From: Kevin Darbyshire-Bryant Date: Sat, 20 Jan 2018 08:46:28 +0000 (+0000) Subject: dnsmasq: backport validation fix in dnssec security fix X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=2ae0741f3bd01fd50031959b5635a493628c6df0;p=openwrt%2Fstaging%2Fhauke.git dnsmasq: backport validation fix in dnssec security fix A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant (backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf) --- diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index f09b3a2d97..cd41b5f0ac 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.78 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch index 029e7ea7af..d13ac2cbad 100644 --- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch +++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch @@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC. + int type_covered; + unsigned char *psav = p1; + -+ if (rdlen < 18) ++ if (rdlen1 < 18) + return 0; /* bad packet */ + + GETSHORT(type_covered, p1);