aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRafał Miłecki <zajec5@gmail.com>2015-09-08 11:03:39 +0000
committerRafał Miłecki <zajec5@gmail.com>2015-09-08 11:03:39 +0000
commitd50b854153f9d98e508be44f63ed1b47fe56ef47 (patch)
treed59dfcd9ff23dfcab870cb58f998085e7937ec47
parente58388df5e8f2f273f1e0563a2f04e40dfe10fd4 (diff)
downloadupstream-d50b854153f9d98e508be44f63ed1b47fe56ef47.tar.gz
upstream-d50b854153f9d98e508be44f63ed1b47fe56ef47.tar.bz2
upstream-d50b854153f9d98e508be44f63ed1b47fe56ef47.zip
dnsmasq: backport CVE-2015-3294 security fix
Upstream release 2.73 included CVE-2015-3294 fix, let's backport patch fixing this security issue. This avoids bumping version to 2.73 which introduced many new features. This way we keep dnsmasq safe and don't risk new problems. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46817 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/network/services/dnsmasq/Makefile2
-rw-r--r--package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa37
2 files changed, 38 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 17af3c5d8c..6262dc5475 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_VERSION:=2.71
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa b/package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa
new file mode 100644
index 0000000000..eb3075d1d9
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa
@@ -0,0 +1,37 @@
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 9 Apr 2015 21:48:00 +0100
+Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.
+
+---
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+- unsigned char *p = skip_questions(header, qlen);
++ unsigned char *p;
++
++ if (!(p = skip_questions(header, qlen)))
++ return 0;
+
+ /* clear authoritative and truncated flags, set QR flag */
+ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+ SET_RCODE(header, NOERROR); /* empty domain */
+ else if (flags == F_NXDOMAIN)
+ SET_RCODE(header, NXDOMAIN);
+- else if (p && flags == F_IPV4)
++ else if (flags == F_IPV4)
+ { /* we know the address */
+ SET_RCODE(header, NOERROR);
+ header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+ add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+ }
+ #ifdef HAVE_IPV6
+- else if (p && flags == F_IPV6)
++ else if (flags == F_IPV6)
+ {
+ SET_RCODE(header, NOERROR);
+ header->ancount = htons(1);