From patchwork Wed May 20 12:29:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 88533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC696CD4F3C for ; Wed, 20 May 2026 12:29:40 +0000 (UTC) Received: from mx-relay11-hz12-if1.hornetsecurity.com (mx-relay11-hz12-if1.hornetsecurity.com [94.100.139.211]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.11094.1779280169754597317 for ; Wed, 20 May 2026 05:29:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector1 header.b=qx2DCHzx; spf=permerror, err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded (domain: witekio.com, ip: 94.100.139.211, mailfrom: hsimeliere@witekio.com) ARC-Authentication-Results: i=2; mx-gate11-hz12.hornetsecurity.com 1; spf=pass reason=mailfrom (ip=52.101.66.126, headerfrom=witekio.com) smtp.mailfrom=witekio.com smtp.helo=duzpr83cu001.outbound.protection.outlook.com; dkim=pass header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=witekio.com orig.disposition=pass ARC-Message-Signature: a=rsa-sha256; bh=ag1B6tMQqWm0wgyMvNRqGh+RCqErfelpaNzvOBkuJ8s=; c=relaxed/relaxed; d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1; t=1779280167; b=FYPwZaDViEixLbqO9p0O2+SL2TvYvw3gjSNd8VPBecwrAf+WGSWydfQC/bRb7p1rk75uLjyz TWOy3c6T4kBdcOhWlHmB1tk10veG03YgY3/SQwt/cddP64cZVphLa6GGwCvNKb7l4+efIIkIsMK hjLUzjePl7+XZ/0iOXmndXKVRw+vZjwo6A+qExNJi+uxytG6FsKDSEXzXIjUPVvarCxyuAIz7ec paMIM73ete7VUhDD6Uhl7UswPaBVqZ/iBHzo7bJpTBqEt8+z5zL9BiXja5+80raw6kqXS5f/5MA GHG3OACa7hIsCVWZtvtKG2o+GLRdw97Txb7Ply0Y6zQ6Q== ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1; t=1779280167; b=VtgvgalNQMqI6nME3forArtmKzmoKzESFubA9EPwShHadsy4+4tqp6rSRR0CsJUH0aj3u8M0 cU7wXk44HT0ffWERyUNTUsgNU9W3c5/fzMl0kgs/jLyE1YzaxPz5GcIjqJk+I5nKuHiIo52v5OR syzWoJpbOTrgky9PokM5kuqVCPxaz3fEAGdyIeEk5OWiYQhpKgk4jQn5Rh+TbXh79hjyhoLRsnL AIGlpG9NNdfquS+/vwnTcOMAHtAIR1v4SX1+pKWxadSs3mhrGRrGl1YtdIuWurTVqQ9o0a4jiBP bkt9fp92j9ODNJ1C1b1O2dbzChsJikN1dAKSpEvfa7+8w== Received: from mail-northeuropeazon11022126.outbound.protection.outlook.com ([52.101.66.126]) by mx-gate11-hz12; Wed, 20 May 2026 14:29:27 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VyyIVplvNcFd0mBzJSxTY0eHSxjlxH3MAp20/e5YwQQ+cHxp3dfYz23SrRaxQKVZalZVyHokd1L3dPZYTDub5uAgvrF++D5s1vTyilg3G9IG69SSqfXajipod6LgC4sUALou9gZ/0Z8cVqhplYgECju1cKeY3cJxGIGYOBrqbBYddMveAwtTA/tNEkr0VsD5xpOJu/36nzz0FZtiLx/et0z7hVfWqAJvlQJiRyhHcQpxQ4hxUPxC1diarF9I4vNFcF5DpipObIjQdr2DcUBB+7gktwO8V8lzOJmVJl/o8K1GUc933Jh1vvq0U/cnZDA3bx2YwLGTN620DJdg84H7cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ag1B6tMQqWm0wgyMvNRqGh+RCqErfelpaNzvOBkuJ8s=; b=C4lli1vu3L47FDVdBsH3JpQc0ktPdeN+HZaGNRkCdmfGFdDQAtjSNEHaHTl5Gh/nRIVd55BKm5Eq72sEzUIncM/QOHA4htvZ15TuHUofO1PLRVDucpKbG3nl5iG0aSKi7rL66WRljpBo9tm8gIsxhIDv0V088oK5tYkh8P7HGml2SaOqtD8JD8uvLClXMtHnu1vbSS1nvJKHtfJf+UJOFCD5ucPFnI9pgMKO+h4HQ1DjDK8DRNwYFTXg7/i6rhy6RMFagU3TvS4uiLc2kKKRZjtW3E7hYCyjoIU7xuokngV1ExTb7Q0MCFVT0YVLo6V58SWEaKyzroqI/NSgeXy1sQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ag1B6tMQqWm0wgyMvNRqGh+RCqErfelpaNzvOBkuJ8s=; b=qx2DCHzxpmbET7ip4ApyOj6zUeAwogZ8Lmc+usu3QEZ40nrFDX0TLw1WzwFUE4knxKSumwfFs9ZGL/NnLIbLmtNWoEP/TEtA2wYHCBevG45JLU8yb0tm13vxMTwDsJh5wXFFSF4AnPzK+t4QJXjUyfF6qtMcrzvrreFFsfoECpt7ZCupaZT8LYzMtn9Q7N7tyoQwSfrK/hvEddZ4pJYJo4lZRYmiHWH+6pjgn2rJ5hY/VnBzIiU0B1+oTfhSsT4XeJPJR+lPXQz+DvuWF4mEYslTdKyOT5t40De3fcYocWnOBz8HepKgNkWr9oVborDy6zj6SHtJfSx4tPR5iAXfTg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by AMBP192MB3401.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:75b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 20 May 2026 12:29:20 +0000 Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.21.0025.020; Wed, 20 May 2026 12:29:20 +0000 From: hsimeliere.opensource@witekio.com To: openembedded-devel@lists.openembedded.org Cc: "Hugo SIMELIERE (Schneider Electric)" , Bruno VERNAY Subject: [oe][meta-networking][scarthgap][PATCH 1/6] dnsmasq: Fix CVE-2026-2291 Date: Wed, 20 May 2026 14:29:03 +0200 Message-ID: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|AMBP192MB3401:EE_ X-MS-Office365-Filtering-Correlation-Id: b0e4fe3f-64d3-4030-d11c-08deb66b6b09 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|366016|52116014|376014|1800799024|5023799004|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: YsYtQoWTtPS4TVVBxPAmxxy4OmCHJNcIZ3+qThxsXmj/7BoxkNZbBNOLPvYpc15v8OSirhlwRDnbzbQUkojlbYtNPaLJRSJPvgACX9FvWSTI4sPT2Tm7mEWlDyJFuiCPr98tOcrGzZArf3SNSZmK9wL1Eb/0C5EUEgqZkQnw2Lq2jZd5UZLT5k6sQsdHU9ih6YxniWTxIQOmbPdqHmhnDAQEXab99viWelZs378eLJZEIcjgw3AuRVcguaqtNr2jubxjPWmeqmiuJrLm8wpcSccu1Tyl5xrK6s3ZzfskfqfesRsQLZ4Zpm6WEP3ISoObfSHK2DSGT7soVGpQ2gFhz4V8PyqN4DWewVWrXsCscedSgFCTc040YppbuVXHnODp68r5OAh4VgPF66OmhnS9XT3/bafpkNaelbx3WLLEP11nKCH3fvpI1CujQq6RsLNV8Xgfa94GRPhfgZtmnGk8bG3WNP9OuKuj6j1eL1bhm6d0oIufm04LaK5DNiHC7U2B8kbqSjQIODowlGliV/hvsT1MRSwc4zRgNi91HXsqszMCWkmJTKsYThYeB7mAjicxgMNyMlrloGZUv3jFvQmdfVj+8Rdvx82Flw2RVbsxe7/PG0PTPr0qB9igaXlQN8ywLU4wmpEwQQwQm10De/qskg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(52116014)(376014)(1800799024)(5023799004)(56012099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: WDcYspZhMPNipsqu2fCuzThJvFeW2kSmgMpGO7s7dqZccHrT6jYCYlkNkCQz/D4T2N7GO0W6kWGAECu198QZJACI4rIvLapKUyKsED+4AC5Y/X4J5V/F5pXZBL1lH7c7F3IYtFgp18+5xSUacHPx/viVAFaAhcb1AePNEQT4piGw8FW+QFewdHkmaQj4Xhxbb2RI7tUfrcRmok3WC2E4X5OlsVY7oE+spCHW0qTXwkZt4j8LoJqiZG2JMlVX03HAQyJZerGzSL09bLmXforckZjZbOEogjCZSXAMGiuFaH1LYeaTklFYjph4jX6YsGV3TMw8w8opXhNd905fPPK0VgsAt9+vQFWqpmejXlBDXUusHKrsC0TunLiSbqoetJ93SIg37kqIVX+MZnrY+ZqjjK9L5UGJchvLrPLQHFQGOUHozpazcNg1Pxz58yKs8lO6Nl/9m2+/PjJJIwovZAnic/58nINSJah5cRHtX+Z4pcgAzQH86F9PgAqOMZLc1JtonvGMD/6Msr3LC/k/IbScjXXWNMrJlxh27dWt5NRS34CHMwsxeYDgCnjxOcyMKAJsb1UUTpHd9p5DC3kZdsgLddccnjbd7tmZ+EITUVWtEJAQn8iNndaEgic67U8PAdl84RHTX8rVuOIh8Fmgiq56ljh4mIvzCibRm+Cu1i83ZkOzsa8kxtn9vFSl2mzFN3aiQDs2XsuVUFCfpPnrbpc9BjNAne/vSIRVspzh2hmUvisl5llmMtSuttksn0smmiOORd9vwa2uUuhrTq6ukp5hwa4xCI34NyrozT7X+HEDiOjFoGhUiLGdsvQ8HFkTm4LRZ0zMYdEzNx6hUyOlQFObtuU/aqOgfsUEcRk7TmQ95MA3KblUtWEIVk4ETM3+R7fUfs+ijYjKkekDzcucnIrTDTid4I9JMgQP8AqSpwkJcy8oaY6w4auh+ySkyrh05stQu2I6qEoE97fHeKB1gtUOsNehlSrujBj7tA2fUmMp+WMqqf5sbOXHZsAoXx8WIQ7h8q72GpNC6ngkqj3HT8hnA1RhHyqzyHjWnUz9NcmwtJ+oEbOCmyfxpHH11+bqL0MUGdEsEkr28P80eUHP8S6ebG4XDPc4UDMmSHNI+cK6VAh9PRpTzFXRB+dQ+3+TxmygyXM7l9I/AsXtG5Rz0jZvdREaNzLbGWdMeoX4Uze50afwC2yAum/d0MAbFEfQPhhugLngRrYr7QSl3yOyh89i60MsQ7fQloGHfGrPHucCAYgQCcY1m8Mvk3rjp7ZJNwpEJabnac6/18uzWAhXyArxAmGl5dBpGAEc3QuxNTRRvCe0+RwbGl5BYliesKZC+vpF2VgIw0yfMK7226UFOvnqfBreyDi1tFS7VYyFN4DkRMEFEDt9gQnVW/MJwrBB6XemqQrw2QzaFWrww9zpTkGGM3i/LM8zikwAdR/GF/WnRpLf091fKERjxqUr1VxbwhBHaKA8+wDEfFO1PL3+7tjc6g5NS4Zt5OkO7b3vNLGQ/tC22RL/ZZbxz67/DykoN4wA9qLVdvnMBeyuiG8Rxjkh/x1JGJbkeXjWj4WEHU/8pUQXE+I1HxfQ4hYvs2uCK2YxJEAHTtyZbGk+waRvastJFkwklNUl5YIIDLxwfuRyzZoNmOHcubsvsYUA3EHZgoEA5T55kITHPGdIWxxLi8gAVy71rK8X3JBSsrtfYklZHMHFVu/LxzghCec+GWHVdM4jO14Y/d665HBYmymlYKDCzDTNTw+SOEPVkyU36zInoEjfv0pxWiYpoh+aVrCal7KkSA6kkz4X X-MS-Exchange-AntiSpam-MessageData-1: 091B7KARFT5uzw== X-Exchange-RoutingPolicyChecked: FZCyzPfaygEWdbv34w+IgvVwliY2aRH87JYvvtpFQUD2VUKV77fVc1hc5yerpkQg585RWd6OEOyXxAVVcKMuqMi2QtYr7X+jItvOdMPD2qOXiokAy3Paf1sWG7aouEaWBNcCr/CNzhCVvP6WKKNuNU3JImrTL2JyXxsKUzrPwpDQYjdtEmPDBlkNsEJ9PGyddErNr5Q2AfNckhVTZeHKArpZVRY09TzkhQFhuY/POXd4Df7PdREtxMTKcIyp/CBEGWvy4sn3TIb6A2fpjzPRMA946nSV4a/HMfo+q2BY4CYrjRP7DZXp/4sj5RHhwBIVuJZbm3nLEkJb98zesI6dew== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: AaBH511O8SD04vi3pdL7FD0/pPC2Wz+dxxZH3gZmKqSE1o21vpyREcdiqcL2bi1x34o+j9nKssFfMpw5bj+nITQgC0wRjapXtVYYhREVS4eV82JYRrwRhFOeRrwkxWkHCykT6plxgiPl3qZK+DxEuRp1uiuNNnwR/kLC0yWsB0QIJyKXSD7uSg/aHvTdCKXrKe9gR9kYDYqE/Jvot3O6YXNKkvEVF/QTZPk1qAJTqHSupBPQo0dJTAFELfSDVVdXWGYTC5mBTsiFx07a+a1rPlCHGGY1liY2MKy2VoCCuw9d3P5J7BZQYs2VcG5ItKSs1KPOJ3MlCMbIs6MM8fdzWHbINSmENbLULWszCTTFaqDIpx5FYC6t7e2zpmuLB+rZ0gFcXEQy/faI5lky6ECrU00X7KyfRNHLnHqx6QJVaF1/8wljDAQIApVcHGGdKjIwftYfBLRqq4kA7DFoFGZ+8kBe4SrWwCRtjLwgDgLkHy47nzZLv9ZsKO8JLviOGzgFsnXjaLBhDKNtuJ0mGawLYmsnqA8E3tFqJT50UcqdEAptHSjPeYHpjpZuj4N0HCaSrCZaJE5uvlxDKO8Qezhe8htwySu7C0J9T7F89V66OZke4tt48+BBdffsw5yusGOW X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0e4fe3f-64d3-4030-d11c-08deb66b6b09 X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2026 12:29:20.7755 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QUwZ7e0Lrqev3CmWRs0ml8WBtsjfEdNvIIJyYTn0UqIMFySpy1Hzp8aN7hW69PfInoV+M5wB3v9kFrfzI0qciw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMBP192MB3401 X-cloud-security-sender: hsimeliere@witekio.com X-cloud-security-recipient: openembedded-devel@lists.openembedded.org X-cloud-security-crypt: load encryption module X-cloud-security-Mailarchiv: E-Mail archived for: hsimeliere.opensource@witekio.com X-cloud-security-Mailarchivtype: outbound X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate11-hz12 with 4gL9pB34hQz46ScC X-cloud-security-connect: mail-northeuropeazon11022126.outbound.protection.outlook.com[52.101.66.126], TLS=1, IP=52.101.66.126 X-cloud-security-Digest: 82f485fcfbbaac28553711084ee3f1ed X-cloud-security: scantime:1.455 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 May 2026 12:29:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127110 From: "Hugo SIMELIERE (Schneider Electric)" Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-2291.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY --- .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + .../dnsmasq/files/CVE-2026-2291.patch | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb index 38fa271dc3..3281404e42 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -16,6 +16,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolvconf.service \ file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ + file://CVE-2026-2291.patch \ " SRC_URI[sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch new file mode 100644 index 0000000000..c59fa031f9 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch @@ -0,0 +1,41 @@ +From c3059821cd52b423592aeffef7935fdf81035a81 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 10 Apr 2026 16:29:31 +0100 +Subject: [PATCH] Fix buffer overflow in struct bigname. CVE-2026-2291 + +All buffers capable of holding a domain name should be +at least MAXDNAME*2 + 1 bytes long, where MAXDNAME is the maximum +size of a domain name. The accounts for the trailing zero and the +fact that some characters are escaped in the internal representation +of a domain name in dnsmasq. + +The declaration of struct bigname get this wrong, with the effect +that a remote attacker capable of asking DNS queries or answering DNS +queries can cause a large OOB write in the heap. + +This was first spotted by Andrew S. Fasano. + +CVE: CVE-2026-2291 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=014e909f787e808bb35daa546d3f8f3663918de2] + +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + src/dnsmasq.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index e455c3f7..be8cf2ad 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -467,7 +467,7 @@ struct interface_name { + }; + + union bigname { +- char name[MAXDNAME]; ++ char name[(2*MAXDNAME) + 1]; + union bigname *next; /* freelist */ + }; + +-- +2.43.0 + From patchwork Wed May 20 12:29:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 88534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B093CD4F54 for ; Wed, 20 May 2026 12:30:20 +0000 (UTC) Received: from mx-relay16-hz12-if1.hornetsecurity.com (mx-relay16-hz12-if1.hornetsecurity.com [94.100.139.216]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.11101.1779280217400225291 for ; Wed, 20 May 2026 05:30:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector1 header.b=QLTePhHy; spf=permerror, err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded (domain: witekio.com, ip: 94.100.139.216, mailfrom: hsimeliere@witekio.com) ARC-Authentication-Results: i=2; mx-gate16-hz12.hornetsecurity.com 1; spf=pass reason=mailfrom (ip=52.101.84.131, headerfrom=witekio.com) smtp.mailfrom=witekio.com smtp.helo=db3pr0202cu003.outbound.protection.outlook.com; dkim=pass header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=witekio.com orig.disposition=pass ARC-Message-Signature: a=rsa-sha256; bh=ljcFPzf7QqtUD8KhOpmhsppkaHEKZfXyEYqwuVklD7k=; c=relaxed/relaxed; d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1; t=1779280213; b=FBeN3FZzFt7Xj6DlBS8SPs8wynYxhw5UFossic9kAvb7wEFwb4+ziDO+1/MPkL4XxEC3sfFy O3HCG2O+rE6LdhdvORMW72P9tHvwmiYSP0slmBFnJE5kiz8Q4dhKFPvAGenBOMmNALQoHsfCJFZ LUSkIkEVMAlEfftMK0r31E6sKs+IbqajhMbXnbVQ+3/oNn/dhAETxAMHU3AhqZCvSC7npIraOC2 iA5mSqdLqrjxSAGYSleoUHHd/F4ZpmZTsUV7cVGN/AioTCxKPGPOJP7CdGtpY43v6VNvTxUsuW4 fmnb3AQRJAghunFp4wDSGiXA9OaL5z5ebDc8KKnDH8jlw== ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1; t=1779280213; b=mlkcO4Fu7CJWGYBC3g6ZdS/YhZEnZ0CBTpSPAtjbwoG2pNBGTPr5/fnNSCkqkpYLAL/njMGb oqyAmK+6Av3GM9vUnVrkJpoGf+G6rv5ev6havafifdeo0XINoHqIIs49f/1QIoPg9ZHIYdFfdL2 DIvdNl/G99Ar5lT8vnlw4faCUZ+q3C+bBtmJTOHHV+kPVnt8s2y9Ys6XF8NOBUQ5Qj/zRgyqhib yPZe8XM6Twb5ackaiC23YEAP4qjk9VG/ITf0HUIYOeUenkXUEf3PYXYrq3YxoT49noubiUyiR6E wntC0/Fq1+jQZre+Cyco8WKHIvQ9edb59QC5VeP6Qpc/g== Received: from mail-northeuropeazon11020131.outbound.protection.outlook.com ([52.101.84.131]) by mx-gate16-hz12; Wed, 20 May 2026 14:30:12 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cEboJGLaAlCHH3QW4FUDVAhNf++UVdI41aGXthJZd5+Y5YGvATZVxJJ32iNx4TBtN9TnMWL6Ryu6XMJDCnnTT4Ix2Sq3Cx4aIQPSBn35A1IKaNiW+WVBTUaSRjKISYBnL4hbTuGWdk70jHdLR8I2Pir0ebsLKFg/vAEYRBZqaixMSxfdmXAygpyfjasTXYiYNhwBRxgxYkaxhOCj4fYnOTiBWehUbDDcwPX2U9WDDUDqUqzdQnl8+cU1nh2ap7fiBlBzmMYI185HvTgkrlNPSd1JuVzOgYmxKbAe3dM4YhOrH77lUoDjPx9+YgIGlfJewj5HoS90O4bWg07bTEyTjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ljcFPzf7QqtUD8KhOpmhsppkaHEKZfXyEYqwuVklD7k=; b=rCFiuSoBWxYji5thbHHlW1ajKgqV342UjySig78XiPHz6zkm6AJtEWckmUJn39Mk10Y2fN65WJwzTvUByGeNE3m1bgwHIDSaxslyvJXBQGny0SoCV1rrTTbbwmVR7ZaxdidOCnwbynczVGfn0LxnFaZjpdhMPHKhUyNIHr7Ml77gxSewYbvrOoi+L+JwSbK1BL8+EtvTB5axCKifFrQFPnKn+wf9q2d27PFOc4hTIWY3tMUGANVRU7qP+c88PjgLOPCzx7YeMPMeiB0Pzkl12d+BwrIJZpm3DKdDoZ3tlj/E+YcmyfESagnSca5j3lP0poFLwZEaiD7dqHCtZodRZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ljcFPzf7QqtUD8KhOpmhsppkaHEKZfXyEYqwuVklD7k=; b=QLTePhHy0zwdijpWhkXykhgo4nburPZCEqeZ8+LaUT5KAT9QmDLnqbkXyGPVbyEtQhhge3Z99HOdajjYb9tf+ngyaDx9MKwm10nIN6kZlGUoBAnplR728bhTPEBcOpDY+kCGILg5tzaY4ioBGzTf/N+YQp1nNoK48oHWWZq5+V6Gje+T/QpzVBhS7EAcbbGu5LZsYGxS8MFCZI69PG0kmqCvhEmWUpe3tRea06YHIZ0qxmQ0M8mRTpOl5j+WDC5xtmaaRYrvyG0cPenQS5qxgQ3lc83+UyUtiodKpJQQhAHXbirbCiWGX94GU5SytOp+U/I3FPUBgddQPCc6gxQAiQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by AMBP192MB3401.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:75b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 20 May 2026 12:29:59 +0000 Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.21.0025.020; Wed, 20 May 2026 12:29:59 +0000 From: hsimeliere.opensource@witekio.com To: openembedded-devel@lists.openembedded.org Cc: "Hugo SIMELIERE (Schneider Electric)" , Bruno VERNAY Subject: [oe][meta-networking][scarthgap][PATCH 2/6] dnsmasq: Fix CVE-2026-4890 Date: Wed, 20 May 2026 14:29:04 +0200 Message-ID: <20260520122908.3151647-2-hsimeliere.opensource@witekio.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> References: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|AMBP192MB3401:EE_ X-MS-Office365-Filtering-Correlation-Id: 814bbb9e-01c5-4b4d-1c42-08deb66b81f3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|366016|52116014|376014|1800799024|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: s1Ij3ftsSoodFeSHtAwAGKFX3XwGLPIk/E4/VuBwjBZYiol8DPrXT0U7uV3FnopizdlX+JD/euFCtmLDwmzhOTurfXJXI/go86PP9fHD6FKnsLdu5nx7UedVwM5mCAVCMiRYtAbTKYDWZnj4QvntyB+AKULIPnjCtBq5QhRByu3701OMplQFkeemXglEzKIfkUpnefFNMwajmfmI2pggxskmsc5Olng6D3YEDj5a2+BG8ZwDyjy1pP6rSUzJNcY7gyoRGEyV7kZBET+oj88sCQgG37c3PCehyv+01fR2pkFLFjtJLxpWexIu9bbzWS8EHOlsn7gzCbghpcLCHrR1gPN7Y8reEzqvTk6ZTYeX5Pb52BfGEjEqJ3RNxUbvOXavSQy7xbk7ymofVMTZ8OzPKqJK5XfO60AEYB7wEGBB00HD68J3fkg89Bh9s7x9fbcZWTYP5JNA2rczbSaMGcm6037guxAqysgg4/T9fgBZF3XapFk+tSr/SfD4tPa67+4doQg6kgI5bw3xoeumU9PhmnbCYoorqtzFO5kpbJOjCYXXG3FPn80PRRbffsL+W5FrTCQmVZIcatj2Zo9AlzbYjiD9HD3a9VO2nAL/sbb/9qq36lDUaLefudJWDFAO5OGOvi9SAXzOVAyl2BBEy5U0QA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(52116014)(376014)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: LjT/ml+A4f5rhBM3p6VRPDYpwIEBC+ZZMA+bBP5K6d5aF2zbgKqMzU+l8MYfwwavHDl1qpq8/0k+No3SRsXOF5WIz9dI2bd870ZILYZLAbMqeF9I/dkLGnsImuBT1Xa6yylxLZDc3IG+jHewyWZD7m7f8fbFHlgEu8S7Euyi7T1WKJvRZMuvf2C8QX+Lv0y7QdF90ceE3X5ouNsaSI0C4e+6VYMDUk/ZDN+UcDDAIUaJMRxkHyZA4SFaF8m1QpvRVbghct/9cuQtXkNRlhQMEj5U1iWK9f6tR88cOW21SS7+0bns5N+dS7AK+pq/jnz/b36+2ntCnYv85gLnDv3Nfq3JLHsHfZCZOVSZKD1uzMhzvDbykVoXnwBMsLHy+VidmsHKbAdbK3MV57NXk/OyaTZzSVeudIwq8/rEfoJX5dYTu3o/5sS7B5+NAcEph3bmmNjk9UXRTETgtRKm0R9o0aEjfo/QpmOhkxKPnH348rH2H/p4C/OxwXi67EzE3obGs3A3Amcm6YCgxD5KIZBE1KXP2qMOsZSdauvx1dmDdj5YiDDMpaAVhxzzrY0joWlBco5dQmmBKQxP7HW4V/2HTDLfk9yjKhLy4yj/I5l9s/vL1I3W//BtqUdwGqP4VLmYhwdn9o/Speo2RlaVVi7H8YclEiwUz5ByuyrWkF0fQVCcG0P4u57JFJhpJ/twngNP9nCJJsnQ+PaEE6BRk26NZ9ZJjGXhuYVlHDjpMp6qzqDSx1JOXwIkx6RbgamKf4Mk2WQApcdbPkKDtC5csdP3aqjDW4HTC3uSNxrF1ZhALVKKzPZbuQRoxBUQBbpS/AOltuh38JJtI1tvFMNsuQeQ0GPGsB3GvBAUcLc/eMBdCkRzK8gm6+O0VCm4TG2QLmJMMI1VCfE1eG9hlPjRGz2l/OMV60aJRxCfgT3topQnAD5Z9mURSuc+m5asKSF1fIae+xtjPhn/7CePnSzOk09bu8VcfY6/2LQJ+vNyxkk/EyDi+ML67OsCnBJ39gg7DY409s3T40Jctg8vlmpGpNcYy2caMR2T1hDPlk3mIF6+S/d3wEFFlUkJdklgttSRPNGB0F+BMGD9SCEULUqmSOZlJP8mmR3PrFmHy3nZ4Xnt9QABsNFAbmA6IGxAIWncGcP6uAaX7A09XgLtW0dbw+bfKf6wCOuhyzbZ8Z8zCPHq8da8S/fEUKC1q7LPx9ll8kDzO/3V1hQOOCGC8+2Q6Umq3D/O739+xp+/UHDTcaRUEH9GP3oNBaJh4eoU/rTzCweBdV2ueB3APpZSzI/ne9bzFVVb3QGJ7ItlbcCcQsKRId7TZ/nIxrnMNDwL23pg9dHYQ6hEbjMQzdC0v6EqgEQ6Kjimm5vCDttyC2E/EgeH1/6YRK8qCeDRn2H43AnhPM9xDjMdJDQ7Ugd99v3Q8D0uLVtbzvoETkoVDmbwMkyGhrep5VZvQxq8ssn9WuL3+tXSJZlgwUgve3ypJ8+dvqnvxM7A2Z/NPOmjG81ylejIoW+knbEu3sVfRiEhBnZEE1zMA9Xm3oyhFHwXwZGVlZm/bFbbwiPzZ9XtVcBrlCtcHyhXdztK5/PpGPAKvFeeVYhtdx5VDOiYbXR9DO5qfFbOo1N5LMyvAkfig2PYo2+toLssGO2m3pcP+2tLRESf5i75zVXF7u6JSVs0KxF3IFqhwA7+VE6vUT0XzUeOg4QM7rqHNfDQ7SWXSzXNnl1ESjdhflp41umo9O8BNUjUYLaicWmLUKDgocUO1p+lweZ6zEqosB9Sy7vVrqsSYZMd7V/nC5xjsawM X-MS-Exchange-AntiSpam-MessageData-1: xsinIdTBbgqI0A== X-Exchange-RoutingPolicyChecked: KKB5LfahFJ1kI1pEni+lsH9sVAcB5G5Y+NcWAwHuleN8HfEGlWgeZfK78aH5juwLqjbkOBpuG2pdCaTVPw30n51eQirQVhVpuiRzgX3o1bZf646p+nS4+lVH38PGOuUfXPLXn0TtVgRK2hqzthzXGj/GF611ihRWyOAoURo62AcljyeB9D9QJ9VmalREuj1IE4StU4W0wrz/ME7Kpul64cnlF4fEPSfcS4HSV8vrVio+P/2UV7nRHmHC2C7kbFYcVhU/ECBW3BO+R8+GwK+GKlbXqrgA7Gb3F7G35CsEZS23WUhTDu1VrGNnAKVEYoywuWIXjnTAdrAJBbjThOs3aQ== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: hufvj//7ZkyOjMhzDmeXcklCJl2DsVMBtwOatEM8o0UVjgbIk90gX+IxAIGMbguGo/t71zVu/L096rnrn2lK9ftgecmq/zbvmk294ESiLeQjpBG8Y7zmWeoqmcMn7X2vG4+vSEbMiOVTRHxiJz2LgFA4z8unikmm/Q9qGiiRjJyDizqT4Iby3eQwG8NgbmNa6dEATpbKqCNMelwc6GyOG1vXdEP1QScLO/ZfDoK6257CzJqOJvvm3GcpFVZBc9rTAHXAZNvAaluTUivcB/Ivi/VBspXsBMqYMLy/ycgbX4qH22YLuVC52b4CKQ7+v3Y/rPDEklW1ungLizM0FGsFvJoWZaUjOJVYD/SnW/UVYhNX6cosVdKGWu09SLt/l0IJquJAdRGlX1laKXuOFzCoR5wpuQp+uvEA9ufq1F759/jsc44lR++poJniG3QZo7qArD2ODwVIMNk9VQ+1CEWPkt3H/0W8kpkuczzb/2V8VmWJhRZsxfJWB9kU4qx9L0yK/gSHLjTBg9bVFeduBbpk3RIl/IAACn8WcJn6iI+xxmfwZN1vc7J70y8d4L2szLRhFZCxOZDgPejzqHtNfyrMODvV+6Txkpoo59Ov3uWFSH4pShAw6sDgiejO7q/q4BCR X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-Network-Message-Id: 814bbb9e-01c5-4b4d-1c42-08deb66b81f3 X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2026 12:29:59.1892 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oP7ATdPPasG1H1u/Dy07lhtlOkkgYaO3dXmslPq58BDAuP8WTAqo3pO3kqzn+rtuVGEkkSUHlsOLvU7ojNiMWw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMBP192MB3401 X-cloud-security-sender: hsimeliere@witekio.com X-cloud-security-recipient: openembedded-devel@lists.openembedded.org X-cloud-security-crypt: load encryption module X-cloud-security-Mailarchiv: E-Mail archived for: hsimeliere.opensource@witekio.com X-cloud-security-Mailarchivtype: outbound X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate16-hz12 with 4gL9pw5Wldz8tcq X-cloud-security-connect: mail-northeuropeazon11020131.outbound.protection.outlook.com[52.101.84.131], TLS=1, IP=52.101.84.131 X-cloud-security-Digest: 24534ba4385390a3d360d72d20021da2 X-cloud-security: scantime:3.423 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 May 2026 12:30:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127111 From: "Hugo SIMELIERE (Schneider Electric)" Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4890.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY --- .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + .../dnsmasq/files/CVE-2026-4890.patch | 75 +++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb index 3281404e42..ecd17fa426 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -17,6 +17,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ file://CVE-2026-2291.patch \ + file://CVE-2026-4890.patch \ " SRC_URI[sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch new file mode 100644 index 0000000000..0b25239a86 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch @@ -0,0 +1,75 @@ +From 12e5ee3495842ededf8057758ef8da59745bbf33 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 10 Apr 2026 22:16:45 +0100 +Subject: [PATCH] Fix NSEC bitmap parsing infinite loop. CVE-2026-4890 + +Report from Royce M . + +Location: dnssec.c:1290-1306, dnssec.c:1450-1463 + +The bitmap window iteration advances by p[1] instead of p[1]+2 (missing the 2-byte window header). With bitmap_length=0, both rdlen and p are +unchanged, causing an infinite loop and dnsmasq stops responding to all queries. + +The same code accesses p[2] after only checking rdlen >= 2 without verifying p[1] >= 1, causing OOB reads at 6 locations. + +Both bugs are reachable before RRSIG validation (confirmed by the source comment at line 2125), so no valid DNSSEC signatures are needed. + +CVE: CVE-2026-4890 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7b151eb60609a0139474918222806f9bcfb4fe71] + +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + src/dnssec.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/dnssec.c b/src/dnssec.c +index ed2f53ff..68f1b5d0 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -1270,10 +1270,10 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi + packet checked to be as long as rdlen implies in prove_non_existence() */ + + /* If we can prove that there's no NS record, return that information. */ +- if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) != 0) ++ if (nons && rdlen >= 2 && p[0] == 0 && p[1] >= 1 && (p[2] & (0x80 >> T_NS)) != 0) + *nons = 0; + +- if (rdlen >= 2 && p[0] == 0) ++ if (rdlen >= 2 && p[0] == 0 && p[1] >= 1) + { + /* A CNAME answer would also be valid, so if there's a CNAME is should + have been returned. */ +@@ -1301,8 +1301,8 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi + break; /* finished checking */ + } + +- rdlen -= p[1]; +- p += p[1]; ++ rdlen -= p[1] + 2; ++ p += p[1] + 2; + } + + return 0; +@@ -1429,7 +1429,7 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige + p += hash_len; /* skip next-domain hash */ + rdlen -= p - psave; + +- if (rdlen >= 2 && p[0] == 0) ++ if (rdlen >= 2 && p[0] == 0 && p[1] >= 1) + { + /* If we can prove that there's no NS record, return that information. */ + if (nons && (p[2] & (0x80 >> T_NS)) != 0) +@@ -1458,8 +1458,8 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige + break; /* finished checking */ + } + +- rdlen -= p[1]; +- p += p[1]; ++ rdlen -= p[1] + 2; ++ p += p[1] + 2; + } + + return 1; +-- +2.43.0 + From patchwork Wed May 20 12:29:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 88535 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CCB1CD4F3C for ; Wed, 20 May 2026 12:30:40 +0000 (UTC) Received: from mx-relay31-hz12-if1.hornetsecurity.com (mx-relay31-hz12-if1.hornetsecurity.com [94.100.139.231]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.11007.1779280234048560800 for ; Wed, 20 May 2026 05:30:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector1 header.b=sLkiGlGb; spf=permerror, err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded (domain: witekio.com, ip: 94.100.139.231, mailfrom: hsimeliere@witekio.com) ARC-Authentication-Results: i=2; mx-gate31-hz12.hornetsecurity.com 1; spf=pass reason=mailfrom (ip=52.101.84.142, headerfrom=witekio.com) smtp.mailfrom=witekio.com smtp.helo=db3pr0202cu003.outbound.protection.outlook.com; dkim=pass header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=witekio.com orig.disposition=pass ARC-Message-Signature: a=rsa-sha256; bh=84vFzRQHxweH0vJGaJh2enwZVURYEJGPmy29PjUtZs8=; c=relaxed/relaxed; d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1; t=1779280231; b=OtFng3PspfBT5najEhI4NLaDGfmugx5yMQpCtjpX/tk+V1ECMxrk92o5pXFQLWD9PrPE53da CHz8GH874Vwsw/lgX1CD1CDAD+qZ9GOnpK0//3/HJYt+e1StmhTuZ2TTNmlaYyIf4kuAerkNOct EyIKa84k64WWI0Aq/McnwQIluGxD52j4kzMYn82p+REPs4Tl0cBuZ5xd6uQWnxYa002Gka35Fx1 NivoJvsbO0735yWFeRxs3+G8NuQF+z1dZJ/KwJZ395flCbdDExNWHGhSechweVpRmSnSL6xbfm+ b1P+5mvjSiFxd8yZoZFKsuqZhU79kikyYPZ4KkXJec6mQ== ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1; t=1779280231; b=oshDuDYIkU5UD1Dw5cEQma7vCweXbbZficOCDRDvqWt8EK2tM5CzXW1fv+2OYd3JJmZpU6ID sHrKNFtEaTc9zDZ7tHFuEJ7lK03FkP6zfIQWJve6AfLXNwiOhh9rLgzYASreSj24yqORMJ4B/tG vu6+7zxGtE8oL/axcnxKWHtv9uwq50Q+KDndTe1vsiYGR3SxKwkdcoVcRW+aIvCjBwt7bbj9Q0d 6tYlA47eUFzKEBHYdldo2nteMPv4iOJ1VF6aptqp1z7fZmHMn7ee3TzzGB+IVYkiRjCJ64sEDps Bp9VaDxZm2KWsWcUMHMK4cpZezSTy7UqEoD20VvsIq7Zw== Received: from mail-northeuropeazon11020142.outbound.protection.outlook.com ([52.101.84.142]) by mx-gate31-hz12; Wed, 20 May 2026 14:30:31 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dI9V4CcE77Efmc0gMYdDqmjDHtbu0nII9o3si2XoS0xMd7Gy7c062fFIdr04Yu5TI56M37ZHdMhloCNZYIKwULCxnrcXWwXgAA3+tLvNXGl+bKp7aZtjsRsCZS8ry03Wbj2Xl3T6AifotVWlwyYY9Q7KJgZZQZyo+zU2RbDSu0lMSIxqC8pUS+EHBY3MUYT3mFpN5GJ1PRGHwJc/5GQNMMTTETibWTDw2dvb1x1DJ5eO/sAMmEawZ3bYadOIvLr895TdeOafCmN/F6C2HQgDP8+WHnl62AGEpi0KS+9VglLSWym7GZkRCA0VTl1AUEMo7g6DFK1XwhNozNYINCs/zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=84vFzRQHxweH0vJGaJh2enwZVURYEJGPmy29PjUtZs8=; b=yd8ul19Edhkf1OPluPfWyUVtf3xo7Ezyf7xH8/oNr5nHckztb7/K7QxnJvcyuoR+eJwSO6bFyNV07URrKKT7gKpkSJ2ip+vhwh9ZkxsDrg8aQNreRCPzZdvIb+2na19kcf/DctxmCzOPdTXL1a6Af5uLgvSexwQMEshHSjhcwG7JXIIgbpMHW6eFfXq+2pwwZ8lrKcnYT+0t2K6ze9gt3u2dFy7cESCes+qG9npff5nsvCyRq5wJxNHxwe0QQrqVfJCiy0UYbQuJRR5ABzDwPEzvRHtLhJxQaMymhpm8uHWS61I8ae6XwbZgsPshFDYxSn1KnOs6xKEjVAE6Ywpp+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=84vFzRQHxweH0vJGaJh2enwZVURYEJGPmy29PjUtZs8=; b=sLkiGlGbpAWfE4znMTAOLmBi17ZEqtLNB0pb0PNC8Y6uEax/IThte51bSGGaSTnrN2B9bKjxH0d6W0oT2AfTr40uU1rSJmLvydYT62Nlg07ct5LrCNJBB42T2q+4ZS1xBhKII1Z7qDu4etzs2l4JkIiX+Q8QGX7Dbim1mzAcsEiw6FRd5VfPWPc3QVeumTwQNZixxuQYVR8GNuczW9ZC97MlHFHD9EE6ulUaoWap6vV6LGpCNaRR0GJtl+CQSme6UVjhOPQ3tu4v9jeGvsCjwSFNzsxOYzpRU+q68pUIaaIGcq77plDUTH+tsC1R3xw4LfDajZtkBSC9/py/P0udag== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by AMBP192MB3401.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:75b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 20 May 2026 12:30:21 +0000 Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.21.0025.020; Wed, 20 May 2026 12:30:21 +0000 From: hsimeliere.opensource@witekio.com To: openembedded-devel@lists.openembedded.org Cc: "Hugo SIMELIERE (Schneider Electric)" , Bruno VERNAY Subject: [oe][meta-networking][scarthgap][PATCH 3/6] dnsmasq: Fix CVE-2026-4891 Date: Wed, 20 May 2026 14:29:05 +0200 Message-ID: <20260520122908.3151647-3-hsimeliere.opensource@witekio.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> References: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|AMBP192MB3401:EE_ X-MS-Office365-Filtering-Correlation-Id: 7c013fb8-b02a-419c-ec1f-08deb66b8f1f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|366016|52116014|376014|1800799024|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: jIX5J/D/3lK3xNYff4aIa6H9vp3gu9WAFtjiFzc4kWdeDV8Qe3A1QDXVMpV16duZOc7qrlJgWmJcDhMmnFis4pkkS4SNTlwTvFDSYj6PBStsXNFqjpX+NfD1bgu1ihYJBNg2kw3TXO+3cUNYWv9n12PRXxHHTaQNKT+cQXEgkWyOM7v7qEOncKvt1JMFO/AYcGnqb0W5Kb9CsBTrw2w2ugHOQpyDU+FNPhlhRb0XSF3Ej+xWB2xRhtDSzoQFap/NO5Kau5BX7Fnb9bdtzIm78bGIdNKEfnnpGQeW51uke+7S3OHQ7VCJErazWeFW+QBbq1cDygVJqi1LPcpY34EUHW2DFbl5uVyAXnKCHaQzkxOki5hgJ8CCQ4+ERFNGSoPOKU7Daxkdo1JiCVlgC5JlcX8Eco88wiyxisZi3oE764fJq0gaQB5qF31PMwawlsx+l///mJTxg9DFbL6nAFgiK20IVxPSejUCwJbjaNYkhg7hDbk7MEb6WVHHe/wdXyMRo19ZUsebzSCkPh3kqxZtV4ScxZyYlADYTTv37d+NHgpadnuO4FEQZFglSrx2aKEr8YLW+uxvRB2GTuaPEKVfezXC4khaENmS7MXJdRe77n9Un38MkkGgpO0GrSXPBssbrW9i5JWMvwoOVvXc79UM+Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(52116014)(376014)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: EtKTWkwf2xze6R0oS8EoQxyWd+dvjMIfdEiQpoZKcV2h+4hxpzYzn9Rj7XCwXi1GslTS6OUJzN3E/Rs70RMmIATylrhMNbaBsoSLkf2ljhRK8IYoV2z8ZUuOA93PBkVvL1jVd0/escp3QsqD0NyrTvO9oMzy2DM3WrIfIqwsgvsuNPq1DWZsdZKgPEHzsSuz1AAt+y0bvL6AzArfxwREgOvOeBrfEwtjj05ZM8IbAS7C5kU88C8WojdbK8tf+ymdSh1yJZ1fquE5LwBvWpSyW4zxxWReOFBI5jZ8boitGvMOmql86FJCqQLDrjS7bdct/c24HdL3mNa6PhbOy4vePS+t5JbF6xUVzJJ2+4PKHUY8QTAFNOnEXfPtCv6aRzWRrIx1tGCDKKxYONGT8HprOxisMUMOK5yfS5MvbJcBI/AQv+lJbYxo6RZ5SY0sOFbDSU9c4xe5OOIyMvoNLoVaQUiyiWP8ljlAKIOW7eLgZWC2P1HnX04NgiQkQMASGMlC728JBT8QC063JEh9HArRRULH+gOL1gAPUzmWuKx3svtVaAWLLbny2m53XyxQWqVcEG3zOXBtrj0D5BYmLwEnH5HI3BR/SPjVrPRlTrS+1ZqQ8kKmb3QljdXHEK0nBmHIY6I4zzyoiyz1nhlS6Vv/ddqVurYo1bAy40+lQFLVGC0/cOT5MWki36+YozByVXBYuF92i81FYywAMCJ4z+sSiO2RrPv26sYqcyoUWYI/5aBl+bFg6VThoEeLy/x1T/RrQGxNxp/kd/YqLOnUnggJsJMhx4ThzVEhzRmpRkze70MwaUx4aECqnYwqg3Eu/eE3jd36exWlviRWxboJQvHyn/K4fArasPF64y8Ooskn0ZcI6POXjyvyUS5U51z/vcO28I5Xd+3VVf6Z6Sp0Sk7l46Jkr7b910r0E/V6WKvT4b2hzSdVmMzrrZxZ1RzLvnhRKAG4n3ek4o378ZW8N022xKLNWys+aGTqNn+EnOMNE3+BjsZCC2im5uiC7Md2xjUwgJydLzWzCfqvCynTJeCMJsYcmogDjNvPxL5KKHZ9+psuDYtVZ1dIGSHo1gGEMgzO9l2sg8ImkbXV81jKyH+rdyMHxomGn0oEhZN0sfHGTzTcIzrfuSa1VL6PIZhMF88Oe9yhr66vs++ltBUtmyGI1R5dd+X3Tg2Ai55idz0nXpW34kkPsjCSMoqHuTRRNrLLM49+5Y1jxBIPaHcnIfmm6oINL42QPsSFIEw6ogGb/4WjIM7EQhSNjBQJB1NXrqN2vzmklK/tlsXEX+QHfi0+mphr3q51tZTZQE47PO5ULozIvteAoAOK/crvtUCfbt+W4Iebx6BvhP+0j0+rPdTJ1+aGVG7nMymv4bql8Bffop7YyEh/fnvT2AmKG1WRCzBPHNbuRl+TO4WkrJmZ45R+I18jTFRGxpt38WbCwR0kqXX79ATaNDM8yqh4LAggKbwE4e/HlFhyS5MhmyuB4ixYrWCWQY310mFEuExDml8U3WjLwCKRPIitsVltz80HGZblWoIpruzRR65qkSFFF0kzMKZRxLVHsgkVs3sm2HF0FrwKvI5hYmZ7vD/e3C/vCDlGlH3R3lDOgId61giEEl6+qOyv8KXBiF440P24ItzYywWynepeXp2mvNO8zn+k7fWMcAsAkd2/ILZf6sMr7JPUlIfKFp/JKXc6si2PscLxrTx04v3AdZIBsYzGjx9VBqPuSJbPbeLyeTNx8AThTtSHJvdYpmJVbDtePPcqqEh9ccDKZ3lLjI0jhbvnRWswy9b6HunC9EKc X-MS-Exchange-AntiSpam-MessageData-1: 8NP6Ur56DyGRwg== X-Exchange-RoutingPolicyChecked: MjQVta3gkrYrTwIgMUD4dsIeRqow1rxGsuSXSHaYdItH621PyJr2Wzb8yso9dy0Lff6KtkS2KUsWgyPeaCuOun2bdBr7e9aCw1ydOcikYZlxc5NwWpqLN8db1/c38ey3XtWFfndvufQXoqGGVFRUu7HJJ/MXgQAZG5ok/iLwB8JbP0HOUu9u9jW0EPFqA3pd/7StXEKukKxunWrMwFOmk4cIJ/V05b8DygH1Vwax3oWlF5Vwckk4R47jyJJBmLJ5cht/9jeFYgDxFpvpjt4ZMlqnlppFMkTScc4QMtOSgGKchD6w/UgiuucFEaQhxIbQktj/8isxweVAFpEWZ0sP5Q== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: N1HOmyFWSiRqIQMKD5X0FpzbTDdPLhOMGCOZ2myFroE4jdLz/9kNIYRWv6wlPNU9y5PXKpZ2AvX9hObibK6vHavudHAgrummK6/Bj3LWPugzwnsL5C6+JSYBI10NLhe+q4jqUXU4BBrscwxvQrFLgYAr47iXpQcLrtev8G7ePsQn7p0w+KDKzf3jI7YfBUczVzsu2nrJb8Q4w7dQG3l0N3T2X1tquXNY0IHZdtY0+ATviYYD5L5RKxXMwkjfZc5lD1DwoY75zVUS2z2Vo4pF2IJ1ptQgF3NPDOdqmoFwvDTg4DnkY04BKhN+FDwjvZYlUudHHgHukWjOMJDBdalm8gkDwfpTRk+IZTRreSslfT9A1g0uxLPPZf+jT7S+HxtgsHS0MQf1QR7TgHL7tzwDtQBVpVpqwCmkJ1U4g9T0uFKSg5WZcHORUeHRk2pxxMWGTQ+OoG6WhgxgvFJqF9C8UbaIawKLONSfxWBCEZHh9w/FAlnIpyjCcO5cmtOIh2CQtio7wtNrVnxaOZPq3Y3elggMcouffv8GrENBHuGw3UVUcIioxsJc/vopHL0OXViX54tAs/wR9wdD8a2AI69c3wOYDEeUOnrg7kfPPHRWvd1Y8biE/zJ4ndFVzw88x1+6 X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c013fb8-b02a-419c-ec1f-08deb66b8f1f X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2026 12:30:21.2846 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1p+CDj/gQcoXKYCwlU1sylVJUTFjzSwZyae93mduI6uUEeVW3CeyKq2D+Qv/FmyDWEJwn4Dz8JJPSEhQ7lVhYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMBP192MB3401 X-cloud-security-sender: hsimeliere@witekio.com X-cloud-security-recipient: openembedded-devel@lists.openembedded.org X-cloud-security-crypt: load encryption module X-cloud-security-Mailarchiv: E-Mail archived for: hsimeliere.opensource@witekio.com X-cloud-security-Mailarchivtype: outbound X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate31-hz12 with 4gL9qM5MVkz2TSft X-cloud-security-connect: mail-northeuropeazon11020142.outbound.protection.outlook.com[52.101.84.142], TLS=1, IP=52.101.84.142 X-cloud-security-Digest: 2ede330b621a022c7bc1edf775fdc932 X-cloud-security: scantime:2.095 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 May 2026 12:30:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127112 From: "Hugo SIMELIERE (Schneider Electric)" Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4891.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY --- .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + .../dnsmasq/files/CVE-2026-4891.patch | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb index ecd17fa426..ed8708c339 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -18,6 +18,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolved.conf \ file://CVE-2026-2291.patch \ file://CVE-2026-4890.patch \ + file://CVE-2026-4891.patch \ " SRC_URI[sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch new file mode 100644 index 0000000000..b566acb286 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch @@ -0,0 +1,44 @@ +From 046fe2393ea47622b8e1c3e0c6dcca8347a6c431 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 25 Mar 2026 23:04:08 +0000 +Subject: [PATCH] Verify rdlen field in RRSIG packets. CVE-2026-4891 + +Bug report from Royce M + +This avoids crafted packets which give a value for rdlen _less_ +then the space taken up by the fixed data and the signer's name +and engender a negative calculated length for the signature. + +CVE: CVE-2026-4891 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=788b4e0f6c05217981b512bed4e5fea6f8855d01] + +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + src/dnssec.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/dnssec.c b/src/dnssec.c +index 68f1b5d0..d32db5b4 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -546,10 +546,14 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + + *ttl_out = ttl; + } +- ++ ++ /* Don't trust rdlen not to be too small and give us a negative sig_len ++ It has already been checked that it doesn't run us off the end ++ of the packet. */ ++ if ((sig_len = rdlen - (p - psav)) <= 0) ++ return STAT_BOGUS; ++ + sig = p; +- sig_len = rdlen - (p - psav); +- + nsigttl = htonl(orig_ttl); + + hash->update(ctx, 18, psav); +-- +2.43.0 + From patchwork Wed May 20 12:29:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 88536 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B527CD4F3C for ; Wed, 20 May 2026 12:31:00 +0000 (UTC) Received: from mx-relay16-hz12-if1.hornetsecurity.com (mx-relay16-hz12-if1.hornetsecurity.com [94.100.139.216]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.11011.1779280251772712896 for ; Wed, 20 May 2026 05:30:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector1 header.b=LT4MAQ1R; spf=permerror, err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded (domain: witekio.com, ip: 94.100.139.216, mailfrom: hsimeliere@witekio.com) ARC-Authentication-Results: i=2; mx-gate16-hz12.hornetsecurity.com 1; spf=pass reason=mailfrom (ip=52.101.66.78, headerfrom=witekio.com) smtp.mailfrom=witekio.com smtp.helo=duzpr83cu001.outbound.protection.outlook.com; dkim=pass header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=witekio.com orig.disposition=pass ARC-Message-Signature: a=rsa-sha256; bh=MZd3GFtkF82wdJuh2cEIR2bEvvrpfG83RGHIFOY0sU4=; c=relaxed/relaxed; d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1; t=1779280249; b=DWmsFfBASix9+DeWqpknuX/r6f04+xBIQa9ak7tWcbniQuQS+MeGBqPWrKmLxTmlnibhdUEN pOXrG69Wdfs2ue158U3Pc2uUqJZVMfyvlj24pVkktqO3r9vv+nPX+R9/1pj1uxndvoswEVGZtR/ tN8vOydOQkC8a0kZ9VtN3nRxk7lTj+L7ev8sSWOgCmZ7srhnI3kMekLwnvMtltmB8GM8Cl/hhN4 Xfh6pet/HjI3/HlDlSzPPKVeLOtLJkBbGze1NVrBjFLJaHwPL7hoiYesTpNd7evZcQR1zPuZxds 48MTONBh1Cw4ax6SGGIJNtBNefZZReheW2+2/Qk+HldKQ== ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1; t=1779280249; b=r2K/41HlySe+v1AeguCDjCHfeoeV5bb/2zkgnHw1a9FvsSRgNxoirceqy6ANrtdkjopfde8W WtA2YL5AWRlLVjnUi+hn7vYBdqkCRpaDLQlvIBsgehOF9nkRZKQWQHq5xDFSgt5O9Yrj9FYOM25 dv1ooPtoeAsLliEibw+Ck1+xq0Sm/3UPtiPNNFBaCR3fHW95aQ15plxkSSkc9LM2O0b4ESb3xQ8 fHV36/R/J6HBVzyS1RvnHNzj9NnBci8zJWhgZjtcVjQ0EUoDFczHCILgvWeEz+zvHX7gZKdnOpA NI9c8SHz9AoKhFnUta6bZrk94QOJbo4e7DaM4VZJ8cGFQ== Received: from mail-northeuropeazon11022078.outbound.protection.outlook.com ([52.101.66.78]) by mx-gate16-hz12; Wed, 20 May 2026 14:30:49 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SS0gDI9Avl/v6muCoTmooApbAp5R1ZdWJffDYyZ/yFKoFW1+aF1lrWXj2+cOAfv/j3cpxMIV6hEKIRK9bGdJS6GAzspjJXgK2y2lZUGcO+KJdV8aePRDE5v00fh1zq1WkDiF+zVD0Tp6xGlf849KswcBvIYBYYhgx35SQDtITBbnIotd3+iCuNuR5ZClThk/6lmi9ZnKB6dHJchIJ4j2gZ+b0tpMGgzz8N/Rst/bjJBGaQ4mVLRatD2Rj/xZ/c7DGEUVUqdTOcq965JUa7qxLhk08XiEJ5TAhC3XkPwMCVfU6ApEzLf5/XKCkbTTokM/n1ABURDKzWqII03xOJURFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MZd3GFtkF82wdJuh2cEIR2bEvvrpfG83RGHIFOY0sU4=; b=am52rBHGt2kjoGsV8b745+6tkPRzmYjYTcc6atIryQakjC9i4CuZJVyg7Xb75Okua0g0P43UmkysI7vsCtNw6Y6SPApINh4Asd0DhBMVLVpHP4lOpYILo7uYT0678HulVlr7jP4eblwoJv+aT3c7ZdvTzV/PLpsBEdoHrJiyiuZszg7VWts0LKmvMTQX4dkUNXkmim4yb8tek04gTEY82r4DekibFMauErfAfjvF/J/NEVLebzOgQcBJqrITlE1u2W3Jkea9XuX6mNgvo6j8iNZqDpn1e4fTOUw4vC2CkMT/5fD6awG4ridx14s+B4xhYmyrPz6X9r5GUoFUkTHtIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MZd3GFtkF82wdJuh2cEIR2bEvvrpfG83RGHIFOY0sU4=; b=LT4MAQ1RUks8gW6o6DtVLKrWjoVKbOoHnfikwrgT+YJ4Wo7R4kJGdxJP/HV7V+I3JSNmJDh7PzfWwdB/w1HMtUGnW6FhL1PKHSnybrDEJYlyBNWGUBo7rLeZ289bxOcxaNBsUf4CBrrodnJFPC9NBzsGzDxevGW3BxLT9IYJ69zoIoBAJwXiJolQSTdYdOkO9UrM98YWk0M4wdi7G8LQbyYnl6lydEyTHa2gQgAiq6EUNOElKGgFUbBChd+RzcQ5QGhKxPwH1eNaGz6PqNbWeb96litRxO/vwn4/rzVxPQrmN5xMmxnvLX+gQ22yjTybKZ0lrNXZxWhJ6bEtGMIhXQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by AMBP192MB3401.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:75b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 20 May 2026 12:30:38 +0000 Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.21.0025.020; Wed, 20 May 2026 12:30:38 +0000 From: hsimeliere.opensource@witekio.com To: openembedded-devel@lists.openembedded.org Cc: "Hugo SIMELIERE (Schneider Electric)" , Bruno VERNAY Subject: [oe][meta-networking][scarthgap][PATCH 4/6] dnsmasq: Fix CVE-2026-4892 Date: Wed, 20 May 2026 14:29:06 +0200 Message-ID: <20260520122908.3151647-4-hsimeliere.opensource@witekio.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> References: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|AMBP192MB3401:EE_ X-MS-Office365-Filtering-Correlation-Id: 15f04b8e-257e-46f0-c7f3-08deb66b996f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|366016|52116014|376014|1800799024|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: nH3v0zFZ5SAAcgX79hxVpMmuknTfV3Uq06PHc5jgI3Ry1PogHLtXIvb3Kw5h8iYqPjumz03YXPJD2MCxTyqQ256RRiVjGKSKBSqpvOM9yhV4Y8/RI4nvbhYCFKgAIpuLmD1/vLE0WrgqWVxjbH9qDNH4aaMCV1p8QGjdyS7qdM3T08J8JiX3VfYIEG/suQubWXPHuX2sBJDCgM6Hb5LW1Nzxo7n7Vmw3133g13mFVW7KXJvI0OX/wB7J9CV6YUDoTJq3v02f1ingwjJc46Ni8n/2CE04fzxxuloOoYiULxM3JCdL65t+YtqiMrEvrq1ZfPo5UdZkGI4VIY1BhbpZ6AVMqe0jXD6vS0R+yBc/M2g69+xAycxDR5ixbYRJwEQFLrax7tOkAWr7CVv9PVVsxTMS0AU2sfHk1mMnZ/lQw8/pbltws1isYNIMSl2/LIQLcc+6xUsKWgzNSSqyEK1C3qYlQfJmPPaZ5RAPK67RCwlrY/v3k770JTK+TU3QxtVKNfzdPmHVd165KCxh/D3he+wTwxxrHJ38Y+1ymT+t+EBYELk0n7v60zV//OOAufghmPvTLe9r6aDdgP/fSnfiDW5E4SpogLAzG3QedY+MH0sge9LFMPZSmHTYRSrJq9kOIvo5Ln/FiQxpwgwlyTOboQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(52116014)(376014)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: W5vWrDx+sd/wZg3c45sSUAcEyR7ZtYtMm8Rs9b3hdtIXA228TQ0GGMsaTtTUDCFSquiRlS7nuL8fdLERObGUll1yGDXpX7QMQl9ZeoxAHKSomf99WvlnN5LgdXrprnGCNku5L+xMuWDpnKz5x5BBSntlM45X7Nx45oaKF9O9cMnGgedzrJfqrZ3SioGgIBR83R0FOgSd/UBGgHYDmsdG5anc1yjisTuH89XHQkkNpqOH9SdVITILhs9G2vBwbds/NErYffpXaXefSpp2iCiJE/7+ILYXsRIg7wBEgzvNDpVkFOgBT+dPJjAfr+V2vIgf5KkP7jVHeVrRLyYrpK75iov2ogCyZSkKcY9BnSf0+knVpPCYz5odBThVMztsAEx5KsuasOdo7R83DCa2oVUgw8u+VoPjNPYbgAuyZln2IvmsM0iMJXmGnpNEcFoU0AcxUt98VkONhJhra1S8YUeHBSxoCp36ufWmrn3iLKLUtuvJGWsi15NSR8qFOR7FwIkRxRhzEYccD/aNsENVGSJgimJG7KWZmzoSmCTw+ME6Y+B4jMRn97kP3E4b1Y2XPQe+8CYqm0ycNYOdVUi4fVXwDTpzopsAeaPfrErCvlgBt3AH/2RGa+TzJc3ED2MCHlpetZSIKGlWGKZVtAQZIEJtkyCNJkils9D+/m5mJRxIoLv6OIIgdeAOfrWw6he+h+CEI33VT/butFJMSO8T/aGgCtvHLT+L++IvOmbyO51Ex6BsKPdRKTmZW7gawV1FT39BY/hzFiC7+MiNKSAImVpqhXBNru8Wv+VBodgJVbx05aTJuLC6OdGDqcwe5Dr2azfndRNIDJ/FBqjkESCeP29uHwMCj9kRHdFicf1jGHP7pyStK7sbUQSD1SIKu/04lLNLiIk5NCMADMq3sf06VbuqyLAEzTD9i8Bn3Sg4nMr63OSwDKWGb/x5jdwBJT5+80iFnMbDQWK5aLq9P+VpDfUJFbF5xdt8aU2l9+EZO3va3TrWtSrXdgPaayBB33/BOfNrqlJigSlLZ227u7ZphJr6zWUj9DVp7o12VWq41UGY09qqXcv2Xh3sOh5zwOtEAWdxqVkeQOrkfBIfiRbEFBKV3kY8P3Y1EWjb/Hb9WwOe7qjx6m17e9fmpvnEVbqGNpJDaCglTi2m9SSXgj2/uAmI1VPMW+fhsGkyDjwHQmF8bmUfefrHOZWMCiXyz45XyGo823weMuN4H6i2JgSrlDYkdngd0X9F7v7nxfho0vXHZ3Ym2mWwuADE/7/e7SOpfea7O/T58sje0DnaJ8yEnVVu1d3vpoRNcE82ssLTMH+x60UZdKpzxIf4OsSEPY3YxL/zbTDquAmmcGctS4UALcCrBKNIM1cqPnkKK16ISKFs2FmOpsKhGwRNXRKqvlq2pwbI01odEDE8vJR1Hgt2J/KBt8/cy40T0fbkGqYAOm2kwJPrrTMQ4Hct4dbDfh91y6IAQbsjB3EDmmE+9NXV+z3qS6S/OFPMjc3pp3KG4XKhUtrqAt40fHc1p9kWY1CSDJBE6BXugbwTPxT8INOf1WhwAXDZbYBpgYkEMVDvchGv7zoQGiINwFyG2kXrgk2F+O418pv3OZr4D79BfiVRZtXhnJtPfhqKpllMdMjVz/66vh102jfoDNstQwGRzWOcC31NLBv1GUxSG1+HLFtGn9kwbrlTeLiOwgc9KDnhcaMYLl9GYD1PIWO77wYxUs/RiQIvSGYdQ7MIu8j6YoFWuufcqCRvkOyvjfheAypH7Hmy3gwNc3p6Eg9yjukz77CVIEHsDU8BjDrE X-MS-Exchange-AntiSpam-MessageData-1: Js1VvbWSrtVxcA== X-Exchange-RoutingPolicyChecked: GEglh6iiUOBWHW1cgf3abA6IAqM7d2jer/sNWJ2vTFJ819tJVJ562Hnd/0sZAwk51zPmlvJM7fYyrF24IAMFNgKvOWtik+e0lLskjd4HlzKCj4GBTkN9Iq0A8a0/Awabd5QEijYKbEOIWhFg7OtKQew7YCx6LXtm9EvcAmS3jvpmC6DCZjiEI9JzwI0GtvInbmq9cPcOP/tauGMQBPr/QfmtE5WKhIIMPzPujkafC6NmRoiWynsOlvSNtM8a+vqCR0JjgPxbmrLfNx7eeJJB6ZdI4fm3s4swHkx0kFsIZ5iGmTjXOmHWSiPlSDCJvCI6tAaT1y8VQXZaCUNALT4WyA== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: fjn/RHW2ZfYfEJHGlz1ujSRdKSLzwHp2co/bZt+6aDcy6VqIxYXygTItNy67emXPuF03FpB1DMlZc0gMCS55CJFEhfO2kmmI3iPiZE3vkC0p9BPkIaEHeTDkEDSms1OR160Yy4xewl10XTavVHMRFtoXuA3VmwLU3vO5ZY9ycvv7VJBkzvX6M82zLnrJsItcEjsGBA/4WHmEbNtHN6e90Vd6LbWcpE5+x9aGhU6fo0UWh8VCPjPyC5A8LlXz+aibs/Luv/3PmR40wst2zxVP40D5AiY6PA05nL2qhiHg3dSEVhsEZISStRaI+T8DryQdeRXsla3JMgiTOGlz3WsgPu361/SmW+dU7n4qAym5PxTvMnKT94Mq7ycdDLf4jId9l45v7z/hhujeyIICQO71nUWDFixRDVK4GwoCegf/wPd4dXFFVwgzOT1KkIXQtWe5YNth7xfIjJNk+X34qcxm4patAkM1752OiGHA932beQ3L35o48/qv+cmf/IXXhSYAgdB09h5gTacqM65BQ9oYMc0M4Ysm7ZM0bIf71HWb5Z1St21auYEuWMka25DNShzXx3H4hSypETfNZaSJ+cuLXxVxxNEDaT8h2XSIOotBmVDEyJERFTFfi1R/6iw3o7cu X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-Network-Message-Id: 15f04b8e-257e-46f0-c7f3-08deb66b996f X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2026 12:30:38.6143 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: V/ZwyEcV+UvH/Rn8ZCm8/eNDVNQtzoLUX1R+5qna36z3IKEf+GeCTUsDXMDQoLHmUTp9dMaI492i1iZkgjb/ew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMBP192MB3401 X-cloud-security-sender: hsimeliere@witekio.com X-cloud-security-recipient: openembedded-devel@lists.openembedded.org X-cloud-security-crypt: load encryption module X-cloud-security-Mailarchiv: E-Mail archived for: hsimeliere.opensource@witekio.com X-cloud-security-Mailarchivtype: outbound X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate16-hz12 with 4gL9qh2s6Bz8tdM X-cloud-security-connect: mail-northeuropeazon11022078.outbound.protection.outlook.com[52.101.66.78], TLS=1, IP=52.101.66.78 X-cloud-security-Digest: cc7bac3134fb76cc19bf06713566cfad X-cloud-security: scantime:2.298 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 May 2026 12:31:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127113 From: "Hugo SIMELIERE (Schneider Electric)" Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4892.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY --- .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + .../dnsmasq/files/CVE-2026-4892.patch | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb index ed8708c339..e08d9df18e 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -19,6 +19,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://CVE-2026-2291.patch \ file://CVE-2026-4890.patch \ file://CVE-2026-4891.patch \ + file://CVE-2026-4892.patch \ " SRC_URI[sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch new file mode 100644 index 0000000000..148694a13f --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch @@ -0,0 +1,41 @@ +From 2f029069825270a3b91eb5f50bb8477ed7f761d3 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 25 Mar 2026 23:16:35 +0000 +Subject: [PATCH] Fix buffer overflow in helper.c with large CLIDs. + CVE-2026-4892 + +Bug reported bt Royce M + +Location: helper.c:265-270 +DHCPv6 CLIDs can be up to 65535 bytes. When --dhcp-script is configured, +the helper hex-encodes raw CLID bytes via sprintf("%.2x") into daemon->packet (5131 bytes). +A 1000-byte CLID writes ~3000 bytes. The helper process retains root privileges. + +Note: log6_packet() correctly caps CLID to 100 bytes for logging, but the helper code path was missed. + +CVE: CVE-2026-4892 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=10e6b5b83e80749cba7b090d7780b29f908f0571] + +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + src/helper.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/helper.c b/src/helper.c +index b9da2259..3a31e618 100644 +--- a/src/helper.c ++++ b/src/helper.c +@@ -261,8 +261,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) + data.hostname_len + data.ed_len + data.clid_len, 1)) + continue; + +- /* CLID into packet */ +- for (p = daemon->packet, i = 0; i < data.clid_len; i++) ++ /* CLID into packet: limit to 100 bytes to avoid overflowing buffer. */ ++ for (p = daemon->packet, i = 0; i < data.clid_len && i < 100; i++) + { + p += sprintf(p, "%.2x", buf[i]); + if (i != data.clid_len - 1) +-- +2.43.0 + From patchwork Wed May 20 12:29:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 88537 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E920CD4F54 for ; Wed, 20 May 2026 12:31:10 +0000 (UTC) Received: from mx-relay11-hz12-if1.hornetsecurity.com (mx-relay11-hz12-if1.hornetsecurity.com [94.100.139.211]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.11018.1779280265273705054 for ; Wed, 20 May 2026 05:31:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector1 header.b=aZQpccTQ; spf=permerror, err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded (domain: witekio.com, ip: 94.100.139.211, mailfrom: hsimeliere@witekio.com) ARC-Authentication-Results: i=2; mx-gate11-hz12.hornetsecurity.com 1; spf=pass reason=mailfrom (ip=40.107.159.92, headerfrom=witekio.com) smtp.mailfrom=witekio.com smtp.helo=osppr02cu001.outbound.protection.outlook.com; dkim=pass header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=witekio.com orig.disposition=pass ARC-Message-Signature: a=rsa-sha256; bh=jj+/2PJVVujjQq0uzPyXQbPuQxZCfK3Q0jiTdKqkzH8=; c=relaxed/relaxed; d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1; t=1779280262; b=GNF7imhLKstBLkxw2WMRw5jhEC+MEWvfHm7VL4X5GhLW7Lg6NZD8+IV/trqc0FbZH0H8MIcW ceaWgKvCXy4/eKy5xhLlGLEAtECJu//SMB0J+oP4n7idOkHBq6IMXvydYKwkQ+mrX+q+hF0s175 PcYlS0MuSXpBZ51nmPhcxVCzeryDFrrCATWbq8q2I7oKyKnnEGZYFKzb2jJW3l/DO3w7e5L6gEl hp6rPLmutFn7MyOMei3RcoTzy05tD9dfjKLUBms8xrxYGURhim/UM4Svl+xNQkp4BdouosdkF79 znJXxxM8A6tFBFC5tUxmHfhkbVvDWqqQs0EilTpkMDRIw== ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1; t=1779280262; b=kARy1z3LbnyxQzmKYLlalfKvRKlNCgF8zoWJpcXctEOqc5lM7WLCewAok7dJfS/r6RqHmKX5 xjAA1pIpczllojC+5G7ePwSwHWdAWY7K3Gc1/EqXiwZusBrMKEbYrWuzhDk9z/hwN50oAvpNDwR s7SIwGCYWXtjWgmx9P/LJ5f4QIxMcd/jHP3srVtXqw4N7DoodJscxiA4kHeqMR3zk090MxIm/Ne P39S2X4CqF7F6103q6S6ecqrPt2eJukdczrRh7IrISH8B4xtSSMfguz2+simy+XByfNS4ggJL8q 68T9q5e6YFNlfy6sFdvVZAtGKfZVSQ6Qip2TcpqstJ77A== Received: from mail-norwayeastazon11023092.outbound.protection.outlook.com ([40.107.159.92]) by mx-gate11-hz12; Wed, 20 May 2026 14:31:02 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Pt/LWlkw0cnVd8GIpdJ/GGvEcjlcXLNRd6fizPCoTBHvdA95RaplRFF+dZr5HgUZNVwqxKDZKHaFf3ucxvf8/m5V04uzudxFHtXGRbV/B6NsjhhQtDZDbkAt9WMf6uihOthX9N1zQ8C/3YTqQfFhhoYW+IWtqGEjLvvICQBsxJ4fteIPZCeeKx8CAOaiK6R2cvrA6v56fwfVJZGBzJmyb5mfE183mB7WQvVt/5P4gonzRgAT7MrLX1bEtamK6GF2ag2ee6/n5PHmMXwQuX17+oIUc25GW6Pgt2a7IU2fG3ObDC8pLknoIW/j4434aBWlaDjvjeccxSY3sPefbjZtqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jj+/2PJVVujjQq0uzPyXQbPuQxZCfK3Q0jiTdKqkzH8=; b=WCNJMcDxJ+fAm6qxA9jV2TX68idIOjq5g//P/tOxtbOIEOBUN1ir9wwp7g/KZLdiNx9fNBVlSIi6IiW7d4qs6UPDKyet+lwvr/xMOXtlNAmMjExRL8nTAcb4UX3m+kN6a5hVIDmhMYZ7MUXEqBAU5IRaQIBbQ8ykDUU/gGy2Fu/JZmVg0qk9PbQ0cGlxmNV6HS+6oCPOZP7uWrER/Ib08RbQJhXtDhEu33eXT8Y141fJDqxf+oQYixoFNC9IXqvY5hiJOF9d8834Z1zMROa8WGrL6uOKbA1X33FtjZwEEXho+dVW6i1yJs/JnBKfmWNAhsmb3GJDc35yKVQEFWA+JA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jj+/2PJVVujjQq0uzPyXQbPuQxZCfK3Q0jiTdKqkzH8=; b=aZQpccTQSXE5enTq2nlMw3z0fo+hl/u13GAvupf1pcHwqC9EKafbXDSkFng8XkwoNbVCLsr+8w2KZ0rfFOASbUF6aQe0xVizbmEqnpmsFuiijDUhVpsA06lzM0eimYaccERsyw9mol+k+cNeLSqWWia8jqJWsRM+cCLwsLhR3zNT57HfCw9zOrQYDjafpeosze2CDSdjBw8V9fUuLKpqzFvSNtZM21ndkXw42q0eDzK3lZUueU4pPDv6sS8otQCIN5yYwLFEfBX+iurA6BOBYE3/UaEOiD/OQ+olagmREAbQHO1byZKBb1BBrCGIZ7pQaFB5CmesCEtgzx29mIBDjg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by AMBP192MB3401.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:75b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 20 May 2026 12:30:55 +0000 Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.21.0025.020; Wed, 20 May 2026 12:30:55 +0000 From: hsimeliere.opensource@witekio.com To: openembedded-devel@lists.openembedded.org Cc: "Hugo SIMELIERE (Schneider Electric)" , Bruno VERNAY Subject: [oe][meta-networking][scarthgap][PATCH 5/6] dnsmasq: Fix CVE-2026-4893 Date: Wed, 20 May 2026 14:29:07 +0200 Message-ID: <20260520122908.3151647-5-hsimeliere.opensource@witekio.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> References: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|AMBP192MB3401:EE_ X-MS-Office365-Filtering-Correlation-Id: f6eed3b1-f2c4-4b99-9ac0-08deb66ba376 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|366016|52116014|376014|1800799024|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: vryNh5FbnNhNsUHmTEnrpdrreI12XmnrHeTBWHb6DdqyHHZfH6sf7JSIC6R93VdV2w/s7WqA7IXMILRg8F0JFTJIrJrW5RQD2aqp4Hzwkr6JLO9qKcoPhAV/Thp1NkkqUwuPVVhaREKWA1X7DIGE8PJpqB5hUJbuwnrp9Ou/FjnX3/Yr/sKSfX6bI/2gmsXRexAAy4mmfRgIgbrGJNJ6j8Av2z0gQ1HlVrS8o/rM/MF8R57plWAs8QZ9ReEqHc1ZH11R6l6OA9P2Y6aDi2qz0HYAGMCDJI0XVZYrG8LxQQAfhtvy4iZ6qyoTOVfZliQuUwBgAwBRP+I7Ch9wCW5zqRF59xxBAJtrOpL+Ku1NgL3UkYSLvzkDsYOdFyc2I2/D7G+HpdbJ2SWy1QerxFFj5/WqfFeehO5oPC8rby8r3TEbASrO9mIcCW1M4QEq6iB/BqFyCf0LAHDb991u5Dbua9lxXl3ihH0OGp67GhOnS7/hMg/GHSFQZGtDmdDcKdO+/VJQb6E8ZrhoG4ouvZqiOz01CSUChdyJMBBxzcup6Lp51fdiiTfF9C792cGQgf+hpceiS9asgjqn3AgIIkyJ+CeHLFC46IIEzXredvhuj7CGSTCn3A3r9AJjf2TObw/b1J82iPpBQ+SrGm6pFnpM9A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(52116014)(376014)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: XNFt4Ve8iymWU9j+DC7SL0KLMkArw6Xho0SaAdkZ1+vyiEfdE1iyO9iRlb7Xb3XTGENLuGm7rBM9yLwu0nke424cWC62h1DeXobEd5p2f54ybOTUNQ9bNP2PL0Ue7pjJ8CrQBZeFefomUEpKI1tj8eYkKFuHSa8XwmIvK3QdyrPiy1FYy34HYU5hQclFm24hruCI0u9g7L7GmXuX1ghcDvsCIsby1JP3DO5HjrJDoL8W45htjNo8+34gnGy1lSh5pW+GFWF7A3A5Qt/Ax4zG2ISVGKF/vMeNJKM50485BQUCqhWXD+PMUYxzmfudZkMCIBOhmgGEyZMxxUaRjqBOceEydYZSxqe1SddjWaNNFF50dsfvH3ZWE8kstTeMIJu7Uy494dKPCYCQnirNsalhXMN0WvdoTcDR4+VQIQQOnd0gmxgwhJdfzd//S+bbC0y/6TKBSp2Jq1Z/7vpTn9AR1XmDzTonVS6lpFcs68ylkGmO77fM2CcrlTkB0b3GYHv589i9YHAkJsENAlT4J8e7WmO2z2twij3dO8+gXSajkeLQ3mf6WJLmC/EoknL+9PFEyCfMGZ4e4wHi7nQKEPMt6yzm8vx9rY1vhUSOfbMWFqQw24BqhPMCYME1ohYb/oDa0efZRSfsOSNjKWDCuIl4bvioelDpJTP36IxtCv4uYSNmy9r6TexYU74AdprvrY4uQ19OAFbOAV7BtQO9tB0ywxRJPBgJncCp5HAbPAaY4zAOwzHpjS5CF3bDwS9aAT83PKXB2HPcqzCnlgq3n2CyADFH/FM6YfzjSwpeXv4rxpPS84OtYB0XsDBOiFl3OaObEbyq4WmX1zr77eNu5bC0VT2cgCJcS2ipd/FcQm4elKq1UxqoTzfWylm2V+JTyiL/Omzq8BZg1nGkLFvco6/IPQ95VGn1Lblq3Xxv72Q9K1jAwATXht4AuEpGgo22WsjogDciQYh1M37JOBnOZUwqyptdiZlt5UFlzD95dSaeY0nUdDBVMG3RdsMvkAGU8SB2b5DuuZIKLPf5SmSqA3UQdfU3C4sx4bdLzDIAp4bPlvWe4CB6uOJFb0NtuHAHPWIip0O8vX1KN1MhmM7gecp18a2tozMCj4XgnB0aJvdC7JW/A1zelsnkUKtG7pAjc+xO3BjDPN5GoF5KOaL8z26obFMm/kxjQuiniGyU+rKnn5OVuEN3tLfY8FbwJZe3AnblGj6G610PERnO4iHkqAqmTlOBCSNpQMS9WlcQZnfRAPLbk8U5Lr5am4IltKt2t66G0WWPdRWSxR7tEsH2B6Dpf4NoBeDIv+4tH7KF/6FUUZh8thn9qoEK8oaT5DE50QByroBSk9ITpn9VSx1ZjdYFeA+ekXyz3Vp4cw6aR+cFB61+dnxDkWxHxOT6Ez3V8sHR/60hchBNBF8zBFkJd+zBKSYG/C3Fp/Llktx6ckBM+5Di/MKBVSTYkBNLMmkkQ7IIIPU5p3INEcsQOPl61Xw3N4LC0x+SZS2hMaHBwPLcWnoukubGYJP1fWh44BQS1vijQwKuTq2unQA0nGVYhWLAsTxn25U1id5VgWssZoa9l9qgDI+wOzj3T4NyfkFnVInbNmpG3MTmdOt+rS3ROzAgVhpfgCkg5LjynFJ/UtkRbbJr7QlhS/hNR12Gf16rN4mG4ysWQuN1xkGcLyQfXXumrAETWoZFTh7RiOZV2+ANMT0NIGjUfeeCXtadKafony+3nTdbgfWl4tkv7gX/da6q21u7j3ln36Y2KOzxgHffoP0STR5Onx4eXjK/rEAMuzxDs0pNxxZs X-MS-Exchange-AntiSpam-MessageData-1: v3fJy4+ccLZUvA== X-Exchange-RoutingPolicyChecked: DuHGxkcV3LL7MhvRbnEO4VAhYk0PTtRYU76nclPds6lAZG7vEXY1jgNolIh2AEFtoYJRptG3PvxmUcpQTFacRZmuysZ1SG4o1p3N+CGs89mDrWcApt7jQdFGtTN2PHNqcr+QFYLR/Kvyh+G1uvGpNG3axy0MxN0xwN/S25NVeuajo4CosFAXITXbTo5xbaJunTfmVhBzt7FtoPWAgP0mDw6GQ0DZvPwjk/qYxXMiuLuNXs+SrnrvuAbIguf6JhynOwsJ0dxaMJw8gKYXIUGV/2aibYg7cKk4GqXwn4P6hVsOvZ9hQ4MG3bXJY/EvZpUAsBuqg2Xtp+XabC5vtINLfA== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: zsboanh9bfiKpeCThFLbsuA1hDe6nVVI6EOYNVJ4hY+0RXZRzqTlD/k+Nxl/KHaO0c4kubQgkQ5y6ZtleCEVFnu6aj6ZtJT4ah9Qg9EKyFFU3bSVl2s0kr8NVb3giBd9uCMCIPtn6fDqEw82mnSoT2k/ss7OSIxBPi9Bym9Cz/PxVk/tPAHwbR7PV7TMasQzziTI1o0DZL3wFdb8dlj5AKDwnsTeT1WIvmrH4y4S8rxZAg8mtK2/H241Z3xo7ajXk4zK4VRjWb8Q6/zc+Zht99QqdjY0v3rwpB4c3TG+Lv45GfFs1GU5yNCQIvF83DAgGIJTyT2JOkfisOyMdhxxyQWkdvu8SADRE7oSRYx50zh6Yk8VboN/NPZZFL//5PnaFm0bIZRBv/SXs1oCfzXxJYY4cdz3Ydmz9t+qjrS9XzfrT4jSEc/mXSgCdM+8/SUXPryQiUCaiIIvjp7AnELllLu/mSFeLnvrsJm+CmbC9M8ZzYvv5RbZ5yCyGEFfpr+z3RMB9yQVDMPAvjq8/G7nkdSHHUSyjIyvqSUN3ziWFVZVeMRtVuJwn3099DuBe1a10CqVO0eLE4KWXGYKotVoeFZiXUx6F53WPm2gQjjZ3HYgpdfUxRdggeqisy7dfAdu X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-Network-Message-Id: f6eed3b1-f2c4-4b99-9ac0-08deb66ba376 X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2026 12:30:55.4331 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JIbvlpaJGN4XKqogO+PW0DZmBH5fVoNmgPvLaaGPkR/h6t9zHrGjQc53+x61j7Jn2QFJmaNyOppw/RBfHYUP/Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMBP192MB3401 X-cloud-security-sender: hsimeliere@witekio.com X-cloud-security-recipient: openembedded-devel@lists.openembedded.org X-cloud-security-crypt: load encryption module X-cloud-security-Mailarchiv: E-Mail archived for: hsimeliere.opensource@witekio.com X-cloud-security-Mailarchivtype: outbound X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate11-hz12 with 4gL9r10SRxz46TqR X-cloud-security-connect: mail-norwayeastazon11023092.outbound.protection.outlook.com[40.107.159.92], TLS=1, IP=40.107.159.92 X-cloud-security-Digest: 934bbedbd05ed8681c9b3a7b215c0dd9 X-cloud-security: scantime:1.663 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 May 2026 12:31:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127114 From: "Hugo SIMELIERE (Schneider Electric)" Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4893.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY --- .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + .../dnsmasq/files/CVE-2026-4893.patch | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb index e08d9df18e..3f06bbb6cf 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://CVE-2026-4890.patch \ file://CVE-2026-4891.patch \ file://CVE-2026-4892.patch \ + file://CVE-2026-4893.patch \ " SRC_URI[sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch new file mode 100644 index 0000000000..8aea321329 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch @@ -0,0 +1,38 @@ +From 262aadd7a38947d2299234c8c9cf736ff6ad955d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 25 Mar 2026 23:22:37 +0000 +Subject: [PATCH] Fix broken client subnet validation. CVE-2026-4893 + +Bug report from Royce M + +Location: forward.c:713, edns0.c:421 + +With --add-subnet enabled, process_reply() passes the OPT record +length (~23 bytes) instead of the packet length to check_source(). +All internal bounds checks fail, and the function always returns 1. +ECS source validation per RFC 7871 Section 9.2 is completely bypassed. + +CVE: CVE-2026-4893 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=e3a26d092e47bf1d18aeadb758e4ca35c83b5f2d] + +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + src/forward.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/forward.c b/src/forward.c +index 32f37e40..19ff4401 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -710,7 +710,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server + /* Get extended RCODE. */ + rcode |= sizep[2] << 4; + +- if (option_bool(OPT_CLIENT_SUBNET) && !check_source(header, plen, pheader, query_source)) ++ if (option_bool(OPT_CLIENT_SUBNET) && !check_source(header, n, pheader, query_source)) + { + my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch")); + return 0; +-- +2.43.0 + From patchwork Wed May 20 12:29:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 88538 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92FFCCD4F54 for ; Wed, 20 May 2026 12:31:30 +0000 (UTC) Received: from mx-relay162-hz1-if1.hornetsecurity.com (mx-relay162-hz1-if1.hornetsecurity.com [94.100.128.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.11028.1779280280669797051 for ; Wed, 20 May 2026 05:31:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector1 header.b=gZUW7imc; spf=permerror, err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded (domain: witekio.com, ip: 94.100.128.172, mailfrom: hsimeliere@witekio.com) ARC-Authentication-Results: i=2; mx-gate162-hz1.hornetsecurity.com 1; spf=pass reason=mailfrom (ip=52.101.66.118, headerfrom=witekio.com) smtp.mailfrom=witekio.com smtp.helo=duzpr83cu001.outbound.protection.outlook.com; dkim=pass header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass header.from=witekio.com orig.disposition=pass ARC-Message-Signature: a=rsa-sha256; bh=xkNIF6EsRDULheDSbRXAQmaej/kClzvnS3c/uNeHpoc=; c=relaxed/relaxed; d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1; t=1779280278; b=BgJZjyz9puDse+a+b9CUu06qU7o3JmCuUpNussm4+yHIWeHNj3dTAPDh7SK8EkFiwGI4GIW9 V5paiIWgtffuRJsg59u6d9PvFaYF8NgKqeWrwnii8youv6UvXidTQdc93AUigvNfdW9xeckMMGj yEXAl8tsmljzgI5sttIhBo4f96PqSTWRUKqMn7vtsNWlc7VJ/mnh/sHH4z1LSxMWG4seiHcMuE4 bQIscMN9N8snYs7hgcJXBSGNkk6rX9NqJ7DDUfp8o8VJcujsyQYsSyTwM1XxBeroOLZIxVD2+HH iYX6YEysyS0ttVw7JozqWzXSWKEL0+3Nje7NDT/HxBHyg== ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1; t=1779280278; b=Z45VYyD8Kvl+tsVXrq1RAKf7G4YV62y2aJA/AvBG/f/JGVL274i/7LhphGwohI0Y0LiMO/wo 9BsQiH7MXPbWgsHSiBcjikPjJ8PnTJ3z7d+VeSqxaetgfVNOfiUyw5C20jvK6X4UWj4+oRljpQ7 u6VZgLsQ0JtGW3abCTTfWQO+JtySbiY0jeSkDiwccGsry4hfWmxcGrV0fp+IXUvNNqx83DKZr8l eyJdHt51GmYXmjpQm1tOZLqeCwN1VDLQRWm92WKq1Yw4hX9VZJ7FXul/gTrHsVKewEwkydx5bIo I0uokcru2g3sAC2SIEzjqKdI1I1685vnp01fzmMuU2UQw== Received: from mail-northeuropeazon11022118.outbound.protection.outlook.com ([52.101.66.118]) by mx-gate162-hz1; Wed, 20 May 2026 14:31:18 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BPx/aOB47jepu9x1fYBSd1RZ71cX/s+pnzRlXlFgAj+wGDQs+wi2czXGfiQ+HfA7FkJbLVdGPFrIYn1WG/SmEKby9CPA4j2Z2bFa2nkY2wxuNuW/1Fx776C+H7bYJVJGl27HKzGGelA3JezCD9akQyzKR7c0cuaRXqIvxOEDqpHEsbkeNqckH+93AoMXu/Nmx9JMfJVOEusYIHoe2f7vdm64YRulspicHQ2N7B1JT90lQq2B0UMpaHYTNvAJwlTLZcMSCsft2hzSIBSvhhR+0SmcsLz/dPu9bW2L7UKF0I6MAxg05K8xP6a22lE9XRMDzuZBIlyVV3mfnF0N60EcNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xkNIF6EsRDULheDSbRXAQmaej/kClzvnS3c/uNeHpoc=; b=ALKDUF9GvMLS+24xl39/FnVO24ArQXYkyVeIW938jEhaFZvJ+uFEKbRjF+x3CGzRYxbuK/mm5Sqg4EUTMdp+0+c+s966Y2jgQNMlwCVoa2HO2gQPPagxK1L3kgmKROFX5vjOMGVl6hS14p/eYQT5O/eVU0MskCEStCFgO/X38ih2NXCwKdl1FsW1h93bB1RELbTzTcCoSrR6WqgCgsvI1caS5Lz/0fIpHVQ7tx6EQF50frA9cQ3LXV3IfPijJsmsZZftSNGDzx7vhRyoRJWtKxapEp8Z7E2jEpbjFYAXU1zJw6chkl0sFrx+funvx27Han9x6oo07k3to9Y6L6VHqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xkNIF6EsRDULheDSbRXAQmaej/kClzvnS3c/uNeHpoc=; b=gZUW7imclOG1etNau0dd3ybMJ1R7Q9aO6pSWpjn0T3VOwJ0aznRy8SBPsPA4eZpRPokP44Afk9J2dtl2Yu/0K2Xz1oFCdaHh9A7ci+NNYozUau5sKcIKPy0WghGUiJJsI2z/N/jTr1cdmu8dUBts3duasTHMU8j69XwWT6BdI21ihS1oPd5G9Y3X7lFFAwP162hlQjM6kqEdMy725ZOV5V8ba8djSJP2XC1LuZKmSvj1/GLjnIKhxzVSlmYOBNKVCD6wHzjK9sRkNRcoJlBLDYRZGEUwLa0B/vf5lfldTuPx25CNQLxvRHFf7W35cyhfJ3xuj0kUb3BaIzWLzz47Eg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by AMBP192MB3401.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:75b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 20 May 2026 12:31:08 +0000 Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.21.0025.020; Wed, 20 May 2026 12:31:08 +0000 From: hsimeliere.opensource@witekio.com To: openembedded-devel@lists.openembedded.org Cc: "Hugo SIMELIERE (Schneider Electric)" , Bruno VERNAY Subject: [oe][meta-networking][scarthgap][PATCH 6/6] dnsmasq: Fix CVE-2026-5172 Date: Wed, 20 May 2026 14:29:08 +0200 Message-ID: <20260520122908.3151647-6-hsimeliere.opensource@witekio.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> References: <20260520122908.3151647-1-hsimeliere.opensource@witekio.com> X-ClientProxiedBy: LO2P265CA0178.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::22) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|AMBP192MB3401:EE_ X-MS-Office365-Filtering-Correlation-Id: 83c7c2c7-64b8-4df8-3b71-08deb66bab77 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|366016|52116014|376014|1800799024|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: OQp7gdnxmmCsjMy4s7oVJBIyTi2FbS47IN1MVgQDLZEIYdpCcWUvJTichOmIzTaiyOJVlcwMiOUp8HAut6WBmXN1CJv2vzlui879n93e7MNywMM9Qh88E4wQLoiESUYNgBQ8k9Zx1+v9wlXQfYJ80xThzxFdDNAJXI2HzPB+sFgnJWkWXZHDpmOoaCSkcF+lY9qj1fu+3+rfLll3JWM6lgNzqV9Gowv6objRKxC/90CIMVHxoWFTGni0W9iC1BSj2ExiExYIGkDPuk5iU+82TqlMcwXBJ5j+0tH2z8UQ0cpVR44nWQHUU7IdmYacBDsvM0+ya8Cfn6DgVA3R7qZHUPTpbmsIWwTpo+JD6ra5NiNxRG3EDRyg8JnNVheU38kBpjIwupJcTdCDciRSY3sxqosQLqOXFrlCKR3Kr4NuYuXVhqCezg51zo7Mj8MLfALUtfla+0cWkiN+n9sIMgRqwe9Ie9pkUGzejLVUfxtRVQJrSOJDP3QQzJJ2p+tfnqywdxDJqEfu97vRKKwr53bp762i2hDuaYHVL3KZAoyEaZc8QQRN/eXd8wvvuxGtJSzy1/YQgV/+AL5pdkALNqsb5Hbefyi45K/FwPxAsSxn48DXEaZjKrWyl3h9WS5a4y8mKClNoAE//dHB0I96KP450g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(52116014)(376014)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: gGdaWW5UnMS5N0oALauegDdWaSOY5YrLl22aW4dYLt/VeozOgglGg6LJPAdBIGjtn/jALy1U9oy3Mvg5+O533M61uQWEdNqck778/Yc5ZjUfnM6/XYEnaL6ujzKHLLKL6IMMZAATEx5LVty8MQqRxZuR5pdZdiEJKEJjPkJglT4RAwkY3QfQq5vxh5JvjYgTzv5tS/hdEs7i/Pf3wboOzcSWeiQg+dCUnFY/KNOk7M+Y6sBX2yBtKIFmB8KhrQHhKBkGJVCTmxFTB4KqvexiHY+1O9lxIHmrqCxIGGU/sW/mWetZafMpD8GXsCjq3CPWADRMb20+21ak+QGuh99t/BjbLSXY1k8xBLCVJCHikhvHeVzMguGltMUmKBvXq30TWbKAhFypS4X0pmL8PSLi1fAZj65yYnGX3Kwx1T4odvV4W6XY8wBZ2K6zzKMKfwLhz7PyKNp7bjJ53HC5e+zALqElrdqtVvMnmuJxG8/VPRMmyndFdqyIZ7tQRQQ9ezv25fY9c3XvSHBABLyrrAohXGA5IoBhhTwwZ2b5Wf6lFS4xgK6Hw79302c0qcJ2HB5xF7uWN8j6nldSss3kKPtQbDSkC6fEKSuiWULnpDEkudZmDiERJiLsphFaXqVCRUcPOTgb6mbtA2MPwajGPeEOYbwDX3T5/UJZfdVgZSvpT+Ecg1YcVFg9EQOkUGvP9FsZA4u07/RqZ1gaJ4xE78Q2gupbFsIVc7E7UoQmWBWfb3U4wPiEVfPHs94Ck8/x+aGOON7CBcweYZWyIbnGOOqjPp2fVU7C1GpHo4nLtG2T7xLiHStL0ZtbJZDf82QKtdVW0xiPyWH4PJEm3aWhnA6+63hJTYrcrm0G8B6nyMlU6galbWk/LEClo1tQ8LU1GYoSBxTBVTIyK73H7mbsuBLT68lHtSgmqWao2eOTP+QdHWm0aF00CC4CYQI18Y53Wu7HU1nE8S3YWh3BA9XO0JfAxURrUHtTV/Azst7nP7WhMo++o4vvq6ja6NbZ4VV92IVESzRoaD595HWrabb4aKqjASLX58X5ArQ9qq2ynloHvVcqp98KtueJLLSz/DI4VezzzpoJR2JryAcpUifCrm6pUgc5bGLVS4LDYKY1dsJseeGNQrd/Cp8SZlsH/XhHPDkce+T7WF6H3EcVG4cU8q53GNTCK7lrRh5cOdby2yrAo7Wttusf8ahdE8uFBlUMJH0E6fh5Ykz2OvnSCvOBXmzdKGU9lxNu1G972zCsGOT+9ZQOe3hooSBwKfZOHCKk6/22z9SiEtNxCkbo3Be8T8Qa2IhT3DeVg1mmgePg1o3dIVFxIZxW143xLhOiA8xLh3CFgWAnd0o9UiWoy2hektoRRuK8VSwpotZjL9h3YLAGh0xRJGaLMYqt1yzEz/Y4s7qlj+JW4Ntx6oKDVk51usSgnl/uQVB45ZgPy+z6ei6WVwj1GGQp2pB2ljTane122BnqsAsxqXA2cDqdOh4f6Ki+ke7q+oyo9LUMZKh9ppePiArh4TFlI7pBI7gGhTSznP+R7LsVd0In60GOiIRBKoJMbX1fXfppkoXoa9fc47Fd3DhmbldR5TD+2DEi9RWsz/vU/vsNWm7oDGJtbjQkrAFOk4iXKWa8KfCGd0fuZMyi7UvuqtT5WHEbU/jYf2EpARHIkrw4mScYyPSa8QINaubxf/EvogSRFc6qUGDcFrYDB2skCxycuhRmd6OEHlXTF5saDwYEXzttfM8F6X6HEXWVVeGNM27hc7l1y2huMjkAukY7LUq0CVVz4yE+OTcMQbZqFdhVhUh6 X-MS-Exchange-AntiSpam-MessageData-1: dWKkvipGx9IikA== X-Exchange-RoutingPolicyChecked: F6Jr7mkOugVAV4Cw5bJDIpUu/yTxV/2aVhOc7kdSOAbvDwlnWZHoA+q1XJqsdqVXN2ZZPMI/vMowOHYDF4KqQPBzl7eQBX99weNUtH3mV6K2SMZeXOoC8cOdFTYhneybhoOHvJkLuKO2aj1JHvYwjiREev5c/oSic/5Ijg/vRuJz1haHbAIKjbB+4JEQZJbZy9SvNib5KjbMP1HRspZETTvMPxW2gcXKvNHmRktvk5SRQp82zeW5o58YzxG1T6Lob7o9mwoGt2uwJHaOLpyCFcw3/HsrTp/EksDdh4Dr3ZcPeJNqP0BsHjlPfa13DpUM+krBG8u2g97GRo8OE5Pl5g== X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: lZkW/FWSDTpynXVjIBRsapP0M8zNTntWxmXbK253uAUh7a+/K6NKuVnpKCxhs/6JtO2aAMaL4k736olyxirlYs+A3nXofsLNCMUwnJKlLBY0DjarnrlZjX4fHO4fJEF2Y3k/dpRqkCRyEJQGWE42VU2j3GUtt2azwpvjw/X6kUu8uawbqL1zSJn3hRdidzyWA/E1TwrQmmPR3exLSJLvxnX1Cr9W2GqX/S4OfXLteuTNwV+Ybh2K97a3W1pyCrMcfVpGcHW1ZMIHpRWfLFINfh6QvZufmeRZrjIKCohCDc7/c2PPK85beTUCs3WyLRUTgu63PI0PggvYUZQWvNrVeVzJwa5jadFqiyXEhrrH+rybL4mvjGGdxwQuRy9LU/49cc3wX8QQzGtqD0S4jpYodQPodyaKQvLCD9iYs2vUkAgHUxLZT62LNoKaBkPxjdzLzhBrP5BtR+/BQjhRPCDF4Y3vFLmEERsj6hoS9USUyHJqy2V0mqTjfKAB/bXS5GPN+BGlC4KH5yq/wqs6iYQ/q+VZs0lJZW/59QnOCDR+6ThUEkmo3g+vpuHjQTX4a10RWmHPNtQKcpyZu5Az39EwOX9WwvKDpsItUKpAIh6IjhSHYbdh/crvbo9Ajy8Wgf3q X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-Network-Message-Id: 83c7c2c7-64b8-4df8-3b71-08deb66bab77 X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2026 12:31:08.8489 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5Pz7fedWpC0mJ1sXhiqAw6IJ2xRgeXDP3iDLzS/SsT24enmrZqw8lgrF41rjMe3IDaEfYtMOoBM6akcyblnxvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMBP192MB3401 X-cloud-security-sender: hsimeliere@witekio.com X-cloud-security-recipient: openembedded-devel@lists.openembedded.org X-cloud-security-crypt: load encryption module X-cloud-security-Mailarchiv: E-Mail archived for: hsimeliere.opensource@witekio.com X-cloud-security-Mailarchivtype: outbound X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate162-hz1 with 4gL9rG1hvdz2KXns X-cloud-security-connect: mail-northeuropeazon11022118.outbound.protection.outlook.com[52.101.66.118], TLS=1, IP=52.101.66.118 X-cloud-security-Digest: c7389a36080246dd7c4397b8a2f3060d X-cloud-security: scantime:1.845 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 May 2026 12:31:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127115 From: "Hugo SIMELIERE (Schneider Electric)" Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-5172.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY --- .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + .../dnsmasq/files/CVE-2026-5172.patch | 39 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb index 3f06bbb6cf..3e8a808065 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -21,6 +21,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://CVE-2026-4891.patch \ file://CVE-2026-4892.patch \ file://CVE-2026-4893.patch \ + file://CVE-2026-5172.patch \ " SRC_URI[sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch new file mode 100644 index 0000000000..58aac87e4e --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch @@ -0,0 +1,39 @@ +From f158664062e049ec4604f6e772551a00575011f4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 30 Mar 2026 16:24:33 +0100 +Subject: [PATCH] Fix buffer overflow vulnerability in extract_addresses() + CVE-2026-5172 + +Thanks to Hugo Martinez Ray for spotting this. + +The value of rdlen for an RR can be a lie, allowing the +call to extract_name() at rfc1025.c:952 to advance the value of p1 +past the calculated end of the record. The makes the calculation +of bytes remaining in the RR underflow to a huge number and results +in a massive heap OOB read and certain crash. + +CVE: CVE-2026-5172 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=073082ddc0aba7b8efa15a688d6183463b65effa] + +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + src/rfc1035.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 387d894a..32dc5711 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -932,7 +932,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t + /* Name, extract it then re-encode. */ + int len; + +- if (!extract_name(header, qlen, &p1, name, 1, 0)) ++ /* rdlen may lie, and extract_name() advances p1 past where it says the record ends. */ ++ if (!extract_name(header, qlen, &p1, name, 1, 0) || (p1 > endrr)) + { + blockdata_free(addr.rrblock.rrdata); + return 2; +-- +2.43.0 +