aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2018-01-20 08:46:28 +0000
committerJo-Philipp Wich <jo@mein.io>2018-01-20 14:22:39 +0100
commitadaf1cbcc8b253ea807dbe0416b4b04c33dceadf (patch)
tree970eab721ae24f7c6b479be1616a1a6949c155de
parenta3198061f80a7f3933810cd99206b085e4cf49f9 (diff)
downloadupstream-adaf1cbcc8b253ea807dbe0416b4b04c33dceadf.tar.gz
upstream-adaf1cbcc8b253ea807dbe0416b4b04c33dceadf.tar.bz2
upstream-adaf1cbcc8b253ea807dbe0416b4b04c33dceadf.zip
dnsmasq: backport validation fix in dnssec security fix
A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
-rw-r--r--package/network/services/dnsmasq/Makefile2
-rw-r--r--package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 3ef7a317d4..7ba7d56b52 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_VERSION:=2.78
-PKG_RELEASE:=9
+PKG_RELEASE:=10
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
index 029e7ea7af..d13ac2cbad 100644
--- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
+++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
@@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC.
+ int type_covered;
+ unsigned char *psav = p1;
+
-+ if (rdlen < 18)
++ if (rdlen1 < 18)
+ return 0; /* bad packet */
+
+ GETSHORT(type_covered, p1);