(Sorry for the noise) Before uploading to ftp-master, dnsmasq test packages are available at: deb https://people.debian.org/~santiago/debian santiago-squeeze-lts/ I'll wait two or three days before finishing this upload. Cheers, Santiago
diff -u dnsmasq-2.55/debian/changelog dnsmasq-2.55/debian/changelog
--- dnsmasq-2.55/debian/changelog
+++ dnsmasq-2.55/debian/changelog
@@ -1,3 +1,11 @@
+dnsmasq (2.55-2+deb6u1~1) santiago-squeeze-lts; urgency=medium
+
+ * Non-maintainer upload by the Squeeze LTS team.
+ * Fix CVE-2015-3294: remote attackers could read process memory and cause
+ DoS via malformed DNS requests.
+
+ -- Santiago Ruano Rincón <santiago@riseup.net> Sun, 17 May 2015 10:19:25 +0200
+
dnsmasq (2.55-2) unstable; urgency=high
* Fix crash on double free. (closes: #597205)
only in patch2:
unchanged:
--- dnsmasq-2.55.orig/src/rfc1035.c
+++ dnsmasq-2.55/src/rfc1035.c
@@ -939,7 +939,10 @@
size_t setup_reply(HEADER *header, size_t qlen,
struct all_addr *addrp, unsigned short flags, unsigned long ttl)
{
- unsigned char *p = skip_questions(header, qlen);
+ unsigned char *p;
+
+ if (!(p = skip_questions(header, qlen)))
+ return 0;
header->qr = 1; /* response */
header->aa = 0; /* authoritive */
@@ -954,7 +957,7 @@
header->rcode = NOERROR; /* empty domain */
else if (flags == F_NXDOMAIN)
header->rcode = NXDOMAIN;
- else if (p && flags == F_IPV4)
+ else if (flags == F_IPV4)
{ /* we know the address */
header->rcode = NOERROR;
header->ancount = htons(1);
@@ -962,7 +965,7 @@
add_resource_record(header, NULL, NULL, sizeof(HEADER), &p, ttl, NULL, T_A, C_IN, "4", addrp);
}
#ifdef HAVE_IPV6
- else if (p && flags == F_IPV6)
+ else if (flags == F_IPV6)
{
header->rcode = NOERROR;
header->ancount = htons(1);
Attachment:
signature.asc
Description: Digital signature