From 6a6be700fdfe55e4f09c5df32a64995ef592d9ab Mon Sep 17 00:00:00 2001
From: owen_lu <owen_lu@sercomm.com>
Date: Tue, 27 Jan 2026 18:23:45 +0800
Subject: [PATCH 1/2] RDKBDEV-3351:Fix for EDNS package size incorrect,
 CVE-2023-28450

Reason for change:
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Test Procedure:
1. Capture packages on lan client
2. Send query with edns from lan client
3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096
Risks: Low

Signed-off-by: Owen Lu <owen_lu@sercomm.com>
---
 source/scripts/init/service.d/service_dhcp_server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/scripts/init/service.d/service_dhcp_server.sh b/source/scripts/init/service.d/service_dhcp_server.sh
index 0d824885..419c7769 100755
--- a/source/scripts/init/service.d/service_dhcp_server.sh
+++ b/source/scripts/init/service.d/service_dhcp_server.sh
@@ -139,7 +139,7 @@ dnsmasq_server_start ()
                         fi
                 fi
          else
-                $SERVER -P 4096 -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
+                $SERVER -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
          fi
 
 }

From dc3741b1362670c7de38e8f6b880d14861250188 Mon Sep 17 00:00:00 2001
From: owen_lu <owen_lu@sercomm.com>
Date: Thu, 2 Apr 2026 10:17:40 +0800
Subject: [PATCH 2/2] RDKBDEV-3351:Fix for EDNS package size incorrect,
 CVE-2023-28450

Reason for change:
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Test Procedure:
1. Capture packages on lan client
2. Send query with edns from lan client
3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096
Risks: Low

Signed-off-by: Owen Lu <owen_lu@sercomm.com>
---
 source/scripts/init/service.d/service_dhcp_server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/scripts/init/service.d/service_dhcp_server.sh b/source/scripts/init/service.d/service_dhcp_server.sh
index 419c7769..a456e7f4 100755
--- a/source/scripts/init/service.d/service_dhcp_server.sh
+++ b/source/scripts/init/service.d/service_dhcp_server.sh
@@ -139,7 +139,7 @@ dnsmasq_server_start ()
                         fi
                 fi
          else
-                $SERVER -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
+                $SERVER -P 1232 -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
          fi
 
 }