From: Kevin Darbyshire-Bryant Date: Sat, 20 Jan 2018 08:46:28 +0000 (+0000) Subject: dnsmasq: backport validation fix in dnssec security fix X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=adaf1cbcc8b253ea807dbe0416b4b04c33dceadf;p=openwrt%2Fstaging%2Fdedeckeh.git dnsmasq: backport validation fix in dnssec security fix A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant --- diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 3ef7a317d4..7ba7d56b52 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.78 -PKG_RELEASE:=9 +PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch index 029e7ea7af..d13ac2cbad 100644 --- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch +++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch @@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC. + int type_covered; + unsigned char *psav = p1; + -+ if (rdlen < 18) ++ if (rdlen1 < 18) + return 0; /* bad packet */ + + GETSHORT(type_covered, p1);