1 files changed, 30 insertions, 0 deletions

diff --git a/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
new file mode 100644
index 000000000000..a9506af8ef95
--- /dev/null
+++ b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
@@ -0,0 +1,30 @@
+diff -ru pdns-4.0.4.orig/pdns/ws-auth.cc pdns-4.0.4/pdns/ws-auth.cc
+--- pdns-4.0.4.orig/pdns/ws-auth.cc	2017-06-22 22:07:25.000000000 +0200
++++ pdns-4.0.4/pdns/ws-auth.cc	2017-11-02 18:07:20.986764858 +0100
+@@ -860,7 +860,7 @@
+ static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
+   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+ 
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   UeberBackend B;
+@@ -879,7 +879,7 @@
+ static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
+   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+ 
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   UeberBackend B;
+@@ -1191,7 +1191,7 @@
+ }
+ 
+ void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   DNSName canon = apiNameToDNSName(req->getvars["domain"]);