[Dnsmasq-discuss] CVE-2015-7547 tcp path mitigation hack
starlight at binnacle.cx
starlight at binnacle.cx
Thu Feb 18 04:30:19 GMT 2016
UDP path mitigation covered by
edns-packet-max=512
Ugly but effective TCP fix:
--- src/forward.c.orig 2011-02-17 10:30:15.000000000 -0500
+++ src/forward.c 2016-02-17 23:16:03.792233438 -0500
@@ -966,14 +966,17 @@ unsigned char *tcp_request(int confd, ti
/* In case of local answer or no connections made. */
if (m == 0)
m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl);
}
check_log_writer(NULL);
+ /* mitigate CVE-2015-7547, truncate beyond 1023 bytes */
+ m &= 0x3FF;
+
c1 = m>>8;
c2 = m;
if (!read_write(confd, &c1, 1, 0) ||
!read_write(confd, &c2, 1, 0) ||
!read_write(confd, packet, m, 0))
return packet;
}
More information about the Dnsmasq-discuss
mailing list