projects / platform / upstream / dnsmasq.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 113f0c9) | patch
Use SHA-256 to provide security against DNS cache poisoning. 56/252556/1
authorSeonah Moon <seonah1.moon@samsung.com>
Wed, 27 Jan 2021 11:53:38 +0000 (20:53 +0900)
committerSeonah Moon <seonah1.moon@samsung.com>
Fri, 29 Jan 2021 07:48:33 +0000 (16:48 +0900)
commit01e4051d3cc3dc8fc9d58ee5a3c308467b9f3d73
tree3a8a65da3a8715cb1121d620bd0c7c1ee26f7de4tree | snapshot
parent113f0c9289e9c26fd2c55ff436162e2b59345393commit | diff
Use SHA-256 to provide security against DNS cache poisoning.

Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.

Backported for CVE-2020-25685

Change-Id: I4436a08c0ee5d63a97b4ae4f2138b73d74aac7bc
CHANGELOG diff | blob | history
CMakeLists.txt diff | blob | history
Makefile diff | blob | history
bld/Android.mk diff | blob | history
src/dnsmasq.h diff | blob | history
src/dnssec.c diff | blob | history
src/forward.c diff | blob | history
src/hash_questions.c [new file with mode: 0644] blob
src/rfc1035.c diff | blob | history
Domain: Network & Connectivity / Data Network;