X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fdnsmasq%2Fdnsmasq%2Fstx%2Fdnsmasq-2.76-CVE-2017-14495.patch;fp=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fdnsmasq%2Fdnsmasq%2Fstx%2Fdnsmasq-2.76-CVE-2017-14495.patch;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=8ca5d0f32ecbddd1f0c0d7278594f628cbac2f4c;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git diff --git a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14495.patch b/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14495.patch deleted file mode 100644 index 8ca5d0f..0000000 --- a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14495.patch +++ /dev/null @@ -1,41 +0,0 @@ -From f2ad2cecb55825f7e4409222de1688b9ceebceda Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Mon, 25 Sep 2017 20:16:50 +0100 -Subject: [PATCH 6/9] Security fix, CVE-2017-14495, OOM in DNS response - creation. - - Fix out-of-memory Dos vulnerability. An attacker which can - send malicious DNS queries to dnsmasq can trigger memory - allocations in the add_pseudoheader function - The allocated memory is never freed which leads to a DoS - through memory exhaustion. dnsmasq is vulnerable only - if one of the following option is specified: - --add-mac, --add-cpe-id or --add-subnet. ---- - src/edns0.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/edns0.c b/src/edns0.c -index eed135e..5bdc133 100644 ---- a/src/edns0.c -+++ b/src/edns0.c -@@ -192,9 +192,15 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l - !(p = skip_section(p, - ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount), - header, plen))) -+ { -+ free(buff); - return plen; -+ } - if (p + 11 > limit) -- return plen; /* Too big */ -+ { -+ free(buff); -+ return plen; /* Too big */ -+ } - *p++ = 0; /* empty name */ - PUTSHORT(T_OPT, p); - PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */ --- -2.9.5 -