Opened 9 years ago

Closed 9 years ago

#50530 closed defect (fixed)

dnscrypt-proxy: Malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution.

Reported by: iamGavinJ (GΛVĪN) Owned by: Schamschula (Marius Schamschula)
Priority: High Milestone:
Component: ports Version: 2.3.4
Keywords: haspatch Cc: ryandesign (Ryan Carsten Schmidt)
Port: dnscrypt-proxy

Description

According to (https://github.com/jedisct1/dnscrypt-proxy/releases/tag/1.6.1)

Malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution.

The vulnerable code is present since dnscrypt-proxy 1.1.0.

OpenDNS users and people using dnscrypt-proxy in order to block domain names and IP addresses should upgrade as soon as possible.

Please update the port when possible. Thanks.

Attachments (2)

Portfile (1.5 KB) - added by iamGavinJ (GΛVĪN) 9 years ago.
Portfile.diff (1.3 KB) - added by ryandesign (Ryan Carsten Schmidt) 9 years ago.

Download all attachments as: .zip

Change History (5)

Changed 9 years ago by iamGavinJ (GΛVĪN)

Attachment: Portfile added

comment:1 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: ryandesign@… added
Keywords: haspatch added; Security Vulnerability removed
Owner: changed from macports-tickets@… to mschamschula@…
Summary: Malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution.dnscrypt-proxy: Malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution.

Thanks. In future, please remember to put the port name in the ticket summary; Cc the maintainer of the port so they're notified; attach a unified diff of your changes instead of a complete new portfile, and use the haspatch keyword to indicate that you've done so; respect the existing whitespace of the portfile (in this case, use spaces not tabs); and don't leave commented-out code.

I'm attaching a diff making these changes. Marius, does this look ok?

Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Attachment: Portfile.diff added

comment:2 Changed 9 years ago by Schamschula (Marius Schamschula)

Ryan,

Sorry about that. I just opened a duplicate #50544 with the update to version 1.6.1. I tend to run livecheck before I read my email…

I was not aware of the change in the startupitem.executable options, but they do make sense to me.

comment:3 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: newclosed

I do that too. Committed in r145404.

Note: See TracTickets for help on using tickets.