RDKCOM-5501: RDKBDEV-3351 Fix for EDNS package size incorrect, CVE-2023-28450#192
Open
owen-lu-sercomm wants to merge 8 commits into
Open
RDKCOM-5501: RDKBDEV-3351 Fix for EDNS package size incorrect, CVE-2023-28450#192owen-lu-sercomm wants to merge 8 commits into
owen-lu-sercomm wants to merge 8 commits into
Conversation
pradeeptakdas
changed the title
tinaelizabeth84
force-pushed
the
RDKBDEV-3351
branch
from
8bf115f to
944d4f5
Compare
tinaelizabeth84
force-pushed
the
RDKBDEV-3351
branch
from
944d4f5 to
b354aa0
Compare
SanthoshGujulvajagadeesh
requested changes
Mar 13, 2026
Contributor
SanthoshGujulvajagadeesh
left a comment
SanthoshGujulvajagadeesh
left a comment
There was a problem hiding this comment.
-P option should be set to 1232 instead of 4096 since the dnsmasq version currently used is 2.83 which doesn't set default EDNS UDP packet size to 1232.
'-P 4096' needs to be replaced with '-P 1232' in many places.
Reason for change: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Test Procedure: 1. Capture packages on lan client 2. Send query with edns from lan client 3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096 Risks: Low Signed-off-by: Owen Lu <owen_lu@sercomm.com>
tinaelizabeth84
force-pushed
the
RDKBDEV-3351
branch
from
d55306a to
6a6be70
Compare
Reason for change: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Test Procedure: 1. Capture packages on lan client 2. Send query with edns from lan client 3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096 Risks: Low Signed-off-by: Owen Lu <owen_lu@sercomm.com>
|
@SanthoshGujulvajagadeesh |
SanthoshGujulvajagadeesh
previously approved these changes
Apr 2, 2026
Contributor
|
@AkhilaReddyK7 Need to know for which platforms this change is applicable |
GoutamD2905
reviewed
Apr 13, 2026
Contributor
GoutamD2905
left a comment
GoutamD2905
left a comment
There was a problem hiding this comment.
Requested DevQA Tina to validate the test procedure shared in RDKCOM-5501
|
@GoutamD2905 Could you please check the test results? |
Reason for change: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Test Procedure: 1. Capture packages on lan client 2. Send query with edns from lan client 3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096 Risks: Low Signed-off-by: Owen Lu <owen_lu@sercomm.com>
Reason for change: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Test Procedure: 1. Capture packages on lan client 2. Send query with edns from lan client 3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096 Risks: Low Signed-off-by: Owen Lu <owen_lu@sercomm.com>
tinaelizabeth84
force-pushed
the
RDKBDEV-3351
branch
from
7632fc7 to
d7087ff
Compare
Contributor
|
Could you please add the pack size changes under the non-Comcast platform–specific flag, as shown in the code below? CC : @tinaelizabeth84 |
…tform–specific flag. CVE-2023-28450 Reason for change: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Test Procedure: 1. Capture packages on lan client 2. Send query with edns from lan client 3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096 Risks: Low Signed-off-by: Owen Lu <owen_lu@sercomm.com>
Contributor
Author
|
@GoutamD2905 , I have added non-Comcast platform–specific flag, please help review |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reason for change:
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Test Procedure:
Risks: Low
Signed-off-by: Owen Lu owen_lu@sercomm.com