From patchwork Sat Jan 20 08:46:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin 'ldir' Darbyshire-Bryant X-Patchwork-Id: 863939 X-Patchwork-Delegate: jow@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="erVQv97L"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=darbyshire-bryant.me.uk header.i=@darbyshire-bryant.me.uk header.b="uhSAPYUf"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zNrsV0xmNz9s1h for ; Sat, 20 Jan 2018 19:46:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-Id:Date:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=1c1QTKA329XHhR1sSBsBAnTQOS5CoGokd2isFQ8srTM=; b=erVQv97LltMMOk /rYE1NA0QTPHlnNio6gmitGOQq1fmabHjhVAIjBrWhQs6z11OaBtT+GBDBJZLZnc34gbz3C/TC1gc 1yFQQJrEOz3XNFSNPQStrFVUV3z1QLMPQQLeyAoVS6R6NOuRdwjDSkAh7oeeTU+AAvBXLOEe9IaIX xweYHg/d5clPJFdVBe5EhJzwYWTFjVPw0AKZVU/nIpXgWDGhfsggJ+Tqzw4MrOFFsIn1UtAY9eFBX zJCoAoE32Lz80M8lQJtKAwrSZ2D9l9Qk2Lxvd9k6+8/v/Fs9WxzuWn0y/7M3nPJSW0EHh6Zw/EHLO U3zkz8rNo1o0AAhrN/9A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1econb-0000SF-HU; Sat, 20 Jan 2018 08:46:51 +0000 Received: from mail-db5eur01on0630.outbound.protection.outlook.com ([2a01:111:f400:fe02::630] helo=EUR01-DB5-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1econX-0000Pr-HY for lede-dev@lists.infradead.org; Sat, 20 Jan 2018 08:46:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SDrX4zA92dyX3Bk4z3BZJr+bD/4JaVlsKPYs8J911Hs=; b=uhSAPYUfp0QoyGnipPR9H49ZoaPuh0IlNdCU7/IzjtprTwXjd8MkWfVA1AitvlS65eXdcUvcobZAVWZEMIOEDu/e84I4KKxrp5lMxR82yUrWNDJnyVbvszcWwfp/5gXHfQ+qRHy1C4F0ykezZGO8fZjUARKTTQR88KmmX1Gqy60= Received: from Rowlf.darbyshire-bryant.me.uk (151.224.34.91) by AM0PR0702MB3732.eurprd07.prod.outlook.com (2603:10a6:208:26::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.5; Sat, 20 Jan 2018 08:46:32 +0000 From: Kevin Darbyshire-Bryant To: lede-dev@lists.infradead.org Date: Sat, 20 Jan 2018 08:46:28 +0000 Message-Id: <20180120084628.28039-1-ldir@darbyshire-bryant.me.uk> X-Mailer: git-send-email 2.14.3 (Apple Git-98) MIME-Version: 1.0 X-Originating-IP: [151.224.34.91] X-ClientProxiedBy: VI1PR0901CA0104.eurprd09.prod.outlook.com (2603:10a6:800:7e::30) To AM0PR0702MB3732.eurprd07.prod.outlook.com (2603:10a6:208:26::25) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fdbf4f91-7fd1-417b-f87d-08d55fe24e7a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(4534125)(7022125)(4602075)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603307)(7153060)(7193020); SRVR:AM0PR0702MB3732; X-Microsoft-Exchange-Diagnostics: 1; AM0PR0702MB3732; 3:DxzplZ+ABq7hfUrE2p5sH+jJgPCxstb2Y5UjLHpAs7n3WVNjQgG+CFyNketBtV6A3W6tNN3AM1s2ktmYQ2GcMy1/wIli/14pZftoJvLAcGVSRR1b6jHz0rYolWNn/svd8j1zYgPkGFgkkbHVIWVCWcpys1XhQ+XMc8MnrleYy2y6juLbwRaGnN3v5o+eZtQ0oVagfxL6neREPhXJRKPM8yx+YeTlHv6PBfwy4V42rQ6WAbgmpOLraG6RANQG1//+; 25:jpY87UhGqZFMORyQqVapzNu64ygK5ED8chqDcke0RpoXpDJeYcta1PYZk2mJo1dd6/uANOsOuKdd7NFkmhGwdbnP6APjreQBGtxvhVoWxe+6cKPy9wFIY6DZg+0+t6C4l6cdNGg+6+duX9APsk3Ypn7eyGNQpvOY8rGluKjIRUWnyr+1rjfE75xkmKg5T0zc8w6/yshBBcLlzd10ZoT7fRCpxk/W5b0HO0geC+mGcBwq7h5zUGqkC4N/EOr8JacRRTnd4xoDYCnQoqBzWSQ2oig13a2Fw2GpoJ98NBNXO70ZjC/z802Ll26yT4bno0oei6iAhx/YTlMDCkGaE0QztA==; 31:njbkg64YMmJrgPA58b7rdOWJje/PIfD9cx/PHMy5hR4qbwQb5k2O/p/wHZ+3NRw1cCAjk+rH3gSaBZGjJQnxvtWFw2TzIB+Q0mbTAGYXuMgX3puojT6eFYEE6euFKM75G/w/cTwJC5B4apkmSoTNYmSZcY2IPTwFo1ixgH2cX8Vnux4QBc74SlvlBqASbXJDWr50fUKzB6bm3zSuYu8ZkFUeaXgDPSEbIuDd3XG3BDU= X-MS-TrafficTypeDiagnostic: AM0PR0702MB3732: X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231046)(2400081)(944501161)(6041288)(20161123564045)(20161123558120)(20161123562045)(2016111802025)(20161123560045)(6072148)(6043046)(201708071742011); SRVR:AM0PR0702MB3732; BCL:0; PCL:0; RULEID:(100000803126)(100110400120); SRVR:AM0PR0702MB3732; X-Microsoft-Exchange-Diagnostics: 1; AM0PR0702MB3732; 4:X9TS9tlAYUQgtMOw2qFFomdZBhON2qclgW55TnE0MvLFf3/7h7C2VQWjByHEoOG8qt9qOlg2PgNfzAS/6Op7ddPMzqTgANKFWXn55w23BmpndbLYHSjQTq9goUEUM7G8PtyITxHh1h+Cifgesdz7hqw9KTJHlG9fXb/D5S8lvb45xuavULkMSRKEciCaFUlY5ZR6Lg3bt1KNGzqqkjVcoPxRRJsR1in1Rk4V7EP7W49qYVvvk7/xyTu+kDePDRtPBowW6oow6+Fmbv/hBZudWu3uuIzc8ez2X46HJ2l26wbe4J7kvW5jcqrQwgIsFQez X-Forefront-PRVS: 0558D3C5AC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(39830400003)(366004)(396003)(39380400002)(376002)(288314003)(199004)(189003)(16586007)(2361001)(106356001)(5660300001)(53936002)(6916009)(42882006)(6306002)(69596002)(16526018)(26005)(50466002)(478600001)(6666003)(2351001)(2906002)(6486002)(47776003)(66066001)(48376002)(316002)(97736004)(51416003)(386003)(53416004)(7736002)(25786009)(68736007)(7696005)(305945005)(52116002)(8676002)(74482002)(107886003)(6116002)(3846002)(81166006)(81156014)(8936002)(50226002)(1076002)(36756003)(4326008)(105586002)(6346003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR0702MB3732; H:Rowlf.darbyshire-bryant.me.uk; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: darbyshire-bryant.me.uk does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=kevin@darbyshire-bryant.me.uk; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM0PR0702MB3732; 23:lDE48WlJ9IUq3jRm7k+1Aielp46CB2ABJH23K51?= 0vOkNiIYl1NgG6nM6K93AVnTYZvlZ9+AzRun1eRUq9LLihbvSm5du1GEyP19fCOff0gYhGlWfrK0b2yaeSHunjuQGSK6MluXsNxzmyA6e2fA6daqYBAYVPEaz6Vv0DtIkeEEdjPxfbbr+p8R2aBkEHwHw4OQ7KIzAsOemDFMY+IEVD4MC5M0Fg0Dgl+3tJYlTkzCvtUhMQvNHda4FXlf7wVhzB+u+kYY7zSslUAWPBXaw29vnPgra+tElfqlVMgyz99c+WjhcSwd8UZVt1puMk3+OY1fFqLvXm4UohIcs012fbGY0aqgdyAHLBKwOOZSYdLLfyTYuioYZ3EWDJFEn7kUuCxBKyEaskCCz/dyI0TJiz7tbGc1J52F2wEJSJubqZ8qcNA9mYUJm4t7k+i9ZnMipRGW1xJJLHVd0jBPivuNrW+yPuh9BC9+sZSTWQt4qL43UX6g7nx2FFQZmshZEZv+RYCgwmFYX8LcliE6ItCSZZRB/loy2OoVenI/mxTlYWrZhKtxjOJVHV2qLgmjHzuQfUqSix3AP1yePdjDgGhLXoyJZfmIcKoodTMkbkskipARo1lOjp3Pb81FpMucajyS8SOjb96Gu5Qr2Norm9/JU3fru08scgHzQOgEKfbpoVSNVKDdnNme2mHsWceLBUBRQ3NI30itneLGFQSMJfrhXuGUamVwGGYSfGOLcaIMvEMQkVYR+mqWgXlJOyHvnXGQfr+5vEhlJ24de1FyD99hfM4hoFvRwNKbYQFxdNWjFhQ83XMMiOBw9/VQ/1oQw2O72BZGfQnzBd2u1Srus2MNl5bDDATtOQo0DdDRYZcfSC1UzmA+BY2CyZd9SwVrZ0dlPmKq/46XYVau76999WyzE/+6mvzFf+9LbfKhn52OD0GxuU8PtLsDcThdPrHIVyxTcX1NfzRy2zBhzZ0JHyPtyGU3LV7F5dagR5M++y9y7eKqu1Bqkx05U4hCwoYq4ev9ueEI5Cb+3RA1fxh93YnhYe36JMyD2ELKvkwFe/DE6XxbFZ76gRqh7CzCauPufv4lvND+wX8uh0mHoupGd6wymg8i11a6LtWAdgaD3MG8JT+W7iFwypyDVJA+QzU/YWorDQk2xNZax8uP7US471jTEbC6qNk87LSujs5PHq+1qLT+JR3pCpySfpe1Qp5OX0uW7Fu58JDJObFCHDWQ3snnA/Q== X-Microsoft-Exchange-Diagnostics: 1; AM0PR0702MB3732; 6:SWsF7DHg/JlPY4hVvwWHiJj6qyR17TQTaVOIN3R0SmGEZlX2EoUGz0LWkp6XZH8QkmkUJ9BXN3Sn5G6uBijs0NGGDkykSsN+qma2Wzsf5cAZcLWsSjBlJtaILcAuHFDIXEtDxVr8WNcsaINY8A4v/w9x+f62R8M8Icyfnlbm4QTY7TKivG4MOXd7dkKKYCMFIFKf2kGi0co3shGEvmwvGIoLaSas/86ATkQODiKRvYHCKTBtZ50TpYsZJ9GUGnClD7+u619+Nvh6ODjf9AEGnT/c01uEFtH1F1uQcl3dxly0jYoNc9Ic4kK62rRV+Jv6u9dn1jaiJfEnLTmJArLGF9uzB9oSLn2Dwo1H1sfstCI=; 5:aMLzVb0Rxk5tMu1WwGKolOtt3BVtC0TA1L/h95HUZyCM3yq2JiiH6gitQuDJOkCpR6aNGxkGw6yFu9SbvEWRBihcCjiu7ir4F6UZ8f1IX3/vXx2Z9e34zgfvN8R8KuGaX07GqTWEeAFjq52waBaVeZXlLWJJOFh4kYBHtAz0Rs0=; 24:L/tu9RH6kcmNO2RQ6OjwoGo95GUImuqGa5CQsbieR3t1Nap4dnWhax0zNcoI8SgzIoinNlxwONV2ZAhyrxl9RoEzlYmz+ogWaRfSsg7yMpM=; 7:YtWf7rB3TEJf4c1PgeIkdT4b4FHGlKsiF7OBC99If95jew+346DDc0VqODWYgnm6J5XDHuDZ8FN16iBbtt0XYyCE2RixD6GhnFhtn7r6U3+roEOLlcyW7I5qgeLlpwkD6Gr6R7J4LR7v1cDgA/Bofat60m9AwUD3lbieXFtYijGQ6sKrgYTp6Pbw/Z39TLyhBzO6beZvuGxJD6VnM1SBmdH5TM/M7hdU234PWWYzpd/u41Icvd2j07SGIgretS67 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: darbyshire-bryant.me.uk X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2018 08:46:32.4535 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fdbf4f91-7fd1-417b-f87d-08d55fe24e7a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 9151708b-c553-406f-8e56-694f435154a4 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0702MB3732 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a01:111:f400:fe02:0:0:0:630 listed in] [list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [LEDE-DEV] [PATCH v1] dnsmasq: backport validation fix in dnssec security fix X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Darbyshire-Bryant Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant --- Guess who found this one! Running chez Kelley for a while as the CVE fixes were embargoed. About 30 minutes after I sent to upstream I spotted some odd dnssec behaviour - spoke to Simon... "damn" and bug squished. package/network/services/dnsmasq/Makefile | 2 +- package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 3ef7a317d4..7ba7d56b52 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.78 -PKG_RELEASE:=9 +PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch index 029e7ea7af..d13ac2cbad 100644 --- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch +++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch @@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC. + int type_covered; + unsigned char *psav = p1; + -+ if (rdlen < 18) ++ if (rdlen1 < 18) + return 0; /* bad packet */ + + GETSHORT(type_covered, p1);