projects / platform / upstream / dnsmasq.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 02295c4) | patch
Use SHA-256 to provide security against DNS cache poisoning. 52/252552/1
authorSeonah Moon <seonah1.moon@samsung.com>
Wed, 27 Jan 2021 11:53:38 +0000 (20:53 +0900)
committerSeonah Moon <seonah1.moon@samsung.com>
Fri, 29 Jan 2021 07:45:59 +0000 (16:45 +0900)
commit493e826e42788463feafd38d032e2ba10be8270a
tree3a8a65da3a8715cb1121d620bd0c7c1ee26f7de4tree | snapshot
parent02295c49aa8ffccef0cc4a55cfdd08a542134ea9commit | diff
Use SHA-256 to provide security against DNS cache poisoning.

Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.

Backported for CVE-2020-25685

Change-Id: I4436a08c0ee5d63a97b4ae4f2138b73d74aac7bc
CHANGELOG diff | blob | history
CMakeLists.txt diff | blob | history
Makefile diff | blob | history
bld/Android.mk diff | blob | history
src/dnsmasq.h diff | blob | history
src/dnssec.c diff | blob | history
src/forward.c diff | blob | history
src/hash_questions.c [new file with mode: 0644] blob
src/rfc1035.c diff | blob | history
Domain: Network & Connectivity / Data Network;