Use SHA-256 to provide security against DNS cache poisoning.

Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
author: Simon Kelley <simon@thekelleys.org.uk> 2020-11-12 22:06:07 +0000
committer: Simon Kelley <simon@thekelleys.org.uk> 2020-12-16 15:49:02 +0000
commit: 2d765867c597db18be9d876c9c17e2c0fe1953cd (patch)
tree: c7e1cb14604310b7daff7860e82fb0a32c6d5453 /bld
parent: 257ac0c5f7732cbc6aa96fdd3b06602234593aca (diff)
download: dnsmasq-2d765867c597db18be9d876c9c17e2c0fe1953cd.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/bld/Android.mk b/bld/Android.mk
index 080a615..f924be9 100644
--- a/bld/Android.mk
+++ b/bld/Android.mk
@@ -11,7 +11,7 @@ LOCAL_SRC_FILES :=  bpf.c cache.c dbus.c dhcp.c dnsmasq.c \
 		    radv.c slaac.c auth.c ipset.c domain.c \
 	            dnssec.c dnssec-openssl.c blockdata.c tables.c \
 		    loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \
-		    crypto.c dump.c ubus.c
+		    crypto.c dump.c ubus.c metrics.c hash_questions.c
 
 LOCAL_MODULE := dnsmasq
author	Simon Kelley <simon@thekelleys.org.uk>	2020-11-12 22:06:07 +0000
committer	Simon Kelley <simon@thekelleys.org.uk>	2020-12-16 15:49:02 +0000
commit	2d765867c597db18be9d876c9c17e2c0fe1953cd (patch)
tree	c7e1cb14604310b7daff7860e82fb0a32c6d5453 /bld
parent	257ac0c5f7732cbc6aa96fdd3b06602234593aca (diff)
download	dnsmasq-2d765867c597db18be9d876c9c17e2c0fe1953cd.tar.gz