2d765867c597db18be9d876c9c17e2c0fe1953cd - thekelleys/dnsmasq

commit	2d765867c597db18be9d876c9c17e2c0fe1953cd	[log] [tgz]
author	Simon Kelley <simon@thekelleys.org.uk>	Thu Nov 12 22:06:07 2020 +0000
committer	Simon Kelley <simon@thekelleys.org.uk>	Wed Dec 16 15:49:02 2020 +0000
tree	c7e1cb14604310b7daff7860e82fb0a32c6d5453
parent	257ac0c5f7732cbc6aa96fdd3b06602234593aca [diff]

Use SHA-256 to provide security against DNS cache poisoning.

Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.

CHANGELOG[diff]
Makefile[diff]
bld/Android.mk[diff]
src/dnsmasq.h[diff]
src/dnssec.c[diff]
src/forward.c[diff]
src/hash_questions.c[Added - diff]
src/rfc1035.c[diff]

8 files changed

tree: c7e1cb14604310b7daff7860e82fb0a32c6d5453

bld/
contrib/
dbus/
debian/
logo/
man/
po/
src/
.gitattributes
.gitignore
Android.mk
CHANGELOG
CHANGELOG.archive
COPYING
COPYING-v3
dnsmasq.conf.example
doc.html
FAQ
Makefile
setup.html
trust-anchors.conf
VERSION