1 files changed, 48 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14495.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14495.patch
new file mode 100644
index 000000000..31014d102
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14495.patch
@@ -0,0 +1,48 @@
+From e4ae220ee00dcad20a716432badd3210b442ddb4 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:16:50 +0100
+Subject: [PATCH 6/7] Security fix, CVE-2017-14495, OOM in DNS response
+ creation.
+commit 51eadb692a5123b9838e5a68ecace3ac579a3a45 upstream
+git://thekelleys.org.uk/dnsmasq
+Fix out-of-memory Dos vulnerability. An attacker which can
+send malicious DNS queries to dnsmasq can trigger memory
+allocations in the add_pseudoheader function
+The allocated memory is never freed which leads to a DoS
+through memory exhaustion. dnsmasq is vulnerable only
+if one of the following option is specified:
+--add-mac, --add-cpe-id or --add-subnet.
+Upstream-Status: Backport
+Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
+---
+ src/edns0.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+diff --git a/src/edns0.c b/src/edns0.c
+index a2ef0ea..f48c084 100644
+--- a/src/edns0.c
+++ b/src/edns0.c
+@@ -192,9 +192,15 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
+          !(p = skip_section(p, 
+                             ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount), 
+                             header, plen)))
+      {
+       free(buff);
+        return plen;
+      }
+       if (p + 11 > limit)
+-       return plen; /* Too big */
+      {
+        free(buff);
+        return plen; /* Too big */
+      }
+       *p++ = 0; /* empty name */
+       PUTSHORT(T_OPT, p);
+       PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */
+-- 
+2.11.0

diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14495.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14495.patch new file mode 100644 index 000000000..31014d102 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14495.patch
@@ -0,0 +1,48 @@
	1	From e4ae220ee00dcad20a716432badd3210b442ddb4 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Mon, 25 Sep 2017 20:16:50 +0100
	4	Subject: [PATCH 6/7] Security fix, CVE-2017-14495, OOM in DNS response
	5	creation.
	6
	7	commit 51eadb692a5123b9838e5a68ecace3ac579a3a45 upstream
	8	git://thekelleys.org.uk/dnsmasq
	9
	10	Fix out-of-memory Dos vulnerability. An attacker which can
	11	send malicious DNS queries to dnsmasq can trigger memory
	12	allocations in the add_pseudoheader function
	13	The allocated memory is never freed which leads to a DoS
	14	through memory exhaustion. dnsmasq is vulnerable only
	15	if one of the following option is specified:
	16	--add-mac, --add-cpe-id or --add-subnet.
	17
	18	Upstream-Status: Backport
	19
	20	Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
	21	---
	22	src/edns0.c \| 8 +++++++-
	23	1 file changed, 7 insertions(+), 1 deletion(-)
	24
	25	diff --git a/src/edns0.c b/src/edns0.c
	26	index a2ef0ea..f48c084 100644
	27	--- a/src/edns0.c
	28	+++ b/src/edns0.c
	29	@@ -192,9 +192,15 @@ size_t add_pseudoheader(struct dns_header header, size_t plen, unsigned char l
	30	!(p = skip_section(p,
	31	ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
	32	header, plen)))
	33	+ {
	34	+ free(buff);
	35	return plen;
	36	+ }
	37	if (p + 11 > limit)
	38	- return plen; /* Too big */
	39	+ {
	40	+ free(buff);
	41	+ return plen; /* Too big */
	42	+ }
	43	p++ = 0; / empty name */
	44	PUTSHORT(T_OPT, p);
	45	PUTSHORT(udp_sz, p); /* max packet length, 512 if not given in EDNS0 header */
	46	--
	47	2.11.0
	48