rpms/dnsmasq
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Unnamed repository
28 Commits 8 Branches 56 Tags 760 KiB
Diff 100%
c8s
Go to file
Petr Menšík 0f2a592b77 Fix broken client subnet validation (CVE-2026-4893) 
Bug report from Royce M <royce@xchglabs.com>

Location: forward.c:713, edns0.c:421

With --add-subnet enabled, process_reply() passes the OPT record
length (~23 bytes) instead of the packet length to check_source().
All internal bounds checks fail, and the function always returns 1.
ECS source validation per RFC 7871 Section 9.2 is completely bypassed.

Resolves-Vulnerability: CVE-2026-4893
Resolves: RHEL-168333
(cherry picked from commit 7479b4aee6bc1ece02d0e6c9f5691d9a803dd2f3)
2026-05-07 18:27:05 +02:00
.fmf Run tmt based tests from dnsmasq 2023-06-12 16:45:35 +02:00
.gitignore Import rpm: c8s 2023-02-27 12:36:49 -05:00
ci.fmf Run tmt based tests from dnsmasq 2023-06-12 16:45:35 +02:00
dnsmasq-2.76-rh1728698-1.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.76-rh1728698-3.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.76-rh1752569.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.77-underflow.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.78-fips.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-alternative-lease.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-cname-collision.patch Fix dnsmasq caching of intertwined CNAMES 2025-08-19 13:02:51 +02:00
dnsmasq-2.79-CVE-2020-25681.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-CVE-2020-25684.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-CVE-2020-25685.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-CVE-2020-25686-2.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-CVE-2020-25686.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-mixed-family-failed.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1602477-2.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1602477.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1700916.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1728698-2.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1728698-4.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1746411.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-rh1749092-fail.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.79-server-domain-fixup.patch Auto sync2gitlab import of dnsmasq-2.79-24.el8.src.rpm 2022-08-26 16:14:04 +00:00
dnsmasq-2.79-server-domain-rh1919894.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.80-dnssec.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.80-man-nameing.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.80-rh1795370.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.80-synth-domain-RHEL-15216.patch Do not crash on invalid domain in --synth-domain option 2023-11-01 18:47:53 +01:00
dnsmasq-2.80-unaligned-addresses-in-DHCPv6-packet.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.81-correct-range-check-of-dhcp-host-prefix.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.81-dhcpv6-relay-link-address.patch Auto sync2gitlab import of dnsmasq-2.79-26.el8.src.rpm 2023-02-18 00:17:53 +00:00
dnsmasq-2.81-linux-SIOCGSTAMP.patch Auto sync2gitlab import of dnsmasq-2.79-23.el8.src.rpm 2022-08-02 06:12:39 +00:00
dnsmasq-2.81-netlink-table.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.81-optimize-fds-close.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.81-option6-ntp-server-suboption.patch Auto sync2gitlab import of dnsmasq-2.79-23.el8.src.rpm 2022-08-02 06:12:39 +00:00
dnsmasq-2.81-prefix-ranges-or-list-of-ipv6-addresses.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.81-rh1829448.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.81-tag-filtering-of-dhcp-host-directives.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.84-bind-dynamic-netlink.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.85-CVE-2021-3448.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.85-domain-blocklist-speedup.patch Do not create server_domain for non-server records 2023-08-22 16:06:39 +02:00
dnsmasq-2.85-forward-retries.patch Fix problem with DNS retries 2025-08-12 18:20:41 +02:00
dnsmasq-2.85-serv_domain-rh2186481-2.patch fixup! Correct releasing of serv_domain 2023-05-10 13:43:45 +02:00
dnsmasq-2.85-serv_domain-rh2186481.patch Correct releasing of serv_domain 2023-04-21 19:21:08 +02:00
dnsmasq-2.86-dhcpv6-client-arch.patch Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq-2.87-CVE-2022-0934.patch Auto sync2gitlab import of dnsmasq-2.79-26.el8.src.rpm 2023-02-18 00:17:53 +00:00
dnsmasq-2.87-log-root-writeable.patch Add group writeable permission for log file 2023-07-20 22:02:17 +02:00
dnsmasq-2.89-edns0-size.patch Set the default maximum DNS UDP packet size to 1232 2023-04-21 19:19:26 +02:00
dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch Fix CVE 2023-50387 and CVE 2023-50868 2024-03-18 11:25:04 +01:00
dnsmasq-2.93-CVE-2026-2291.patch Prevent overflow in extract_name function (CVE-2026-2291) 2026-05-07 18:26:03 +02:00
dnsmasq-2.93-CVE-2026-4890.patch Fix NSEC bitmap parsing infinite loop (CVE-2026-4890) 2026-05-07 18:26:26 +02:00
dnsmasq-2.93-CVE-2026-4891.patch Verify rdlen field in RRSIG packets (CVE-2026-4891) 2026-05-07 18:26:40 +02:00
dnsmasq-2.93-CVE-2026-4892.patch Fix buffer overflow in helper.c with large CLIDs (CVE-2026-4892) 2026-05-07 18:26:52 +02:00
dnsmasq-2.93-CVE-2026-4893.patch Fix broken client subnet validation (CVE-2026-4893) 2026-05-07 18:27:05 +02:00
dnsmasq-systemd-sysusers.conf Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq.service Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00
dnsmasq.spec Fix broken client subnet validation (CVE-2026-4893) 2026-05-07 18:27:05 +02:00
gating.yaml Import working test plans from c10s 2026-05-07 12:51:15 +02:00
plans.fmf Import working test plans from c10s 2026-05-07 12:51:15 +02:00
rpminspect.yaml Bring rpminspect.yaml over from Brew dist-git 2023-03-10 10:33:45 -08:00
sources Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00