dnsmasq: also add the actual patches...
authorSteven Barth <cyrus@openwrt.org>
Mon, 22 Dec 2014 09:52:19 +0000 (09:52 +0000)
committerSteven Barth <cyrus@openwrt.org>
Mon, 22 Dec 2014 09:52:19 +0000 (09:52 +0000)
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43759

package/network/services/dnsmasq/patches/001-fix-dnssec-crash.patch [new file with mode: 0644]
package/network/services/dnsmasq/patches/002-fix-dnssec-edns0-handling.patch [new file with mode: 0644]

diff --git a/package/network/services/dnsmasq/patches/001-fix-dnssec-crash.patch b/package/network/services/dnsmasq/patches/001-fix-dnssec-crash.patch
new file mode 100644 (file)
index 0000000..e41f295
--- /dev/null
@@ -0,0 +1,83 @@
+From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 21 Dec 2014 16:11:52 +0000
+Subject: [PATCH] Fix crash in DNSSEC code when attempting to verify large RRs.
+
+---
+ src/dnssec.c | 27 +++++++++++++++++++--------
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 69bfc29..3208ac7 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -456,16 +456,27 @@ static u16 *get_desc(int type)
+ /* Return bytes of canonicalised rdata, when the return value is zero, the remaining 
+    data, pointed to by *p, should be used raw. */
+-static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, 
++static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
+                    unsigned char **p, u16 **desc)
+ {
+   int d = **desc;
+   
+-  (*desc)++;
+-  
+   /* No more data needs mangling */
+   if (d == (u16)-1)
+-    return 0;
++    {
++      /* If there's more data than we have space for, just return what fits,
++       we'll get called again for more chunks */
++      if (end - *p > bufflen)
++      {
++        memcpy(buff, *p, bufflen);
++        *p += bufflen;
++        return bufflen;
++      }
++      
++      return 0;
++    }
++ 
++  (*desc)++;
+   
+   if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
+     /* domain-name, canonicalise */
+@@ -560,7 +571,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+             if (left1 != 0)
+               memmove(buff1, buff1 + len1 - left1, left1);
+             
+-            if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
++            if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
+               {
+                 quit = 1;
+                 len1 = end1 - p1;
+@@ -571,7 +582,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+             if (left2 != 0)
+               memmove(buff2, buff2 + len2 - left2, left2);
+             
+-            if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
++            if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
+               {
+                 quit = 1;
+                 len2 = end2 - p2;
+@@ -808,7 +819,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+         /* canonicalise rdata and calculate length of same, use name buffer as workspace */
+         cp = p;
+         dp = rr_desc;
+-        for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
++        for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
+         len += end - cp;
+         len = htons(len);
+         hash->update(ctx, 2, (unsigned char *)&len); 
+@@ -816,7 +827,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+         /* Now canonicalise again and digest. */
+         cp = p;
+         dp = rr_desc;
+-        while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
++        while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
+           hash->update(ctx, seg, (unsigned char *)name);
+         if (cp != end)
+           hash->update(ctx, end - cp, cp);
+-- 
+2.1.3
+
diff --git a/package/network/services/dnsmasq/patches/002-fix-dnssec-edns0-handling.patch b/package/network/services/dnsmasq/patches/002-fix-dnssec-edns0-handling.patch
new file mode 100644 (file)
index 0000000..9133c62
--- /dev/null
@@ -0,0 +1,27 @@
+From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 15 Dec 2014 17:50:15 +0000
+Subject: [PATCH] Remove floor on EDNS0 packet size with DNSSEC.
+
+---
+ src/dnsmasq.c | 5 -----
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index bf2e25a..5c7750d 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -87,11 +87,6 @@ int main (int argc, char **argv)
+  
+   if (daemon->edns_pktsz < PACKETSZ)
+     daemon->edns_pktsz = PACKETSZ;
+-#ifdef HAVE_DNSSEC
+-  /* Enforce min packet big enough for DNSSEC */
+-  if (option_bool(OPT_DNSSEC_VALID) && daemon->edns_pktsz < EDNS_PKTSZ)
+-    daemon->edns_pktsz = EDNS_PKTSZ;
+-#endif
+   daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? 
+     daemon->edns_pktsz : DNSMASQ_PACKETSZ;
+-- 
+2.1.3
+