From hg@cally.queue.to  Thu Mar  5 23:14:03 2009
Return-Path: <hg@cally.queue.to>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DA48F106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Mar 2009 23:14:03 +0000 (UTC)
	(envelope-from hg@cally.queue.to)
Received: from pickle.queue.to (pickle.queue.to [71.180.69.18])
	by mx1.freebsd.org (Postfix) with ESMTP id 80AE88FC08
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Mar 2009 23:14:03 +0000 (UTC)
	(envelope-from hg@cally.queue.to)
Received: (qmail 61969 invoked from network); 5 Mar 2009 17:47:21 -0500
Received: from cally.queue.to (172.16.0.6)
  by  with ESMTP; 5 Mar 2009 17:47:21 -0500
Received: (qmail 99423 invoked by uid 1000); 5 Mar 2009 17:47:21 -0500
Message-Id: <20090305224721.99422.qmail@cally.queue.to>
Date: 5 Mar 2009 17:47:21 -0500
From: Howard Goldstein <hg@queue.to>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: dns/djbdns (PATCH) dns/djbdns authority poisoning
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         132349
>Category:       ports
>Synopsis:       dns/djbdns (PATCH) dns/djbdns authority poisoning
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    roam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 05 23:20:02 UTC 2009
>Closed-Date:    Fri Mar 06 16:21:09 UTC 2009
>Last-Modified:  Fri Mar  6 16:30:10 UTC 2009
>Originator:     Howard Goldstein
>Release:        FreeBSD 7.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD cally.queue.to 7.1-STABLE FreeBSD 7.1-STABLE #0: Mon Feb 16 12:31:40 EST 2009 hg@cally.queue.to:/usr/obj/usr/src/sys/CALLY i386


	
>Description:
	
Dempsky reports and DJB confirms authority poisoning vulnerability in 
some tinydns/axfrdns configurations.  See for ex.
http://article.gmane.org/gmane.comp.security.bugtraq/39157


Maintainer, please update.  Thanks!

>How-To-Repeat:
	

See Dempsky's bugtraq email
>Fix:

	

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	dns/djbdns/files/patch-dempsky.response-boundsck
#
echo x - dns/djbdns/files/patch-dempsky.response-boundsck
sed 's/^X//' >dns/djbdns/files/patch-dempsky.response-boundsck << 'aa16f48be84c6056ed15e3d3ca7179c8'
X--- response.c.orig	2001-02-11 16:11:45.000000000 -0500
X+++ response.c	2009-03-05 17:15:10.000000000 -0500
X@@ -34,7 +34,7 @@
X         uint16_pack_big(buf,49152 + name_ptr[i]);
X         return response_addbytes(buf,2);
X       }
X-    if (dlen <= 128)
X+    if ((dlen <= 128) && (response_len < 16384))
X       if (name_num < NAMES) {
X 	byte_copy(name[name_num],dlen,d);
X 	name_ptr[name_num] = response_len;
aa16f48be84c6056ed15e3d3ca7179c8
exit


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->roam 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Mar 5 23:20:12 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=132349 
State-Changed-From-To: open->closed 
State-Changed-By: roam 
State-Changed-When: Fri Mar 6 16:20:56 UTC 2009 
State-Changed-Why:  
I've just committed a very similar patch.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=132349 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/132349: commit references a PR
Date: Fri,  6 Mar 2009 16:20:26 +0000 (UTC)

 roam        2009-03-06 16:20:17 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/djbdns           Makefile 
   Added files:
     dns/djbdns/files     patch-response.c 
   Log:
   Fix the AXFR subdomain overwrite vulnerability discovered by
   Matthew Dempsky.  Also, fix the quoting of the BROKEN messages.
   
   PR:             132366, 132349
   Submitted by:   Renato Botelho <garga@FreeBSD.org>,
                   Howard Goldstein <hg@queue.to>
   
   Revision  Changes    Path
   1.34      +3 -3      ports/dns/djbdns/Makefile
   1.1       +11 -0     ports/dns/djbdns/files/patch-response.c (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
