openwrtv3/package
Kevin Darbyshire-Bryant ca79337306 dnsmasq: forward.c: fix CVE-2017-13704
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.

answer_request() is called with an invalid edns packet size provided by
the client.  Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"

The client that exposed the problem provided a payload udp size of 0.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-30 17:05:10 +02:00
..
base-files base-files: drop unused preinit_echo function 2017-08-09 23:23:06 +02:00
boot uboot-lantiq: Enable TFTP PUT support for backups 2017-08-18 18:47:27 +02:00
devel toolchain/arc: update to the most recent release arc-2017.03 2017-07-18 23:23:27 +02:00
firmware ath10k-firmware: update qca9887 firmware to 10.2.4-1.0-00029 2017-08-23 16:34:21 +02:00
kernel lantiq: ltq-ptm: fix ADSL showtime handler 2017-08-29 02:20:45 +02:00
libs openssl: update to version 1.0.2l 2017-07-28 23:07:17 +02:00
network dnsmasq: forward.c: fix CVE-2017-13704 2017-08-30 17:05:10 +02:00
system procd: update to latest git HEAD 2017-08-22 21:31:39 +02:00
utils f2fs-tools: fix mkfs.f2fs on big-endian systems 2017-08-25 10:19:06 +03:00
Makefile build: cleanup tmp/ dir of target rootfs 2017-05-02 22:10:50 +08:00