Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use SHA-256 to provide security against DNS cache poisoning.

Browse Source 
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
This commit is contained in:
Simon Kelley
2020-11-12 22:06:07 +00:00
parent 257ac0c5f7
commit 2d765867c5
8 changed files with 301 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bld/Android.mk
View File

@@ -11,7 +11,7 @@ LOCAL_SRC_FILES := bpf.c cache.c dbus.c dhcp.c dnsmasq.c \
radv.c slaac.c auth.c ipset.c domain.c \
dnssec.c dnssec-openssl.c blockdata.c tables.c \
loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \
crypto.c dump.c ubus.c
crypto.c dump.c ubus.c metrics.c hash_questions.c
LOCAL_MODULE := dnsmasq