aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2020-01-06 16:21:25 +0100
committerHauke Mehrtens <hauke@hauke-m.de>2020-01-06 17:46:00 +0100
commitf58705b77eb20a3c39b2274168aba06233df2bc8 (patch)
tree7ebd40a6a46d271364cf7de88f69cb08f86ac606
parent54711e528d03bdbfa4df94d982aac5e70b8f81e5 (diff)
downloadupstream-f58705b77eb20a3c39b2274168aba06233df2bc8.tar.gz
upstream-f58705b77eb20a3c39b2274168aba06233df2bc8.tar.bz2
upstream-f58705b77eb20a3c39b2274168aba06233df2bc8.zip
dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which could cause a crash in dnsmasq. I saw the following crashes in my log: [522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450 [522413.124464] epc = 004197f1 in dnsmasq[400000+23000] [522413.129459] ra = 004197ef in dnsmasq[400000+23000] This is happening in blockdata_write() when block->next is dereferenced, but I am not sure if this is related to this problem or if this is a different problem. I am unable to reproduce this problem. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 414d0541381d432e69190f394dfe2a6e8122d6bb)
-rw-r--r--package/network/services/dnsmasq/Makefile2
-rw-r--r--package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch35
2 files changed, 36 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index dc20ada292..4a93a2fa30 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.80
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=14
+PKG_RELEASE:=15
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch
new file mode 100644
index 0000000000..5b1d59566d
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch
@@ -0,0 +1,35 @@
+From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Mon, 30 Sep 2019 15:30:26 +0100
+Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in
+ LRU cache entry.
+
+Patch extended to receive side of pipe by SRK.
+---
+ src/cache.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -665,7 +665,11 @@ void cache_end_insert(void)
+ if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV))
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0);
+ if (flags & F_SRV)
+- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent);
++ {
++ /* A negative SRV entry is possible and has no data, obviously. */
++ if (!(flags & F_NEG))
++ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent);
++ }
+ #ifdef HAVE_DNSSEC
+ if (flags & F_DNSKEY)
+ {
+@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd
+ if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1))
+ return 0;
+
+- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen)))
++ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen)))
+ return 0;
+
+ #ifdef HAVE_DNSSEC