blob: 34baa142f5edf9ae5e5281e2bbf91e80f41b74c5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
From f5ef0f064c3f06b250a9eeda36dc239227658b00 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 6 Mar 2023 23:00:58 +0000
Subject: [PATCH] Fix possible SEGV when no servers defined.
If there exists a --address=/<domain>/ or --server=/<domain>/#
configuration but no upstream server config unqualified by
domain then when a query which doesnt match the domain is
recieved it will use the qualfied server config and in the process
possibly make an out-of-bounds memory access.
Thanks to Daniel Danzberger for spotting the bug.
---
CHANGELOG | 11 +++++++++++
src/domain-match.c | 5 +++--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index de9c5e0..3af20cf 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,14 @@
+version 2.90
+ Fix reversion in --rev-server introduced in 2.88 which
+ caused breakage if the prefix length is not exactly divisible
+ by 8 (IPv4) or 4 (IPv6).
+
+ Fix possible SEGV when there server(s) for a particular
+ domain are configured, but no server which is not qualified
+ for a particular domain. Thanks to Daniel Danzberger for
+ spotting this bug.
+
+
version 2.89
Fix bug introduced in 2.88 (commit fe91134b) which can result
in corruption of the DNS cache internal data structures and
diff --git a/src/domain-match.c b/src/domain-match.c
index fe8e25a..9cc51e6 100644
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -253,9 +253,10 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
if (highout)
*highout = nhigh;
- if (nlow == nhigh)
+ /* qlen == -1 when we failed to match even an empty query, if there are no default servers. */
+ if (nlow == nhigh || qlen == -1)
return 0;
-
+
return 1;
}
--
2.20.1
|
