import CS dnsmasq-2.85-16.el9_3
This commit is contained in:
parent
298df1dfd1
commit
09738b06ab
113
SOURCES/dnsmasq-2.86-tcp-free-fd-rh2188443.patch
Normal file
113
SOURCES/dnsmasq-2.86-tcp-free-fd-rh2188443.patch
Normal file
@ -0,0 +1,113 @@
|
||||
From 32e0e81715f60ca35738818370f5d3aacf9e2d2c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 9 Apr 2021 16:08:05 +0100
|
||||
Subject: [PATCH] Fix bug in TCP process handling.
|
||||
|
||||
Fix bug which caused dnsmasq to lose track of processes forked
|
||||
to handle TCP DNS connections under heavy load. The code
|
||||
checked that at least one free process table slot was
|
||||
available before listening on TCP sockets, but didn't take
|
||||
into account that more than one TCP connection could
|
||||
arrive, so that check was not sufficient to ensure that
|
||||
there would be slots for all new processes. It compounded
|
||||
this error by silently failing to store the process when
|
||||
it did run out of slots. Even when this bug is triggered,
|
||||
all the right things happen, and answers are still returned.
|
||||
Only under very exceptional circumstances, does the bug
|
||||
manifest itself: see
|
||||
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
|
||||
|
||||
Thanks to Tijs Van Buggenhout for finding the conditions under
|
||||
which the bug manifests itself, and then working out
|
||||
exactly what was going on.
|
||||
|
||||
(cherry picked from commit ad90eb075dfeeb1936e8bc0f323fcc23f89364d4)
|
||||
---
|
||||
src/dnsmasq.c | 44 +++++++++++++++++++++++++-------------------
|
||||
1 file changed, 25 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
|
||||
index 979e33d..af9132f 100644
|
||||
--- a/src/dnsmasq.c
|
||||
+++ b/src/dnsmasq.c
|
||||
@@ -1720,22 +1720,24 @@ static int set_dns_listeners(time_t now)
|
||||
for (rfl = daemon->rfl_poll; rfl; rfl = rfl->next)
|
||||
poll_listen(rfl->rfd->fd, POLLIN);
|
||||
|
||||
+ /* check to see if we have free tcp process slots. */
|
||||
+ for (i = MAX_PROCS - 1; i >= 0; i--)
|
||||
+ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
|
||||
+ break;
|
||||
+
|
||||
for (listener = daemon->listeners; listener; listener = listener->next)
|
||||
{
|
||||
/* only listen for queries if we have resources */
|
||||
if (listener->fd != -1 && wait == 0)
|
||||
poll_listen(listener->fd, POLLIN);
|
||||
|
||||
- /* death of a child goes through the select loop, so
|
||||
- we don't need to explicitly arrange to wake up here */
|
||||
- if (listener->tcpfd != -1)
|
||||
- for (i = 0; i < MAX_PROCS; i++)
|
||||
- if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
|
||||
- {
|
||||
- poll_listen(listener->tcpfd, POLLIN);
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
+ /* Only listen for TCP connections when a process slot
|
||||
+ is available. Death of a child goes through the select loop, so
|
||||
+ we don't need to explicitly arrange to wake up here,
|
||||
+ we'll be called again when a slot becomes available. */
|
||||
+ if (listener->tcpfd != -1 && i >= 0)
|
||||
+ poll_listen(listener->tcpfd, POLLIN);
|
||||
+
|
||||
#ifdef HAVE_TFTP
|
||||
/* tftp == 0 in single-port mode. */
|
||||
if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
|
||||
@@ -1801,7 +1803,16 @@ static void check_dns_listeners(time_t now)
|
||||
tftp_request(listener, now);
|
||||
#endif
|
||||
|
||||
- if (listener->tcpfd != -1 && poll_check(listener->tcpfd, POLLIN))
|
||||
+ /* check to see if we have a free tcp process slot.
|
||||
+ Note that we can't assume that because we had
|
||||
+ at least one a poll() time, that we still do.
|
||||
+ There may be more waiting connections after
|
||||
+ poll() returns then free process slots. */
|
||||
+ for (i = MAX_PROCS - 1; i >= 0; i--)
|
||||
+ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
|
||||
+ break;
|
||||
+
|
||||
+ if (listener->tcpfd != -1 && i >= 0 && poll_check(listener->tcpfd, POLLIN))
|
||||
{
|
||||
int confd, client_ok = 1;
|
||||
struct irec *iface = NULL;
|
||||
@@ -1891,7 +1902,6 @@ static void check_dns_listeners(time_t now)
|
||||
close(pipefd[0]);
|
||||
else
|
||||
{
|
||||
- int i;
|
||||
#ifdef HAVE_LINUX_NETWORK
|
||||
/* The child process inherits the netlink socket,
|
||||
which it never uses, but when the parent (us)
|
||||
@@ -1911,13 +1921,9 @@ static void check_dns_listeners(time_t now)
|
||||
read_write(pipefd[0], &a, 1, 1);
|
||||
#endif
|
||||
|
||||
- for (i = 0; i < MAX_PROCS; i++)
|
||||
- if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
|
||||
- {
|
||||
- daemon->tcp_pids[i] = p;
|
||||
- daemon->tcp_pipes[i] = pipefd[0];
|
||||
- break;
|
||||
- }
|
||||
+ /* i holds index of free slot */
|
||||
+ daemon->tcp_pids[i] = p;
|
||||
+ daemon->tcp_pipes[i] = pipefd[0];
|
||||
}
|
||||
close(confd);
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
@ -20,7 +20,7 @@
|
||||
|
||||
Name: dnsmasq
|
||||
Version: 2.85
|
||||
Release: 14%{?extraversion:.%{extraversion}}%{?dist}.1
|
||||
Release: 16%{?extraversion:.%{extraversion}}%{?dist}
|
||||
Summary: A lightweight DHCP/caching DNS server
|
||||
|
||||
License: GPLv2 or GPLv3
|
||||
@ -69,8 +69,10 @@ Patch13: dnsmasq-2.87-log-root-writeable.patch
|
||||
Patch14: dnsmasq-2.85-domain-blocklist-speedup.patch
|
||||
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=9bbf098a970c9e5fa251939208e25fb21064d1be
|
||||
Patch15: dnsmasq-2.87-coverity-forward-cache.patch
|
||||
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=ad90eb075dfeeb1936e8bc0f323fcc23f89364d4
|
||||
Patch16: dnsmasq-2.86-tcp-free-fd-rh2188443.patch
|
||||
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=214a046f47b9f7dd56f5eef3a8678ccbd6e973b7
|
||||
Patch16: dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch
|
||||
Patch17: dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch
|
||||
|
||||
# This is workaround to nettle bug #1549190
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
||||
@ -214,10 +216,13 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
|
||||
%{_mandir}/man1/dhcp_*
|
||||
|
||||
%changelog
|
||||
* Tue Feb 20 2024 Tomas Korbar <tkorbar@redhat.com> - 2.85-14.1
|
||||
* Fri Mar 15 2024 Tomas Korbar <tkorbar@redhat.com> - 2.85-16
|
||||
- Fix CVE 2023-50387 and CVE 2023-50868
|
||||
- Resolves: RHEL-25674
|
||||
- Resolves: RHEL-25638
|
||||
- Resolves: RHEL-25639
|
||||
- Resolves: RHEL-25675
|
||||
|
||||
* Fri Jul 28 2023 Petr Menšík <pemensik@redhat.com> - 2.85-15
|
||||
- Attempt to use TCP pipe only if a free is available (#2188443)
|
||||
|
||||
* Fri Jul 28 2023 Petr Menšík <pemensik@redhat.com> - 2.85-14
|
||||
- Backport Coverity fix to hide detected issue (#2156789)
|
||||
|
Loading…
Reference in New Issue
Block a user