rpms/dnsmasq
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Unnamed repository
46 Commits 8 Branches 58 Tags 907 KiB
Diff 100%
c9s
Go to file
Petr Menšík 1d62ca52b7 Fix improper validated wire format of DNS name 
Ensure extract_name stops whenever name is longer than 255 bytes. That
is defined by RFC 1035 and MAXDNAME is derived from that length. Dnsmasq
until now relied on upstream servers filtering similar responses to be
filtered out.

Stop immediately if the packet is big enough, but binary name length
exceeds 255 bytes. That is prerequisite for escaped name to become
longer than existing buffer long MAXDNAME. Introduce new MAXWNAME
constant for on-wire length limit. MAXDNAME remains escaped
"presentation" format limit, possibly containing IDN or escaping.
Standard escaping is \ddd, where ddd are decadic value of that byte.
Such escaping is not implemented by dnsmasq. MAXDNAME should be large
enough for any escaped names as long as MAXWNAME cannot exceed defined
length.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
Resolves-Vulnerability: CVE-2026-2291
Resolves: RHEL-181040
2026-06-05 16:41:40 +02:00
.fmf Run tmt based tests from dnsmasq 2023-06-12 16:47:04 +02:00
.gitignore Update to 2.85 (#1947198) 2021-07-02 18:07:30 +02:00
ci.fmf Run tmt based tests from dnsmasq 2023-06-12 16:47:04 +02:00
dnsmasq-2.77-underflow.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
dnsmasq-2.78-fips.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
dnsmasq-2.79-server-domain-fixup.patch Ensure also server_domains_cleanup is called always 2022-08-30 13:46:48 +02:00
dnsmasq-2.79-server-domain-rh1919894.patch dnsmasq option to query the last known working domain specific upstream server first 2022-02-10 23:22:39 +01:00
dnsmasq-2.80-rh1728701.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
dnsmasq-2.81-configuration.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
dnsmasq-2.85-domain-blocklist-speedup.patch Do not create server_domain for non-server records 2023-06-14 08:08:05 +02:00
dnsmasq-2.85-search_servers-rhbz2182342.patch fixup! Ensure search_servers domain is set on dnssec 2023-05-11 10:37:31 +02:00
dnsmasq-2.85-serv_domain-rh2186481-2.patch fixup! Correct releasing of serv_domain 2023-05-10 13:18:42 +02:00
dnsmasq-2.85-serv_domain-rh2186481.patch Correct releasing of serv_domain 2023-05-04 16:17:10 +02:00
dnsmasq-2.86-alternative-lease.patch Offer alternative address if requested is leased 2022-02-24 15:34:12 +01:00
dnsmasq-2.86-dhcpv6-client-arch.patch Support client arch and interface identifier options 2022-02-24 15:35:13 +01:00
dnsmasq-2.86-tcp-free-fd-rh2188443.patch Fix bug in TCP process handling 2024-02-22 12:25:10 +01:00
dnsmasq-2.87-coverity-forward-cache.patch Backport Coverity fix to hide detected issue 2023-07-28 16:16:31 +02:00
dnsmasq-2.87-CVE-2022-0934.patch Use upstream version of CVE-2022-0934 fix 2023-01-26 18:42:54 +01:00
dnsmasq-2.87-filter-AAAA.patch Backport filter-A and filter-AAAA options 2025-08-06 18:08:50 +02:00
dnsmasq-2.87-log-root-writeable.patch Add group writeable permission for log file 2023-07-17 19:53:13 +02:00
dnsmasq-2.89-edns0-size.patch Set the default maximum DNS UDP packet size to 1232 2023-04-03 16:36:40 +02:00
dnsmasq-2.89-filter-AAAA-improve.patch Improve filter-AAAA and filter-A 2025-08-07 11:12:16 +02:00
dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch Fix CVE 2023-50387 and CVE 2023-50868 2024-03-15 13:24:59 +01:00
dnsmasq-2.93-CVE-2026-2291.patch Prevent overflow in extract_name function (CVE-2026-2291) 2026-06-05 16:31:28 +02:00
dnsmasq-2.93-CVE-2026-4890.patch Fix NSEC bitmap parsing infinite loop (CVE-2026-4890) 2026-06-05 16:31:32 +02:00
dnsmasq-2.93-CVE-2026-4891.patch Verify rdlen field in RRSIG packets (CVE-2026-4891) 2026-06-05 16:31:32 +02:00
dnsmasq-2.93-CVE-2026-4892.patch Fix buffer overflow in helper.c with large CLIDs (CVE-2026-4892) 2026-06-05 16:31:32 +02:00
dnsmasq-2.93-CVE-2026-4893.patch Fix broken client subnet validation (CVE-2026-4893) 2026-06-05 16:31:32 +02:00
dnsmasq-CVE-2026-2291.patch Fix improper validated wire format of DNS name 2026-06-05 16:41:40 +02:00
dnsmasq-systemd-sysusers.conf RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
dnsmasq.service Change default pid file into run directory 2021-07-02 18:10:26 +02:00
dnsmasq.spec Fix improper validated wire format of DNS name 2026-06-05 16:41:40 +02:00
gating.yaml Edit gating.yaml 2026-05-07 16:21:12 +00:00
nm.fmf Update 6 files 2026-05-07 09:13:29 +00:00
plans.fmf Update 6 files 2026-05-07 09:13:29 +00:00
rpminspect.yaml Auto-waive bad_fucts in current release 2023-02-15 21:00:51 +01:00
sources Update to 2.85 (#1947198) 2021-07-02 18:07:30 +02:00
srkgpg.txt RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
test-release-public-key RHEL 9.0.0 Alpha bootstrap 2020-10-14 23:43:55 +02:00
tmpfiles-dnsmasq.conf Added installation of tmpfiles.d config 2025-12-11 14:49:25 +01:00