diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2020-11-12 22:06:07 +0000 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2020-12-16 15:49:02 +0000 |
commit | 2d765867c597db18be9d876c9c17e2c0fe1953cd (patch) | |
tree | c7e1cb14604310b7daff7860e82fb0a32c6d5453 /bld | |
parent | 257ac0c5f7732cbc6aa96fdd3b06602234593aca (diff) | |
download | dnsmasq-2d765867c597db18be9d876c9c17e2c0fe1953cd.tar.gz |
Use SHA-256 to provide security against DNS cache poisoning.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
Diffstat (limited to 'bld')
-rw-r--r-- | bld/Android.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bld/Android.mk b/bld/Android.mk index 080a615..f924be9 100644 --- a/bld/Android.mk +++ b/bld/Android.mk @@ -11,7 +11,7 @@ LOCAL_SRC_FILES := bpf.c cache.c dbus.c dhcp.c dnsmasq.c \ radv.c slaac.c auth.c ipset.c domain.c \ dnssec.c dnssec-openssl.c blockdata.c tables.c \ loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \ - crypto.c dump.c ubus.c + crypto.c dump.c ubus.c metrics.c hash_questions.c LOCAL_MODULE := dnsmasq |