diff options
author | Seonah Moon <seonah1.moon@samsung.com> | 2016-09-22 10:22:33 +0900 |
---|---|---|
committer | Seonah Moon <seonah1.moon@samsung.com> | 2016-09-22 10:22:47 +0900 |
commit | bfe353fab22064f77f3ad423b95b848dcbad21b7 (patch) | |
tree | fe427d1440751f420666a1a7ad438860d11ab426 | |
parent | 30705949eb416d4de8f909857087eab261d30647 (diff) | |
download | dnsmasq-accepted/tizen/wearable/20160922.233156.tar.gz dnsmasq-accepted/tizen/wearable/20160922.233156.tar.bz2 dnsmasq-accepted/tizen/wearable/20160922.233156.zip |
[CVE-2015-8899] Fix crash when empty address from DNS overlays A record from hostssubmit/tizen_unified/20170308.100412submit/tizen_3.0_wearable/20161015.000001submit/tizen_3.0_tv/20161015.000001submit/tizen_3.0_mobile/20161015.000001submit/tizen_3.0_ivi/20161010.000001submit/tizen_3.0_common/20161104.104000submit/tizen_3.0.m2/20170104.093752submit/tizen/20160922.020431accepted/tizen/wearable/20160922.233156accepted/tizen/unified/20170309.035232accepted/tizen/tv/20160922.233159accepted/tizen/mobile/20160922.233153accepted/tizen/ivi/20160922.233202accepted/tizen/common/20160922.120630accepted/tizen/3.0/wearable/20161015.081710accepted/tizen/3.0/tv/20161016.003723accepted/tizen/3.0/mobile/20161015.032533accepted/tizen/3.0/ivi/20161011.043659accepted/tizen/3.0/common/20161114.110523accepted/tizen/3.0.m2/wearable/20170105.024320accepted/tizen/3.0.m2/tv/20170105.024014accepted/tizen/3.0.m2/mobile/20170105.023648tizen_3.0_tvtizen_3.0.m2accepted/tizen_3.0.m2_wearableaccepted/tizen_3.0.m2_tvaccepted/tizen_3.0.m2_mobile
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash)
via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
- CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8899
- Patch: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87
Change-Id: If86a54c0696fea852bb9bc2f8aeece6bd6bb1598
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
-rw-r--r-- | src/cache.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cache.c b/src/cache.c index 178d654..1b76b67 100644 --- a/src/cache.c +++ b/src/cache.c @@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr, existing record is for an A or AAAA and the record we're trying to insert is the same, just drop the insert, but don't error the whole process. */ - if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD)) + if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr) { if ((flags & F_IPV4) && (new->flags & F_IPV4) && new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) |