dnsmasq: backport CVE-2015-3294 security fix
authorRafał Miłecki <zajec5@gmail.com>
Tue, 8 Sep 2015 11:03:39 +0000 (11:03 +0000)
committerRafał Miłecki <zajec5@gmail.com>
Tue, 8 Sep 2015 11:03:39 +0000 (11:03 +0000)
Upstream release 2.73 included CVE-2015-3294 fix, let's backport patch
fixing this security issue.
This avoids bumping version to 2.73 which introduced many new features.
This way we keep dnsmasq safe and don't risk new problems.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 46817

package/network/services/dnsmasq/Makefile
package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa [new file with mode: 0644]

index 17af3c5d8cbdf02c67c86defc40c206d624a40b9..6262dc5475b957b7ecc1b854c339f35db9529f58 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.71
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa b/package/network/services/dnsmasq/patches/003-Fix-crash-on-receipt-of-certa
new file mode 100644 (file)
index 0000000..eb3075d
--- /dev/null
@@ -0,0 +1,37 @@
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 9 Apr 2015 21:48:00 +0100
+Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.
+
+---
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+               struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);