Simon,
Thanks for the response. I appreciate your insights on this.
I understand that you may not want to go into how dnsmasq would interact
with glibc, but I would like to try and understand this a bit better. I'm
going to think out loud below. Please correct me if I'm horrendously off
track.
I've not looked at the discussion in detail, but as far as the dnsmasq
code is concerned.
1) Reply UDP packets are truncated to edns_packet_size plus a smallish
constant.
2) Malformed packets will not generally be rejected.
3) There's no limit imposed on TCP stream size, other the 2^16 bytes
Hello,
I'd like to ask about how to use dnsmasq to limit the dangers of
CVE-2015-7547.
This issue was discussed in these links:
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html