dnsmasq: backport validation fix in dnssec security fix
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Sat, 20 Jan 2018 08:46:28 +0000 (08:46 +0000)
committerJo-Philipp Wich <jo@mein.io>
Sat, 20 Jan 2018 13:25:52 +0000 (14:25 +0100)
A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf)

package/network/services/dnsmasq/Makefile
package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch

index f09b3a2d97ad69132d25273431d238b1918233d1..cd41b5f0ac119e4a3082997ed09ccad9721aa6c9 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.78
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
index 029e7ea7af85e34d02ba5d14f4a3fc8d7344f057..d13ac2cbadaac6d12103785f9bada723dd5a02c5 100644 (file)
@@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC.
 +                     int type_covered;
 +                     unsigned char *psav = p1;
 +                     
-+                     if (rdlen < 18)
++                     if (rdlen1 < 18)
 +                       return 0; /* bad packet */
 +
 +                     GETSHORT(type_covered, p1);