Misc code cleanups arising from Google analysis.

No security impleications or CVEs. Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:13:51 +02:00 · 2017-10-02 17:13:51 +02:00 · dfac991c15
commit dfac991c15
parent ce9aecdce0
2 changed files with 66 additions and 0 deletions
--- a/dnsmasq-2.77-misc-cleanups.patch
+++ b/dnsmasq-2.77-misc-cleanups.patch
@ -0,0 +1,63 @@
+From 6a0b00f0d66490e074323d04782e75c4ba8a3f8d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:19:55 +0100
+Subject: [PATCH 8/9] Misc code cleanups arising from Google analysis. No
+ security impleications or CVEs.
+
+---
+ src/edns0.c   | 2 +-
+ src/rfc1035.c | 4 +++-
+ src/rfc2131.c | 2 +-
+ 3 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/edns0.c b/src/edns0.c
+index 89b2692..7ed5a47 100644
+--- a/src/edns0.c
+++ b/src/edns0.c
+@@ -159,7 +159,7 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
+ 	      /* delete option if we're to replace it. */
+ 	      p -= 4;
+ 	      rdlen -= len + 4;
+-	      memcpy(p, p+len+4, rdlen - i);
+	      memmove(p, p+len+4, rdlen - i);
+ 	      PUTSHORT(rdlen, lenp);
+ 	      lenp -= 2;
+ 	    }
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 826f8a4..27af023 100644
+--- a/src/rfc1035.c
+++ b/src/rfc1035.c
+@@ -37,7 +37,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+ 	/* end marker */
+ 	{
+ 	  /* check that there are the correct no of bytes after the name */
+-	  if (!CHECK_LEN(header, p, plen, extrabytes))
+	  if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes))
+ 	    return 0;
+ 	  
+ 	  if (isExtract)
+@@ -498,6 +498,8 @@ static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *
+ 	    {
+ 	      unsigned int i, len = *p1;
+ 	      unsigned char *p2 = p1;
+	      if ((p1 + len - p) >= rdlen)
+	        return 0; /* bad packet */
+ 	      /* make counted string zero-term  and sanitise */
+ 	      for (i = 0; i < len; i++)
+ 		{
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index f7c1f80..f3a7e53 100644
+--- a/src/rfc2131.c
+++ b/src/rfc2131.c
+@@ -157,7 +157,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 	  for (offset = 0; offset < (len - 5); offset += elen + 5)
+ 	    {
+ 	      elen = option_uint(opt, offset + 4 , 1);
+-	      if (option_uint(opt, offset, 4) == BRDBAND_FORUM_IANA)
+	      if (option_uint(opt, offset, 4) == BRDBAND_FORUM_IANA && offset + elen + 5 <= len)
+ 		{
+ 		  unsigned char *x = option_ptr(opt, offset + 5);
+ 		  unsigned char *y = option_ptr(opt, offset + elen + 5);
+-- 
+2.9.5
+
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@ -29,6 +29,7 @@ Patch4:         dnsmasq-2.77-CVE-2017-14493.patch
 Patch5:         dnsmasq-2.77-CVE-2017-14494.patch
 Patch6:         dnsmasq-2.77-CVE-2017-14496.patch
 Patch7:         dnsmasq-2.77-CVE-2017-14495.patch
+Patch8:         dnsmasq-2.77-misc-cleanups.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

@ -70,6 +71,7 @@ query/remove a DHCP server's leases.
 %patch5 -p1 -b .CVE-2017-14494
 %patch6 -p1 -b .CVE-2017-14496
 %patch7 -p1 -b .CVE-2017-14495
+%patch8 -p1 -b .misc-cleanups

 # use /var/lib/dnsmasq instead of /var/lib/misc
 for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@ -163,6 +165,7 @@ rm -rf $RPM_BUILD_ROOT
 - Security fix, CVE-2017-14494, Infoleak handling DHCPv6
 - Security fix, CVE-2017-14496, Integer underflow in DNS response creation
 - Security fix, CVE-2017-14495, OOM in DNS response creation
+- Misc code cleanups arising from Google analysis

 * Thu Sep 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-7
 - Fix CVE-2017-13704