From adaf1cbcc8b253ea807dbe0416b4b04c33dceadf Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Sat, 20 Jan 2018 08:46:28 +0000
Subject: dnsmasq: backport validation fix in dnssec security fix

A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
 package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'package/network/services/dnsmasq/patches')

diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
index 029e7ea7af..d13ac2cbad 100644
--- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
+++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
@@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC.
 +		       int type_covered;
 +		       unsigned char *psav = p1;
 +		       
-+		       if (rdlen < 18)
++		       if (rdlen1 < 18)
 +			 return 0; /* bad packet */
 +
 +		       GETSHORT(type_covered, p1);
-- 
cgit v1.2.3