Ensure search_servers domain is set on dnssec

When dnssec validation is enabled the domain variable used when fetching
dnssec key or domain were not properly initialized always. It were read
anyway inside search_servers. Because it is changed only sometime, do
not use its value on the end of function. domain can be NULL only at
that point, use that value right away.

Resolves: rhbz#2182342
This commit is contained in:
Petr Menšík 2023-05-05 18:06:09 +02:00
parent 0b70f00773
commit 9c7ec692aa
2 changed files with 46 additions and 1 deletions

View File

@ -0,0 +1,39 @@
From b3784649cd26c6bd5ec96e84cba0ea7d57786acf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 5 May 2023 17:51:56 +0200
Subject: [PATCH] Ensure search_servers domain is set on dnssec
When dnssec validation is enabled the domain variable used when fetching
dnssec key or domain were not properly initialized always. It were read
anyway inside search_servers. Because it is changed only sometime, do
not use its value on the end of function. domain can be NULL only at
that point, use that value right away.
---
src/forward.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/forward.c b/src/forward.c
index b09dc96..345eff3 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -250,7 +250,7 @@ static unsigned int search_servers(time_t now, union all_addr **addrpp, unsigned
*domain = NULL;
}
if (serv_domain && !*serv_domain)
- *serv_domain = server_domain_find_domain(*domain);
+ *serv_domain = server_domain_find_domain(NULL);
return flags;
}
@@ -1097,7 +1097,7 @@ void reply_query(int fd, time_t now)
{
int querytype, fd, type = SERV_DO_DNSSEC;
struct frec *next = new->next;
- char *domain;
+ char *domain = NULL;
*new = *forward; /* copy everything, then overwrite */
new->next = next;
--
2.40.1

View File

@ -20,7 +20,7 @@
Name: dnsmasq Name: dnsmasq
Version: 2.85 Version: 2.85
Release: 8%{?extraversion:.%{extraversion}}%{?dist} Release: 9%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3 License: GPLv2 or GPLv3
@ -56,6 +56,9 @@ Patch9: dnsmasq-2.89-edns0-size.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2186481 # Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2186481
# Fixes issue in Patch4 # Fixes issue in Patch4
Patch10: dnsmasq-2.85-serv_domain-rh2186481.patch Patch10: dnsmasq-2.85-serv_domain-rh2186481.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2182342
# Another issue in Patch4
Patch11: dnsmasq-2.85-search_servers-rhbz2182342.patch
# This is workaround to nettle bug #1549190 # This is workaround to nettle bug #1549190
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@ -199,6 +202,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_* %{_mandir}/man1/dhcp_*
%changelog %changelog
* Fri May 05 2023 Petr Menšík <pemensik@redhat.com> - 2.85-9
- Properly initialize domain parameter in dnssec mode (#2182342)
* Fri Apr 21 2023 Petr Menšík <pemensik@redhat.com> - 2.85-8 * Fri Apr 21 2023 Petr Menšík <pemensik@redhat.com> - 2.85-8
- Correct possible crashes when server=/example.net/# is used (#2188712) - Correct possible crashes when server=/example.net/# is used (#2188712)