[Dnsmasq-discuss] CVE-2015-7547 tcp path mitigation hack
Simon Kelley
simon at thekelleys.org.uk
Thu Feb 18 17:23:31 GMT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
That would do it. Or just block port-53/TCP
Cheers,
Simon.
On 18/02/16 04:30, starlight at binnacle.cx wrote:
> UDP path mitigation covered by
>
> edns-packet-max=512
>
> Ugly but effective TCP fix:
>
>
> --- src/forward.c.orig 2011-02-17 10:30:15.000000000 -0500 +++
> src/forward.c 2016-02-17 23:16:03.792233438 -0500 @@ -966,14
> +966,17 @@ unsigned char *tcp_request(int confd, ti /* In case of
> local answer or no connections made. */ if (m == 0) m =
> setup_reply(header, (unsigned int)size, addrp, flags,
> daemon->local_ttl); }
>
> check_log_writer(NULL);
>
> + /* mitigate CVE-2015-7547, truncate beyond 1023 bytes */ +
> m &= 0x3FF; + c1 = m>>8; c2 = m; if (!read_write(confd, &c1, 1, 0)
> || !read_write(confd, &c2, 1, 0) || !read_write(confd, packet, m,
> 0)) return packet; }
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJWxf4SAAoJEBXN2mrhkTWiJHgP/3M+0+Npg1pY/vEfGlTX48pb
4bjbsvybys46knY6Ik1ry6IyV2ee73KI9lTO6B4PUhaVqwNkKBt99+VjgrPwQe87
PhpGDQRHL9q9KRGwCOCfyUZWE0/ERYCu+53J3mFL6lXTRaFM5HRHy66W96/OhFuf
buMaz01iudiOF3+aYgOg9Ks/H/ih2eay/VLJ3oQ+iwljoxAmiEii7dmYwHneOuyj
RmFfuVNaABxQXSekpGbx44JeRWQU94tGECHnUdn3WFpbsP1DUxG9YBgHx9cUfXis
h/Kcs5ukaTNfWr2W2tizx4sFi7bGqYevELYT1vjXbh7//S9FXPaUeK7ZVfBEmPah
1Cz19f7v/ZSMLCpVqOvz6JOlTrwbJsrG2aBEaXaQsiCcycvkHk37EAQB3CPLHDRO
98ji1GZ8XUTxuUMVItHljKE1WveQr7qR17nNkFAk3BTnfWAdcyyED0/EFtNGajpg
pnNYY8bCmjEwF0G4ORQR+cIvjzS8kpMnviK9H01x3NseJfPK51EOR8Io3CMNTw0r
lO7FHBkG787/JXYixuSoL/g3FAmvI3DL1HqsULDMlQgiv2iIPkRPTSoOtplvAzXB
aJKlpwiyrC7cQso7ql1FbOOoqs2LeanXarZYWlb8MHCGHrsyoGqerpAiLAvt/ETO
FRT8y0TmHH6Bx0HfytrE
=2XLw
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list