SECURITY FIX for CVE-2010-0308, "Squid DNS Packet Processing

Denial of Service Vulnerability" brad (MAINTAINER) came up with the same diff ok ajacoutot@ sthen@
2010-02-03 06:41:17 +00:00 · 2010-02-03 06:41:17 +00:00 · 82012ecbfd
commit 82012ecbfd
parent 7bfaeca2b9
2 changed files with 22 additions and 1 deletions
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.100 2009/10/30 00:56:57 sthen Exp $
+# $OpenBSD: Makefile,v 1.101 2010/02/03 06:41:17 jasper Exp $

 COMMENT=	WWW and FTP proxy cache and accelerator

 DISTNAME=	squid-2.7.STABLE7
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	www
 MASTER_SITES=	${HOMEPAGE}/Versions/v2/2.7/
 DIST_SUBDIR=	squid
--- a/www/squid/patches/patch-lib_rfc1035_c
+++ b/www/squid/patches/patch-lib_rfc1035_c
@ -0,0 +1,20 @@
+$OpenBSD: patch-lib_rfc1035_c,v 1.1 2010/02/03 06:41:17 jasper Exp $
+
+Security fix for CVE-2010-0308, "Squid DNS Packet Processing
+Denial of Service Vulnerability"
+
+Patch from upstream svn, changeset 12597.
+
+--- lib/rfc1035.c.orig	Tue Feb  2 14:50:56 2010
+++ lib/rfc1035.c	Tue Feb  2 14:51:24 2010
+@@ -286,7 +286,9 @@ rfc1035NameUnpack(const char *buf, size_t sz, int *off
+     size_t len;
+     assert(ns > 0);
+     do {
+-	assert((*off) < sz);
+	if ((*off) >= sz) {
+	    return 1;
+	}
+ 	c = *(buf + (*off));
+ 	if (c > 191) {
+ 	    /* blasted compression */