X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fdnsmasq%2Fdnsmasq%2Fstx%2Fdnsmasq-2.76-CVE-2017-14496.patch;fp=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fdnsmasq%2Fdnsmasq%2Fstx%2Fdnsmasq-2.76-CVE-2017-14496.patch;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=f32b91964c4732e1f7910f7116036f1083963797;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git

diff --git a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14496.patch b/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14496.patch
deleted file mode 100644
index f32b919..0000000
--- a/meta-starlingx/meta-stx-integ/recipes-support/dnsmasq/dnsmasq/stx/dnsmasq-2.76-CVE-2017-14496.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 5ab67e936085a9e584c9b3e43f442ef5bee7f40e Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Mon, 25 Sep 2017 20:11:58 +0100
-Subject: [PATCH 5/9]     Security fix, CVE-2017-14496, Integer underflow in
- DNS response creation.
-
-    Fix DoS in DNS. Invalid boundary checks in the
-    add_pseudoheader function allows a memcpy call with negative
-    size An attacker which can send malicious DNS queries
-    to dnsmasq can trigger a DoS remotely.
-    dnsmasq is vulnerable only if one of the following option is
-    specified: --add-mac, --add-cpe-id or --add-subnet.
----
- src/edns0.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/src/edns0.c b/src/edns0.c
-index d2b514b..eed135e 100644
---- a/src/edns0.c
-+++ b/src/edns0.c
-@@ -144,7 +144,7 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
- 	  GETSHORT(len, p);
- 	  
- 	  /* malformed option, delete the whole OPT RR and start again. */
--	  if (i + len > rdlen)
-+	  if (i + 4 + len > rdlen)
- 	    {
- 	      rdlen = 0;
- 	      is_last = 0;
-@@ -193,6 +193,8 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
- 			     ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount), 
- 			     header, plen)))
- 	return plen;
-+      if (p + 11 > limit)
-+       return plen; /* Too big */
-       *p++ = 0; /* empty name */
-       PUTSHORT(T_OPT, p);
-       PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */
-@@ -204,6 +206,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
-       /* Copy back any options */
-       if (buff)
- 	{
-+          if (p + rdlen > limit)
-+          {
-+            free(buff);
-+            return plen; /* Too big */
-+          }
- 	  memcpy(p, buff, rdlen);
- 	  free(buff);
- 	  p += rdlen;
-@@ -217,8 +224,12 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
-   /* Add new option */
-   if (optno != 0 && replace != 2)
-     {
-+      if (p + 4 > limit)
-+       return plen; /* Too big */
-       PUTSHORT(optno, p);
-       PUTSHORT(optlen, p);
-+      if (p + optlen > limit)
-+       return plen; /* Too big */
-       memcpy(p, opt, optlen);
-       p += optlen;  
-       PUTSHORT(p - datap, lenp);
--- 
-2.9.5
-