1 files changed, 69 insertions, 0 deletions
diff --git a/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14495.patch b/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14495.patch
new file mode 100644
index 0000000..ba176a8
--- /dev/null
+++ b/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14495.patch
@@ -0,0 +1,69 @@
+From 51eadb692a5123b9838e5a68ecace3ac579a3a45 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:16:50 +0100
+Subject: [PATCH] Security fix, CVE-2017-14495, OOM in DNS response creation.
+Fix out-of-memory Dos vulnerability. An attacker which can
+send malicious DNS queries to dnsmasq can trigger memory
+allocations in the add_pseudoheader function
+The allocated memory is never freed which leads to a DoS
+through memory exhaustion. dnsmasq is vulnerable only
+if one of the following option is specified:
+--add-mac, --add-cpe-id or --add-subnet.
+CVE: CVE-2017-14495
+Upstream-Status: Backport
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ CHANGELOG   |   12 ++++++++++++
+ src/edns0.c |    8 +++++++-
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+diff --git a/CHANGELOG b/CHANGELOG
+index 8fe00ed..9523329 100644
+--- a/CHANGELOG
+++ b/CHANGELOG
+@@ -70,6 +70,18 @@ version 2.78
+        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
+        and Kevin Hamacher of the Google Security Team for
+        finding this.
+
+       Fix out-of-memory Dos vulnerability. An attacker which can
+       send malicious DNS queries to dnsmasq can trigger memory
+       allocations in the add_pseudoheader function
+       The allocated memory is never freed which leads to a DoS
+       through memory exhaustion. dnsmasq is vulnerable only
+       if one of the following option is specified:
+       --add-mac, --add-cpe-id or --add-subnet.
+       CVE-2017-14495 applies.
+       Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
+       and Kevin Hamacher of the Google Security Team for
+       finding this.
+        
+        
+ version 2.77
+diff --git a/src/edns0.c b/src/edns0.c
+index 95b74ee..89b2692 100644
+--- a/src/edns0.c
+++ b/src/edns0.c
+@@ -192,9 +192,15 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
+          !(p = skip_section(p, 
+                             ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount), 
+                             header, plen)))
+      {
+       free(buff);
+        return plen;
+      }
+       if (p + 11 > limit)
+-       return plen; /* Too big */
+      {
+        free(buff);
+        return plen; /* Too big */
+      }
+       *p++ = 0; /* empty name */
+       PUTSHORT(T_OPT, p);
+       PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */
+-- 
+1.7.10.4

diff --git a/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14495.patch b/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14495.patch new file mode 100644 index 0000000..ba176a8 --- /dev/null +++ b/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14495.patch
@@ -0,0 +1,69 @@
	1	From 51eadb692a5123b9838e5a68ecace3ac579a3a45 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Mon, 25 Sep 2017 20:16:50 +0100
	4	Subject: [PATCH] Security fix, CVE-2017-14495, OOM in DNS response creation.
	5
	6	Fix out-of-memory Dos vulnerability. An attacker which can
	7	send malicious DNS queries to dnsmasq can trigger memory
	8	allocations in the add_pseudoheader function
	9	The allocated memory is never freed which leads to a DoS
	10	through memory exhaustion. dnsmasq is vulnerable only
	11	if one of the following option is specified:
	12	--add-mac, --add-cpe-id or --add-subnet.
	13
	14	CVE: CVE-2017-14495
	15	Upstream-Status: Backport
	16
	17	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	18	---
	19	CHANGELOG \| 12 ++++++++++++
	20	src/edns0.c \| 8 +++++++-
	21	2 files changed, 19 insertions(+), 1 deletion(-)
	22
	23	diff --git a/CHANGELOG b/CHANGELOG
	24	index 8fe00ed..9523329 100644
	25	--- a/CHANGELOG
	26	+++ b/CHANGELOG
	27	@@ -70,6 +70,18 @@ version 2.78
	28	Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
	29	and Kevin Hamacher of the Google Security Team for
	30	finding this.
	31	+
	32	+ Fix out-of-memory Dos vulnerability. An attacker which can
	33	+ send malicious DNS queries to dnsmasq can trigger memory
	34	+ allocations in the add_pseudoheader function
	35	+ The allocated memory is never freed which leads to a DoS
	36	+ through memory exhaustion. dnsmasq is vulnerable only
	37	+ if one of the following option is specified:
	38	+ --add-mac, --add-cpe-id or --add-subnet.
	39	+ CVE-2017-14495 applies.
	40	+ Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
	41	+ and Kevin Hamacher of the Google Security Team for
	42	+ finding this.
	43
	44
	45	version 2.77
	46	diff --git a/src/edns0.c b/src/edns0.c
	47	index 95b74ee..89b2692 100644
	48	--- a/src/edns0.c
	49	+++ b/src/edns0.c
	50	@@ -192,9 +192,15 @@ size_t add_pseudoheader(struct dns_header header, size_t plen, unsigned char l
	51	!(p = skip_section(p,
	52	ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
	53	header, plen)))
	54	+ {
	55	+ free(buff);
	56	return plen;
	57	+ }
	58	if (p + 11 > limit)
	59	- return plen; /* Too big */
	60	+ {
	61	+ free(buff);
	62	+ return plen; /* Too big */
	63	+ }
	64	p++ = 0; / empty name */
	65	PUTSHORT(T_OPT, p);
	66	PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */
	67	--
	68	1.7.10.4
	69