Code Review / pti / rtp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
meta-starlingx: remove the upstream layer
[pti/rtp.git] / meta-starlingx / meta-stx-integ / recipes-support / dnsmasq / dnsmasq / stx / dnsmasq-2.76-CVE-2017-14496.patch
diff --git a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14496.patch b/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14496.patch
deleted file mode 100644 (file)
index f32b919..0000000
--- a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14496.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 5ab67e936085a9e584c9b3e43f442ef5bee7f40e Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Mon, 25 Sep 2017 20:11:58 +0100
-Subject: [PATCH 5/9]     Security fix, CVE-2017-14496, Integer underflow in
- DNS response creation.
-
-    Fix DoS in DNS. Invalid boundary checks in the
-    add_pseudoheader function allows a memcpy call with negative
-    size An attacker which can send malicious DNS queries
-    to dnsmasq can trigger a DoS remotely.
-    dnsmasq is vulnerable only if one of the following option is
-    specified: --add-mac, --add-cpe-id or --add-subnet.
----
- src/edns0.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/src/edns0.c b/src/edns0.c
-index d2b514b..eed135e 100644
---- a/src/edns0.c
-+++ b/src/edns0.c
-@@ -144,7 +144,7 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
-         GETSHORT(len, p);
-         
-         /* malformed option, delete the whole OPT RR and start again. */
--        if (i + len > rdlen)
-+        if (i + 4 + len > rdlen)
-           {
-             rdlen = 0;
-             is_last = 0;
-@@ -193,6 +193,8 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
-                            ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount), 
-                            header, plen)))
-       return plen;
-+      if (p + 11 > limit)
-+       return plen; /* Too big */
-       *p++ = 0; /* empty name */
-       PUTSHORT(T_OPT, p);
-       PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */
-@@ -204,6 +206,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
-       /* Copy back any options */
-       if (buff)
-       {
-+          if (p + rdlen > limit)
-+          {
-+            free(buff);
-+            return plen; /* Too big */
-+          }
-         memcpy(p, buff, rdlen);
-         free(buff);
-         p += rdlen;
-@@ -217,8 +224,12 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
-   /* Add new option */
-   if (optno != 0 && replace != 2)
-     {
-+      if (p + 4 > limit)
-+       return plen; /* Too big */
-       PUTSHORT(optno, p);
-       PUTSHORT(optlen, p);
-+      if (p + optlen > limit)
-+       return plen; /* Too big */
-       memcpy(p, opt, optlen);
-       p += optlen;  
-       PUTSHORT(p - datap, lenp);
--- 
-2.9.5
-
Performance Tuned Infrastructure