mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-01 01:30:23 +00:00
Code Issues Projects Releases Wiki Activity

dnsmasq: fix CVE-2026-2291

Browse Source 
dnsmasqs extract_name() function can be abused to cause a heap buffer
overflow, allowing an attacker to inject false DNS cache entries,
which could result in DNS lookups to redirect to an attacker-controlled
IP address, or to cause a DoS.

Reference:
[ https://nvd.nist.gov/vuln/detail/CVE-2026-2291 ]

Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Abhishek Bachiphale
2026-05-18 22:43:31 +05:30
committed by Khem Raj
parent 47e9739586
commit a53328688a
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb
+1
View File
@@ -15,6 +15,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV
file://dnsmasq-resolvconf.service \
file://dnsmasq-noresolvconf.service \
file://dnsmasq-resolved.conf \
file://CVE-2026-2291.patch \
"
SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1"
meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch
+37
View File
@@ -0,0 +1,37 @@
commit ec2fbfbbdaa7d7db1c707dce26ce1a37cfe09660
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri Apr 10 16:29:31 2026 +0100
Fix buffer overflow in struct bigname. CVE-2026-2291
All buffers capable of holding a domain name should be
at least MAXDNAME*2 + 1 bytes long, where MAXDNAME is the maximum
size of a domain name. The accounts for the trailing zero and the
fact that some characters are escaped in the internal representation
of a domain name in dnsmasq.
The declaration of struct bigname get this wrong, with the effect
that a remote attacker capable of asking DNS queries or answering DNS
queries can cause a large OOB write in the heap.
This was first spotted by Andrew S. Fasano.
CVE: CVE-2026-2291
Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=014e909f787e808bb35daa546d3f8f3663918de2 ]
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 254bacd..58be09f 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -479,7 +479,7 @@ struct interface_name {
};
union bigname {
- char name[MAXDNAME];
+ char name[(2*MAXDNAME) + 1];
union bigname *next; /* freelist */
};