NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e1a59357e4
kumquat-buildroot/package/dnsmasq/0002-Fix-DNSSEC-validation-errors-introduced-in-4fe6744a2.patch
Baruch Siach aec658f5d6 dnsmasq: add upstream security fix patches 
Fixes CVE-2017-15107: An attacker can craft an NSEC which wrongly proves
non-existence.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-08 23:04:47 +01:00

30 lines
860 B
Diff
Raw Blame History

From cd7df612b14ec1bf831a966ccaf076be0dae7404 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 20 Jan 2018 00:10:55 +0000
Subject: [PATCH] Fix DNSSEC validation errors introduced in
4fe6744a220eddd3f1749b40cac3dfc510787de6
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: upstream commit cd7df612b14ec
src/dnssec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index a54a0b4f14cf..c47e33569f96 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1610,7 +1610,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
int type_covered;
unsigned char *psav = p1;
- if (rdlen < 18)
+ if (rdlen1 < 18)
return 0; /* bad packet */
GETSHORT(type_covered, p1);
--
2.15.1
Reference in New Issue View Git Blame Copy Permalink