Most relevant feature for openwrt in this release, supports dynamically
removing hosts from 'hostsdir' supplied host files.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: add ubus acl to allow calls to hotplug.tftp object
dnsmasq may call hotplug.dhcp, hotplug.neigh and hotplug.tftp.
Only the first two callees were listed in the ACL, so add missing
hotplug.tftp.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: fix the dynamic dns object names patch
We can't use booleans, since we're not including stdbool.h. Use integers
instead.
Fixes: 0b79e7c01e ("dnsmasq: generate the dns object name dynamically")
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Rui Salvaterra <rsalvaterra@gmail.com>
* dnsmasq: add support for monitoring and modifying dns lookup results via ubus
The monitoring functionality will be used for dns rule support in qosify
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add match_tag for --dhcp-host
A set of tags can be specified for --dhcp-host option to restrict the
assignment to the requests which match all the tags.
Example usage:
config vendorclass
option networkid 'udhcp'
option vendorclass 'udhcp'
config host
option mac '*:*:*:*:*:*'
list match_tag 'switch.10'
list match_tag 'udhcp'
option ip '192.168.25.10'
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Paul Fertser <fercerpav@gmail.com>
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.
Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
If specifiying the source address or interface to be used
when contacting upstream name servers such as:
server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
server=8.8.8.8@eth0 then all would use the same socket
bound to the explicitly configured port. Now only
server=8.8.8.8@1.2.3.4#66 will use the explicitly
configured port and the others random source ports.
Remove upstreamed patches and update remaining patch.
Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Co-authored-by: Alan Swanson <reiver@improbability.net>
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
