From 8bf115fd1557680f00573a292c79ab36e957c6f4 Mon Sep 17 00:00:00 2001
From: owen_lu <owen_lu@sercomm.com>
Date: Tue, 27 Jan 2026 18:23:45 +0800
Subject: [PATCH] RDKBDEV-3351:Fix for EDNS package size incorrect,
 CVE-2023-28450

Reason for change:
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Test Procedure:
1. Capture packages on lan client
2. Send query with edns from lan client
3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096
Risks: Low

Signed-off-by: Owen Lu <owen_lu@sercomm.com>
---
 source/scripts/init/service.d/service_dhcp_server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/scripts/init/service.d/service_dhcp_server.sh b/source/scripts/init/service.d/service_dhcp_server.sh
index 95ba8b86..304f56d4 100755
--- a/source/scripts/init/service.d/service_dhcp_server.sh
+++ b/source/scripts/init/service.d/service_dhcp_server.sh
@@ -139,7 +139,7 @@ dnsmasq_server_start ()
                         fi
                 fi
          else
-                $SERVER -P 4096 -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
+                $SERVER -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
          fi
 
 }