projects / platform / upstream / dnsmasq.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c745346) | patch
Use SHA-256 to provide security against DNS cache poisoning. 48/252548/1
authorSeonah Moon <seonah1.moon@samsung.com>
Wed, 27 Jan 2021 11:53:38 +0000 (20:53 +0900)
committerSeonah Moon <seonah1.moon@samsung.com>
Fri, 29 Jan 2021 07:43:59 +0000 (16:43 +0900)
commitca99963595acb986fba87408dd3b43be8a0fb01e
tree3a8a65da3a8715cb1121d620bd0c7c1ee26f7de4tree | snapshot
parentc74534695e0c5b106d6dde189ef9c0b8b7474edecommit | diff
Use SHA-256 to provide security against DNS cache poisoning.

Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.

Backported for CVE-2020-25685

Change-Id: I4436a08c0ee5d63a97b4ae4f2138b73d74aac7bc
CHANGELOG diff | blob | history
CMakeLists.txt diff | blob | history
Makefile diff | blob | history
bld/Android.mk diff | blob | history
src/dnsmasq.h diff | blob | history
src/dnssec.c diff | blob | history
src/forward.c diff | blob | history
src/hash_questions.c [new file with mode: 0644] blob
src/rfc1035.c diff | blob | history
Domain: Network & Connectivity / Data Network;