diff options
Diffstat (limited to 'package')
-rw-r--r-- | package/network/services/dnsmasq/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch | 35 |
2 files changed, 36 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index dc20ada292..4a93a2fa30 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_UPSTREAM_VERSION:=2.80 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=14 +PKG_RELEASE:=15 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch new file mode 100644 index 0000000000..5b1d59566d --- /dev/null +++ b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch @@ -0,0 +1,35 @@ +From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001 +From: Alin Nastac <alin.nastac@gmail.com> +Date: Mon, 30 Sep 2019 15:30:26 +0100 +Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in + LRU cache entry. + +Patch extended to receive side of pipe by SRK. +--- + src/cache.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -665,7 +665,11 @@ void cache_end_insert(void) + if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); + if (flags & F_SRV) +- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); ++ { ++ /* A negative SRV entry is possible and has no data, obviously. */ ++ if (!(flags & F_NEG)) ++ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); ++ } + #ifdef HAVE_DNSSEC + if (flags & F_DNSKEY) + { +@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd + if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) + return 0; + +- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) ++ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) + return 0; + + #ifdef HAVE_DNSSEC |