[openwrt/openwrt] dnsmasq: backport validation fix in dnssec security fix

LEDE Commits lede-commits at lists.infradead.org
Sat Jan 20 05:26:29 PST 2018


jow pushed a commit to openwrt/openwrt.git, branch lede-17.01:
https://git.lede-project.org/2ae0741f3bd01fd50031959b5635a493628c6df0

commit 2ae0741f3bd01fd50031959b5635a493628c6df0
Author: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
AuthorDate: Sat Jan 20 08:46:28 2018 +0000

    dnsmasq: backport validation fix in dnssec security fix
    
    A DNSSEC validation error was introduced in the fix for CVE-2017-15107
    
    Backport the upstream fix to the fix (a simple typo)
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
    (backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf)
---
 package/network/services/dnsmasq/Makefile                           | 2 +-
 package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index f09b3a2..cd41b5f 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.78
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
index 029e7ea..d13ac2c 100644
--- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
+++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
@@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC.
 +		       int type_covered;
 +		       unsigned char *psav = p1;
 +		       
-+		       if (rdlen < 18)
++		       if (rdlen1 < 18)
 +			 return 0; /* bad packet */
 +
 +		       GETSHORT(type_covered, p1);



More information about the lede-commits mailing list