From upstream dnsmasq pre 2.76 release. Include 0.0.0.0/8 in DNS rebind checks.
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]> --- package/network/services/dnsmasq/Makefile | 2 +- .../patches/300-dns-rebind-improvements.patch | 42 ++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 package/network/services/dnsmasq/patches/300-dns-rebind-improvements.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 444459b..864914e 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.75 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/patches/300-dns-rebind-improvements.patch b/package/network/services/dnsmasq/patches/300-dns-rebind-improvements.patch new file mode 100644 index 0000000..ab84b58 --- /dev/null +++ b/package/network/services/dnsmasq/patches/300-dns-rebind-improvements.patch @@ -0,0 +1,42 @@ +From d2aa7dfbb6d1088dcbea9fecc61b9293b320eb95 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <[email protected]> +Date: Mon, 3 Aug 2015 21:52:12 +0100 +Subject: [PATCH] Include 0.0.0.0/8 in DNS rebind checks. + +--- + CHANGELOG | 7 +++++++ + src/rfc1035.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 901da47..3f4026d 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,3 +1,10 @@ ++version 2.76 ++ Include 0.0.0.0/8 in DNS rebind checks. This range ++ translates to hosts on the local network, or, at ++ least, 0.0.0.0 accesses the local host, so could ++ be targets for DNS rebinding. See RFC 5735 section 3 ++ for details. Thanks to Stephen Röttger for the bug report. ++ + version 2.75 + Fix reversion on 2.74 which caused 100% CPU use when a + dhcp-script is configured. Thanks to Adrian Davey for +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 56647b0..29e9e65 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -728,7 +728,8 @@ int private_net(struct in_addr addr, int ban_localhost) + in_addr_t ip_addr = ntohl(addr.s_addr); + + return +- (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || ++ (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || ++ ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ || + ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ || + ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ || + ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ || +-- +1.7.10.4 + -- 1.9.1 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
