summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Seonah Moon [Thu, 28 Jan 2021 02:07:50 +0000 (11:07 +0900)]
Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
independently. This is, in theory, inefficent but in practise
not a problem, _except_ that is means that an answer for any
of the forwarded queries will be accepted and cached.
An attacker can send a query multiple times, and for each repeat,
another {port, ID} becomes capable of accepting the answer he is
sending in the blind, to random IDs and ports. The chance of a
succesful attack is therefore multiplied by the number of repeats
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
clients who asked. Refer: CERT VU#434904.
Backported for CVE-2020-25686
Change-Id: I2b4dfd8ff28b72ad67da4eacf2a8baa98d7eb5d9
Seonah Moon [Wed, 27 Jan 2021 11:53:38 +0000 (20:53 +0900)]
Use SHA-256 to provide security against DNS cache poisoning.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
Backported for CVE-2020-25685
Change-Id: I4436a08c0ee5d63a97b4ae4f2138b73d74aac7bc
Seonah Moon [Wed, 27 Jan 2021 11:32:53 +0000 (20:32 +0900)]
Check destination of DNS UDP query replies.
At any time, dnsmasq will have a set of sockets open, bound to
random ports, on which it sends queries to upstream nameservers.
This patch fixes the existing problem that a reply for ANY in-flight
query would be accepted via ANY open port, which increases the
chances of an attacker flooding answers "in the blind" in an
attempt to poison the DNS cache. CERT VU#434904 refers.
Backported for CVE-2020-25684
Change-Id: I11790b18ad6e179a6f3f47fee310cd00ab3c7cdd
Seonah Moon [Wed, 27 Jan 2021 08:16:05 +0000 (17:16 +0900)]
Fix remote buffer overflow CERT VU#434904
The problem is in the sort_rrset() function and allows a remote
attacker to overwrite memory. Any dnsmasq instance with DNSSEC
enabled is vulnerable.
Backported for
CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687
Change-Id: If6e31a6418c113c7e390166ea32378eb1d9a5470
Seonah Moon [Fri, 15 Jun 2018 05:33:36 +0000 (14:33 +0900)]
Fix crash issue
SIGBUS crash has occured when ipv6 address is copied.
Change-Id: Ie58721f2f8aa909c61d97c7640f0897bfdb5383e
Seonah Moon [Thu, 21 Jun 2018 07:36:11 +0000 (16:36 +0900)]
Update to 2.79
Change-Id: I36382b896dd583a66872d458f1c3b55461a9e95d
Seonah Moon [Thu, 21 Jun 2018 06:44:41 +0000 (15:44 +0900)]
Imported Upstream version 2.79
Change-Id: I9a2f4c945e0481ab803bdf0c85921433f33a9256
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 16 Oct 2017 07:48:06 +0000 (16:48 +0900)]
Security fix, CVE-2017-14496, Integer underflow in DNS response creation.
Fix DoS in DNS. Invalid boundary checks in the
add_pseudoheader function allows a memcpy call with negative
size An attacker which can send malicious DNS queries
to dnsmasq can trigger a DoS remotely.
dnsmasq is vulnerable only if one of the following option is
specified: --add-mac, --add-cpe-id or --add-subnet.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
897c113fda0886a28a986cc6ba17bb93bd6cb1c7
Change-Id: I4171560a179639755a115abfc381f03aa54f3bab
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 16 Oct 2017 07:00:26 +0000 (16:00 +0900)]
Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
33e3f1029c9ec6c63e430ff51063a6301d4b2262
Change-Id: Ia97bfc821fdb07ed599e4b4fa177280e0e52c8fa
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 16 Oct 2017 06:22:30 +0000 (15:22 +0900)]
Fix CVE-2017-13704, which resulted in a crash on a large DNS query.
A DNS query recieved by UDP which exceeds 512 bytes (or the EDNS0 packet size,
if different.) is enough to cause SIGSEGV.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
63437ffbb58837b214b4b92cb1c54bc5f3279928
Change-Id: I93a69c8e308479c0abcd64eea071473419d80946
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 13 Oct 2017 05:54:17 +0000 (14:54 +0900)]
Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow.
Fix stack overflow in DHCPv6 code. An attacker who can send
a DHCPv6 request to dnsmasq can overflow the stack frame and
crash or control dnsmasq.
Change-Id: I4474cd7d752e62c1251fedbc4f0f7c324bcca033
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 16 Oct 2017 06:41:41 +0000 (15:41 +0900)]
Security fix, CVE-2017-14492, DHCPv6 RA heap overflow.
Fix heap overflow in IPv6 router advertisement code.
This is a potentially serious security hole, as a
crafted RA request can overflow a buffer and crash or
control dnsmasq. Attacker must be on the local network.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
24036ea507862c7b7898b68289c8130f85599c10
Change-Id: I3218bd52bda0c540a1c52d378b8d1b6e9ed50455
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 16 Oct 2017 09:41:09 +0000 (18:41 +0900)]
Security fix, CVE-2017-14491, DNS heap buffer overflow.(2)
Further fix to
0549c73b7ea6b22a3c49beb4d432f185a81efcbc
Handles case when RR name is not a pointer to the question,
only occurs for some auth-mode replies, therefore not
detected by fuzzing (?)
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
62cb936cb7ad5f219715515ae7d32dd281a5aa1f
Change-Id: I7f7fb931776dc3a9fa50a2811758c1da6dd44f0d
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 16 Oct 2017 09:27:03 +0000 (18:27 +0900)]
Security fix, CVE-2017-14491, DNS heap buffer overflow.(1)
Fix heap overflow in DNS code. This is a potentially serious
security hole. It allows an attacker who can make DNS
requests to dnsmasq, and who controls the contents of
a domain, which is thereby queried, to overflow
(by 2 bytes) a heap buffer and either crash, or
even take control of, dnsmasq.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
0549c73b7ea6b22a3c49beb4d432f185a81efcbc
Change-Id: I3cc432632f51e89b888f3a5d999ba422c134847a
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 9 Aug 2017 06:33:29 +0000 (15:33 +0900)]
Apply ASLR
Change-Id: I736599d7bd407a52c6904f121971659cc73bd94d
Seonah Moon [Thu, 22 Jun 2017 06:21:39 +0000 (15:21 +0900)]
Remove unused license file (GPL-3.0+)
Change-Id: I37057ff71feaab207ef877db850402f8ecb449d2
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 31 May 2017 09:29:46 +0000 (18:29 +0900)]
Fix crash when empty address from DNS overlays A record from hosts
Upstream patch is backported to resolve CVE-2015-8899
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
41a8d9e99be9f2cc8b02051dd322cb45e0faac87
Change-Id: I1024adcb4b563130a1656edcb1e093c2e28e8cea
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 3 Apr 2017 08:30:31 +0000 (17:30 +0900)]
Added network_fw policy for dbus
Change-Id: Ia6b8562f51f3402fdec2ec090a7f28a308df95bc
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 28 Mar 2017 10:59:52 +0000 (19:59 +0900)]
Used %licesne macro for license file
Change-Id: I8abf444c343f504578fe0848b019ccc5f4b61c1b
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 24 Mar 2017 01:33:05 +0000 (10:33 +0900)]
Merge tag 'upstream/2.74' into tizen
Imported Upstream version 2.74
Change-Id: I3dfe8f255eb72689fc45450c8651a5b778177cdb
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesub kim [Wed, 22 Mar 2017 09:13:18 +0000 (18:13 +0900)]
Imported Upstream version 2.74
Change-Id: I1ad6da6e04372b0e2f1b625ff1662d77616e603e
taesub kim [Wed, 22 Mar 2017 08:52:07 +0000 (01:52 -0700)]
Revert "Imported Upstream version 2.74"
This reverts commit
50d251b7504e58ac58abc184ee9fe4c5b74ec387.
Change-Id: Ib37a4bd14f141095f4c4b7432e1c923d283311bf
taesub kim [Wed, 22 Mar 2017 07:59:35 +0000 (16:59 +0900)]
Imported Upstream version 2.74
Change-Id: If275adb44c88ff3daee1397fb7ae8a22e0f5ddbc
Seonah Moon [Thu, 22 Sep 2016 01:22:33 +0000 (10:22 +0900)]
[CVE-2015-8899] Fix crash when empty address from DNS overlays A record from hosts
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash)
via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
- CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8899
- Patch: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=
41a8d9e99be9f2cc8b02051dd322cb45e0faac87
Change-Id: If86a54c0696fea852bb9bc2f8aeece6bd6bb1598
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 2 Sep 2016 02:12:15 +0000 (11:12 +0900)]
Add dbus policy for network_fw
Change-Id: I3ccc0dcd1a96299bcdc3c26a125c7cff4ee25231
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 13 Jun 2016 05:45:29 +0000 (14:45 +0900)]
Modify the license to GPLv2 only
Change-Id: I5e08f91c58ec8fc72c3cb61a3581ca4eb97c3298
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 3 Jun 2016 08:34:29 +0000 (17:34 +0900)]
[TSAM-4139, TSAM-4233] Enable dbus option (HAVE_DBUS)
Change-Id: I6d0f0e43a365dc39d30d2e820a080412b396170c
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 20 Apr 2016 01:51:34 +0000 (10:51 +0900)]
Add libtzplatform-config to BuildRequires
Change-Id: Ib66f113c7d067c0dc38436719cf78969048560d9
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 7 Apr 2016 05:01:07 +0000 (14:01 +0900)]
Update to 2.74
Change-Id: Ic7e94612466be7786c3d2b0724d745c7720e01c9
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 11 Mar 2016 04:27:56 +0000 (13:27 +0900)]
Modified hardcoded path to TZ_*
Change-Id: I4a9164181461e1adc76a6be7946be6a9f160c761
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 17 Nov 2015 04:40:44 +0000 (13:40 +0900)]
Base code merged to SPIN 2.4
Change-Id: I41a02810399e793c4a2fcdd0a3acd7f11c5a222e
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Oskar Świtalski [Tue, 10 Nov 2015 10:14:46 +0000 (11:14 +0100)]
Apply Cynara privilege checks to dbus conf file
For SetServers and ClearCache methods check network.set privilege,
allow for everyone GetVersion method
Change-Id: Ic586d0947f8bdc1c6c96bdd40e22738a7dc63af8
Signed-off-by: Oskar Świtalski <o.switalski@samsung.com>
Seonah Moon [Tue, 3 Nov 2015 06:00:23 +0000 (15:00 +0900)]
Install configure file to use d-bus on cynara policy
Change-Id: I4cda657d18f4e8788c7d9875adc34c9d4adae422
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Nicolas Zingilé [Fri, 14 Nov 2014 15:13:35 +0000 (16:13 +0100)]
cleaned spec file: added group and license fields
Change-Id: If3c4f77fc9b861a2978da0eee7293197c576f6fc
Bug-Tizen: TC-1230
Signed-off-by: Nicolas Zingilé <nicolas.zingile@open.eurogiciel.org>
Alexandru Cornea [Fri, 28 Jun 2013 21:28:31 +0000 (00:28 +0300)]
resetting manifest requested domain to floor
Jinkun Jang [Fri, 15 Mar 2013 16:13:16 +0000 (01:13 +0900)]
merge with master
Jinkun Jang [Tue, 12 Mar 2013 16:47:15 +0000 (01:47 +0900)]
Tizen 2.1 base
Jung Minsun [Tue, 21 Aug 2012 02:18:06 +0000 (11:18 +0900)]
Initial empty repository
projects / platform / upstream / dnsmasq.git / log