From adaf1cbcc8b253ea807dbe0416b4b04c33dceadf Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sat, 20 Jan 2018 08:46:28 +0000 Subject: [PATCH] dnsmasq: backport validation fix in dnssec security fix A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 2 +- .../network/services/dnsmasq/patches/270-dnssec-wildcards.patch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 3ef7a317d47..7ba7d56b526 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.78 -PKG_RELEASE:=9 +PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch index 029e7ea7af8..d13ac2cbada 100644 --- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch +++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch @@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC. + int type_covered; + unsigned char *psav = p1; + -+ if (rdlen < 18) ++ if (rdlen1 < 18) + return 0; /* bad packet */ + + GETSHORT(type_covered, p1);