From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 9 Apr 2015 21:48:00 +0100
Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.

---
 CHANGELOG     |    3 +++
 src/rfc1035.c |    9 ++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

rediffed for dnsmasq 2.71


Index: dnsmasq-2.71/CHANGELOG
===================================================================
--- CHANGELOG
+++ CHANGELOG	2015-05-05 21:54:12.177133071 +0200
@@ -1,3 +1,6 @@
+        Fix crash on receipt of certain malformed DNS requests. Thanks
+        to Nick Sampanis for spotting the problem.
+       
 version 2.71
             Subtle change to error handling to help DNSSEC validation 
 	    when servers fail to provide NODATA answers for 
Index: dnsmasq-2.71/src/rfc1035.c
===================================================================
--- src/rfc1035.c
+++ src/rfc1035.c	2015-05-05 21:53:15.504450556 +0200
@@ -1198,7 +1198,10 @@
 size_t setup_reply(struct dns_header *header, size_t qlen,
 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
 {
-  unsigned char *p = skip_questions(header, qlen);
+  unsigned char *p;
+
+  if (!(p = skip_questions(header, qlen)))
+    return 0;
   
   /* clear authoritative and truncated flags, set QR flag */
   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
@@ -1214,7 +1217,7 @@
     SET_RCODE(header, NOERROR); /* empty domain */
   else if (flags == F_NXDOMAIN)
     SET_RCODE(header, NXDOMAIN);
-  else if (p && flags == F_IPV4)
+  else if (flags == F_IPV4)
     { /* we know the address */
       SET_RCODE(header, NOERROR);
       header->ancount = htons(1);
@@ -1222,7 +1225,7 @@
       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
     }
 #ifdef HAVE_IPV6
-  else if (p && flags == F_IPV6)
+  else if (flags == F_IPV6)
     {
       SET_RCODE(header, NOERROR);
       header->ancount = htons(1);