From: Kevin Darbyshire-Bryant Date: Fri, 8 Sep 2017 07:56:34 +0000 (+0100) Subject: dnsmasq: backport arcount edns0 fix X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=5629904ea8753e2b399413074174bf18a88b84f8;p=openwrt%2Fstaging%2Flynxis.git dnsmasq: backport arcount edns0 fix Don't return arcount=1 if EDNS0 RR won't fit in the packet. Omitting the EDNS0 RR but setting arcount gives a malformed packet. Also, don't accept UDP packet size less than 512 in received EDNS0. Signed-off-by: Kevin Darbyshire-Bryant --- diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index d200d1d9e9..57870a53b6 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.77 -PKG_RELEASE:=11 +PKG_RELEASE:=12 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/patches/030-fix-arcount-edns0-behaviour.patch b/package/network/services/dnsmasq/patches/030-fix-arcount-edns0-behaviour.patch new file mode 100644 index 0000000000..fffc8de6c4 --- /dev/null +++ b/package/network/services/dnsmasq/patches/030-fix-arcount-edns0-behaviour.patch @@ -0,0 +1,44 @@ +From a3303e196e5d304ec955c4d63afb923ade66c6e8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 7 Sep 2017 20:45:00 +0100 +Subject: [PATCH] Don't return arcount=1 if EDNS0 RR won't fit in the packet. + +Omitting the EDNS0 RR but setting arcount gives a malformed packet. +Also, don't accept UDP packet size less than 512 in recieved EDNS0. +--- + src/edns0.c | 5 ++++- + src/forward.c | 2 ++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/edns0.c b/src/edns0.c +index 3fde17f..f5b798c 100644 +--- a/src/edns0.c ++++ b/src/edns0.c +@@ -208,7 +208,10 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l + free(buff); + p += rdlen; + } +- header->arcount = htons(ntohs(header->arcount) + 1); ++ ++ /* Only bump arcount if RR is going to fit */ ++ if (((ssize_t)optlen) <= (limit - (p + 4))) ++ header->arcount = htons(ntohs(header->arcount) + 1); + } + + if (((ssize_t)optlen) > (limit - (p + 4))) +diff --git a/src/forward.c b/src/forward.c +index e3fa94b..942b02d 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1412,6 +1412,8 @@ void receive_query(struct listener *listen, time_t now) + defaults to 512 */ + if (udp_size > daemon->edns_pktsz) + udp_size = daemon->edns_pktsz; ++ else if (udp_size < PACKETSZ) ++ udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ + } + + #ifdef HAVE_AUTH +-- +1.7.10.4 +