openwrt/package/network/services/dnsmasq/patches/0113-Fix-warning-message-logic.patch

From 503f68dbc437df20a45aab440e6fad92062af229 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 15 Jan 2021 21:53:29 +0000
Subject: Fix warning message logic.

---
 src/hash_questions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/hash_questions.c
+++ b/src/hash_questions.c
@@ -43,7 +43,7 @@ unsigned char *hash_questions(struct dns
       static unsigned char dummy[HASH_SIZE];
       static int warned = 0;
 
-      if (warned)
+      if (!warned)
 	my_syslog(LOG_ERR, _("Failed to create SHA-256 hash object"));
       warned = 1;
dnsmasq: Backport some security updates This fixes the following security problems in dnsmasq: * CVE-2020-25681: Dnsmasq versions before 2.83 is susceptible to a heap-based buffer overflow in sort_rrset() when DNSSEC is used. This can allow a remote attacker to write arbitrary data into target device's memory that can lead to memory corruption and other unexpected behaviors on the target device. * CVE-2020-25682: Dnsmasq versions before 2.83 is susceptible to buffer overflow in extract_name() function due to missing length check, when DNSSEC is enabled. This can allow a remote attacker to cause memory corruption on the target device. * CVE-2020-25683: Dnsmasq version before 2.83 is susceptible to a heap-based buffer overflow when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap- allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in Dnsmasq, resulting in a Denial of Service. * CVE-2020-25684: A lack of proper address/port check implemented in Dnsmasq version < 2.83 reply_query function makes forging replies easier to an off-path attacker. * CVE-2020-25685: A lack of query resource name (RRNAME) checks implemented in Dnsmasq's versions before 2.83 reply_query function allows remote attackers to spoof DNS traffic that can lead to DNS cache poisoning. * CVE-2020-25686: Multiple DNS query requests for the same resource name (RRNAME) by Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS traffic, using a birthday attack (RFC 5452), that can lead to DNS cache poisoning. * CVE-2020-25687: Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of Service. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2021-01-11 01:03:03 +01:00			`From 503f68dbc437df20a45aab440e6fad92062af229 Mon Sep 17 00:00:00 2001`
			`From: Simon Kelley <simon@thekelleys.org.uk>`
			`Date: Fri, 15 Jan 2021 21:53:29 +0000`
			`Subject: Fix warning message logic.`

			`---`
			`src/hash_questions.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`--- a/src/hash_questions.c`
			`+++ b/src/hash_questions.c`
			`@@ -43,7 +43,7 @@ unsigned char *hash_questions(struct dns`
			`static unsigned char dummy[HASH_SIZE];`
			`static int warned = 0;`

			`- if (warned)`
			`+ if (!warned)`
			`my_syslog(LOG_ERR, _("Failed to create SHA-256 hash object"));`
			`warned = 1;`