From 6734b8717a54db1289730226ae9037139c846fb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Mon, 22 Aug 2022 22:16:32 +0200 Subject: [PATCH] Ensure also server_domains_cleanup is called always Fixes issue in patch dnsmasq-2.79-server-domain-rh1919894.patch. When /etc/resolv.conf is changed, dnsmasq reloads used servers. But it does not call cleanup of server domains in this case. It might cause serv_domain->last_server to become non-null, but pointing released server. Ensure it is checked before any cleanup_servers() action always and from all other places, like dbus setting. Caused unending loop in forward_query function, rhbz#2106361. Resolves: rhbz#2120711 --- dnsmasq-2.79-server-domain-fixup.patch | 99 ++++++++++++++++++++++++++ dnsmasq.spec | 7 +- 2 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 dnsmasq-2.79-server-domain-fixup.patch diff --git a/dnsmasq-2.79-server-domain-fixup.patch b/dnsmasq-2.79-server-domain-fixup.patch new file mode 100644 index 0000000..2c19ac8 --- /dev/null +++ b/dnsmasq-2.79-server-domain-fixup.patch @@ -0,0 +1,99 @@ +From b027daaa8ef168122a712e5e4ec71642964d8f4d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 22 Aug 2022 21:59:42 +0200 +Subject: [PATCH] Ensure also server_domains_cleanup is called always + +Fixes issue in patch dnsmasq-2.79-server-domain-rh1919894.patch. + +When /etc/resolv.conf is changed, dnsmasq reloads used servers. But it +does not call cleanup of server domains in this case. It might cause +serv_domain->last_server to become non-null, but pointing released +server. Ensure it is checked before any cleanup_servers() action always +and from all other places, like dbus setting. + +Caused unending loop in forward_query function, rhbz#2106361. +--- + src/network.c | 49 +++++++++++++++++++++++++------------------------ + 1 file changed, 25 insertions(+), 24 deletions(-) + +diff --git a/src/network.c b/src/network.c +index 1fa81ff..cf2f2e2 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1511,10 +1511,35 @@ void mark_servers(int flag) + } + } + ++static void server_domains_cleanup(void) ++{ ++ struct server_domain *sd, *tmp, **up; ++ ++ /* unlink and free anything still marked. */ ++ for (up = &daemon->server_domains, sd=*up; sd; sd = tmp) ++ { ++ tmp = sd->next; ++ if (sd->flags & SERV_MARK) ++ { ++ *up = sd->next; ++ if (sd->domain) ++ free(sd->domain); ++ free(sd); ++ } ++ else { ++ up = &sd->next; ++ if (sd->last_server && (sd->last_server->flags & SERV_MARK)) ++ sd->last_server = NULL; ++ } ++ } ++} ++ + void cleanup_servers(void) + { + struct server *serv, *tmp, **up; + ++ server_domains_cleanup(); ++ + /* unlink and free anything still marked. */ + for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp) + { +@@ -1537,29 +1562,6 @@ void cleanup_servers(void) + #endif + } + +-static void server_domains_cleanup(void) +-{ +- struct server_domain *sd, *tmp, **up; +- +- /* unlink and free anything still marked. */ +- for (up = &daemon->server_domains, sd=*up; sd; sd = tmp) +- { +- tmp = sd->next; +- if (sd->flags & SERV_MARK) +- { +- *up = sd->next; +- if (sd->domain) +- free(sd->domain); +- free(sd); +- } +- else { +- up = &sd->next; +- if (sd->last_server && (sd->last_server->flags & SERV_MARK)) +- sd->last_server = NULL; +- } +- } +-} +- + void add_update_server(int flags, + union mysockaddr *addr, + union mysockaddr *source_addr, +@@ -1849,7 +1851,6 @@ void check_servers(void) + up = &sfd->next; + } + +- server_domains_cleanup(); + cleanup_servers(); + } + +-- +2.37.2 + diff --git a/dnsmasq.spec b/dnsmasq.spec index be042ca..648f6fa 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -20,7 +20,7 @@ Name: dnsmasq Version: 2.85 -Release: 4%{?extraversion:.%{extraversion}}%{?dist} +Release: 5%{?extraversion:.%{extraversion}}%{?dist} Summary: A lightweight DHCP/caching DNS server License: GPLv2 or GPLv3 @@ -48,6 +48,8 @@ Patch4: dnsmasq-2.79-server-domain-rh1919894.patch Patch5: dnsmasq-2.86-alternative-lease.patch Patch6: dnsmasq-2.86-dhcpv6-client-arch.patch Patch7: dnsmasq-2.87-CVE-2022-0934.patch +# Downstream only patch; fixes Patch4 change +Patch8: dnsmasq-2.79-server-domain-fixup.patch # This is workaround to nettle bug #1549190 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190 @@ -191,6 +193,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf %{_mandir}/man1/dhcp_* %changelog +* Mon Aug 22 2022 Petr Menšík - 2.85-5 +- Prevent endless loop in forward_query (#2120711) + * Fri Mar 25 2022 Petr Menšík - 2.85-4 - Prevent use after free in dhcp6_no_relay (CVE-2022-0934)