1 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch
new file mode 100644
index 000000000..19949314c
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch
@@ -0,0 +1,37 @@
+From 6a0e7dbac67a8393e4505e593e5c46544c53eae0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 18:47:15 +0100
+Subject: [PATCH 2/7] Security fix, CVE-2017-14492, DHCPv6 RA heap overflow.
+commit 24036ea507862c7b7898b68289c8130f85599c10 upstream
+git://thekelleys.org.uk/dnsmasq
+Fix heap overflow in IPv6 router advertisement code.
+This is a potentially serious security hole, as a
+crafted RA request can overflow a buffer and crash or
+control dnsmasq. Attacker must be on the local network.
+Upstream-Status: Backport
+Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
+---
+ src/radv.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/src/radv.c b/src/radv.c
+index 749b666..d09fe0e 100644
+--- a/src/radv.c
+++ b/src/radv.c
+@@ -198,6 +198,9 @@ void icmp6_packet(time_t now)
+       /* look for link-layer address option for logging */
+       if (sz >= 16 && packet[8] == ICMP6_OPT_SOURCE_MAC && (packet[9] * 8) + 8 <= sz)
+        {
+         if ((packet[9] * 8 - 2) * 3 - 1 >= MAXDNAME) {
+           return;
+         }
+          print_mac(daemon->namebuff, &packet[10], (packet[9] * 8) - 2);
+          mac = daemon->namebuff;
+        }
+-- 
+2.11.0

diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch new file mode 100644 index 000000000..19949314c --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch
@@ -0,0 +1,37 @@
	1	From 6a0e7dbac67a8393e4505e593e5c46544c53eae0 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Mon, 25 Sep 2017 18:47:15 +0100
	4	Subject: [PATCH 2/7] Security fix, CVE-2017-14492, DHCPv6 RA heap overflow.
	5
	6	commit 24036ea507862c7b7898b68289c8130f85599c10 upstream
	7	git://thekelleys.org.uk/dnsmasq
	8
	9	Fix heap overflow in IPv6 router advertisement code.
	10	This is a potentially serious security hole, as a
	11	crafted RA request can overflow a buffer and crash or
	12	control dnsmasq. Attacker must be on the local network.
	13
	14	Upstream-Status: Backport
	15
	16	Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
	17	---
	18	src/radv.c \| 3 +++
	19	1 file changed, 3 insertions(+)
	20
	21	diff --git a/src/radv.c b/src/radv.c
	22	index 749b666..d09fe0e 100644
	23	--- a/src/radv.c
	24	+++ b/src/radv.c
	25	@@ -198,6 +198,9 @@ void icmp6_packet(time_t now)
	26	/* look for link-layer address option for logging */
	27	if (sz >= 16 && packet[8] == ICMP6_OPT_SOURCE_MAC && (packet[9] * 8) + 8 <= sz)
	28	{
	29	+ if ((packet[9] * 8 - 2) * 3 - 1 >= MAXDNAME) {
	30	+ return;
	31	+ }
	32	print_mac(daemon->namebuff, &packet[10], (packet[9] * 8) - 2);
	33	mac = daemon->namebuff;
	34	}
	35	--
	36	2.11.0
	37