From b354aa04d605cc5e03228fe5886d2bbdaa3d2554 Mon Sep 17 00:00:00 2001
From: owen_lu <owen_lu@sercomm.com>
Date: Tue, 27 Jan 2026 18:23:45 +0800
Subject: [PATCH] RDKBDEV-3351:Fix for EDNS package size incorrect,
 CVE-2023-28450

Reason for change:
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Test Procedure:
1. Capture packages on lan client
2. Send query with edns from lan client
3. Check the UDP payload size in the Additional records in DNS response package, which should be 1232 instead of 4096
Risks: Low

Signed-off-by: Owen Lu <owen_lu@sercomm.com>
---
 source/scripts/init/service.d/service_dhcp_server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/scripts/init/service.d/service_dhcp_server.sh b/source/scripts/init/service.d/service_dhcp_server.sh
index 0d824885..419c7769 100755
--- a/source/scripts/init/service.d/service_dhcp_server.sh
+++ b/source/scripts/init/service.d/service_dhcp_server.sh
@@ -139,7 +139,7 @@ dnsmasq_server_start ()
                         fi
                 fi
          else
-                $SERVER -P 4096 -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
+                $SERVER -C $DHCP_CONF $DNS_ADDITIONAL_OPTION  #--enable-dbus
          fi
 
 }