dnsmasq: add version 2.76 and align with stx 3.0

[pti/rtp.git] / meta-stx / recipes-support / dnsmasq / dnsmasq / stx / dnsmasq-2.76-CVE-2017-14494.patch

diff --git a/meta-stx/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14494.patch b/meta-stx/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14494.patch
new file mode 100644 (file)
index 0000000..3743a32
--- /dev/null
+++ b/meta-stx/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14494.patch
@@ -0,0 +1,30 @@
+From 8c8fe650dc17aad0fbafc920fde719218dc4568d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:05:11 +0100
+Subject: [PATCH 4/9]     Security fix, CVE-2017-14494, Infoleak handling
+ DHCPv6 forwarded requests.
+
+    Fix information leak in DHCPv6. A crafted DHCPv6 packet can
+    cause dnsmasq to forward memory from outside the packet
+    buffer to a DHCPv6 server when acting as a relay.
+---
+ src/rfc3315.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 8d18a28..03b3f84 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+   
+   for (opt = opts; opt; opt = opt6_next(opt, end))
+     {
++      if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
++        return 0;
++      }
+       int o = new_opt6(opt6_type(opt));
+       if (opt6_type(opt) == OPTION6_RELAY_MSG)
+       {
+-- 
+2.9.5
+