[Bug network/21361] resolv: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks

["cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=21361

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  e14a27723cc3a154d67f3f26e719d08c0ba9ad25 (commit)
      from  c803cb9b24c6cea15698768e4301e963b98e742c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25

commit e14a27723cc3a154d67f3f26e719d08c0ba9ad25
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 13 13:09:38 2017 +0200

    resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]

    This hardens the stub resolver against fragmentation-based attacks.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |   21 ++
 NEWS                     |    3 +-
 include/resolv.h         |    3 -
 resolv/Makefile          |    2 +
 resolv/res_mkquery.c     |   28 +++-
 resolv/res_query.c       |   23 ++-
 resolv/resolv-internal.h |   18 ++
 resolv/tst-resolv-edns.c |  501 ++++++++++++++++++++++++++++++++++++++++++++++
 support/resolv_test.c    |   56 +++++-
 support/resolv_test.h    |   11 +
 10 files changed, 652 insertions(+), 14 deletions(-)
 create mode 100644 resolv/tst-resolv-edns.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.