diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2020-11-12 18:49:23 +0000 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2020-12-16 15:48:36 +0000 |
commit | 257ac0c5f7732cbc6aa96fdd3b06602234593aca (patch) | |
tree | 95ea304d1886a4ad11eaf86045c1e4d65c642cd7 /bld | |
parent | 4e96a4be685c9e4445f6ee79ad0b36b9119b502a (diff) | |
download | dnsmasq-257ac0c5f7732cbc6aa96fdd3b06602234593aca.tar.gz |
Check destination of DNS UDP query replies.
At any time, dnsmasq will have a set of sockets open, bound to
random ports, on which it sends queries to upstream nameservers.
This patch fixes the existing problem that a reply for ANY in-flight
query would be accepted via ANY open port, which increases the
chances of an attacker flooding answers "in the blind" in an
attempt to poison the DNS cache. CERT VU#434904 refers.
Diffstat (limited to 'bld')
0 files changed, 0 insertions, 0 deletions