cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SECURITY FIX for CVE-2010-0308, "Squid DNS Packet Processing

Browse Source 
Denial of Service Vulnerability"

brad (MAINTAINER) came up with the same diff
ok ajacoutot@ sthen@
This commit is contained in:
jasper 2010-02-03 06:41:17 +00:00
parent 7bfaeca2b9
commit 82012ecbfd
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/squid/Makefile
View File

@ -1,8 +1,9 @@
# $OpenBSD: Makefile,v 1.100 2009/10/30 00:56:57 sthen Exp $ # $OpenBSD: Makefile,v 1.101 2010/02/03 06:41:17 jasper Exp $
COMMENT= WWW and FTP proxy cache and accelerator COMMENT= WWW and FTP proxy cache and accelerator
DISTNAME= squid-2.7.STABLE7 DISTNAME= squid-2.7.STABLE7
PKGNAME= ${DISTNAME}p0
CATEGORIES= www CATEGORIES= www
MASTER_SITES= ${HOMEPAGE}/Versions/v2/2.7/ MASTER_SITES= ${HOMEPAGE}/Versions/v2/2.7/
DIST_SUBDIR= squid DIST_SUBDIR= squid

20
www/squid/patches/patch-lib_rfc1035_c Normal file
View File

@ -0,0 +1,20 @@
$OpenBSD: patch-lib_rfc1035_c,v 1.1 2010/02/03 06:41:17 jasper Exp $
Security fix for CVE-2010-0308, "Squid DNS Packet Processing
Denial of Service Vulnerability"
Patch from upstream svn, changeset 12597.
--- lib/rfc1035.c.orig Tue Feb 2 14:50:56 2010
+++ lib/rfc1035.c Tue Feb 2 14:51:24 2010
@@ -286,7 +286,9 @@ rfc1035NameUnpack(const char *buf, size_t sz, int *off
size_t len;
assert(ns > 0);
do {
- assert((*off) < sz);
+ if ((*off) >= sz) {
+ return 1;
+ }
c = *(buf + (*off));
if (c > 191) {
/* blasted compression */