] = 0;
+ 						if (o != 0)
+ 							res[o++] = '.';
+-						memcpy(&res[o],&header.payload[i + 1],header.payload[i]);
++
++						if (o + header.payload[i] > sizeof(DNSHeader))
++							return std::make_pair((unsigned char *) NULL, "DN label decompression is impossible -- malformed/hostile packet?");
++
++						memcpy(&res[o], &header.payload[i + 1], header.payload[i]);
+ 						o += header.payload[i];
+ 						i += header.payload[i] + 1;
+ 					}
+ 				}
+ 			}
+ 			res[o] = 0;
++		}
+ 		break;
+ 		case DNS_QUERY_AAAA:
++			if (rr.rdlength != sizeof(struct in6_addr))
++				return std::make_pair((unsigned char *) NULL, "rr.rdlength is larger than 16 bytes for an ipv6 entry -- malformed/hostile packet?");
++
+ 			memcpy(res,&header.payload[i],rr.rdlength);
+ 			res[rr.rdlength] = 0;
+ 		break;
+ 		case DNS_QUERY_A:
++			if (rr.rdlength != sizeof(struct in_addr))
++				return std::make_pair((unsigned char *) NULL, "rr.rdlength is larger than 4 bytes for an ipv4 entry -- malformed/hostile packet?");
++
+ 			memcpy(res,&header.payload[i],rr.rdlength);
+ 			res[rr.rdlength] = 0;
+ 		break;
+ 		default:
+-			memcpy(res,&header.payload[i],rr.rdlength);
+-			res[rr.rdlength] = 0;
++			return std::make_pair((unsigned char *) NULL, "don't know how to handle undefined type (" + ConvToStr(rr.type) + ") -- rejecting");
+ 		break;
+ 	}
+ 	return std::make_pair(res,"No error");
diff --git a/irc/inspircd/pkg-plist b/irc/inspircd/pkg-plist
index af19dee1a38e..26e905ed1910 100644
--- a/irc/inspircd/pkg-plist
+++ b/irc/inspircd/pkg-plist
@@ -207,7 +207,7 @@ lib/inspircd/modules/m_xline_db.so
 @dirrm lib/inspircd/data
 @dirrm lib/inspircd
 @mode 640
-@group %%INSPIRCD_GRP%%
+@group %%GROUPS%%
 @unexec if cmp -s %D/%%ETCDIR%%/inspircd.censor.example %D/%%ETCDIR%%/inspircd.censor; then rm -f %D/%%ETCDIR%%/inspircd.censor; fi
 %%ETCDIR%%/inspircd.censor.example
 @exec if [ ! -f %B/inspircd.censor ] ; then cp -p %D/%F %B/inspircd.censor; fi
@@ -244,4 +244,3 @@ lib/inspircd/modules/m_xline_db.so
 @dirrmtry %%ETCDIR%%
 @mode
 @group
-
author	jgh <jgh@FreeBSD.org>	2012-05-18 00:52:36 +0800
committer	jgh <jgh@FreeBSD.org>	2012-05-18 00:52:36 +0800
commit	7d8381eb5add208bdc471d08ba7b79860fe59ae5 (patch)
tree	3fd7d1aa9753eb6a625f4667312ea7fb0a40c5f6 /irc/inspircd
parent	400ff4fbf338e465180a6b612de131e2bdcc9c48 (diff)
download	freebsd-ports-gnome-7d8381eb5add208bdc471d08ba7b79860fe59ae5.tar.gz freebsd-ports-gnome-7d8381eb5add208bdc471d08ba7b79860fe59ae5.tar.zst freebsd-ports-gnome-7d8381eb5add208bdc471d08ba7b79860fe59ae5.zip