X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fdnsmasq%2Fdnsmasq%2Fstx%2Fdnsmasq-2.76-CVE-2017-14491-2.patch;fp=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fdnsmasq%2Fdnsmasq%2Fstx%2Fdnsmasq-2.76-CVE-2017-14491-2.patch;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=393556619453abd29506edb4ecfaef23b92e6f2c;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git

diff --git a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14491-2.patch b/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14491-2.patch
deleted file mode 100644
index 3935566..0000000
--- a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14491-2.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 62cb936cb7ad5f219715515ae7d32dd281a5aa1f Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Tue, 26 Sep 2017 22:00:11 +0100
-Subject: Security fix, CVE-2017-14491, DNS heap buffer overflow.
-
-Further fix to 0549c73b7ea6b22a3c49beb4d432f185a81efcbc
-Handles case when RR name is not a pointer to the question,
-only occurs for some auth-mode replies, therefore not
-detected by fuzzing (?)
----
- src/rfc1035.c | 27 +++++++++++++++------------
- 1 file changed, 15 insertions(+), 12 deletions(-)
-
-diff --git a/src/rfc1035.c b/src/rfc1035.c
-index 27af023..56ab88b 100644
---- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -1086,32 +1086,35 @@ int add_resource_record(struct dns_header *header, char *limit, int *truncp, int
- 
-   va_start(ap, format);   /* make ap point to 1st unamed argument */
- 
--  /* nameoffset (1 or 2) + type (2) + class (2) + ttl (4) + 0 (2) */
--  CHECK_LIMIT(12);
--
-   if (nameoffset > 0)
-     {
-+      CHECK_LIMIT(2);
-       PUTSHORT(nameoffset | 0xc000, p);
-     }
-   else
-     {
-       char *name = va_arg(ap, char *);
--      if (name)
--	p = do_rfc1035_name(p, name, limit);
--        if (!p)
--          {
--            va_end(ap);
--            goto truncated;
--          }
--
-+      if (name && !(p = do_rfc1035_name(p, name, limit)))
-+	{
-+	  va_end(ap);
-+	  goto truncated;
-+	}
-+      
-       if (nameoffset < 0)
- 	{
-+	  CHECK_LIMIT(2);
- 	  PUTSHORT(-nameoffset | 0xc000, p);
- 	}
-       else
--	*p++ = 0;
-+	{
-+	  CHECK_LIMIT(1);
-+	  *p++ = 0;
-+	}
-     }
- 
-+  /* type (2) + class (2) + ttl (4) + rdlen (2) */
-+  CHECK_LIMIT(10);
-+  
-   PUTSHORT(type, p);
-   PUTSHORT(class, p);
-   PUTLONG(ttl, p);      /* TTL */
--- 
-2.7.4
-