hak5
/
openwrt
mirror of https://github.com/hak5/openwrt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dnsmasq: Fix potential dnsmasq crash with TCP 

This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.

I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450
[522413.124464] epc = 004197f1 in dnsmasq[400000+23000]
[522413.129459] ra  = 004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 414d054138)
openwrt-19.07
Hauke Mehrtens 2020-01-06 16:21:25 +01:00
parent 54711e528d
commit f58705b77e
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/network/services/dnsmasq/Makefile
View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.80
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=14
PKG_RELEASE:=15
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq

35
package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch Normal file
View File

@ -0,0 +1,35 @@
From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001
From: Alin Nastac <alin.nastac@gmail.com>
Date: Mon, 30 Sep 2019 15:30:26 +0100
Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in
LRU cache entry.
Patch extended to receive side of pipe by SRK.
---
src/cache.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/src/cache.c
+++ b/src/cache.c
@@ -665,7 +665,11 @@ void cache_end_insert(void)
if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV))
read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0);
if (flags & F_SRV)
- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent);
+ {
+ /* A negative SRV entry is possible and has no data, obviously. */
+ if (!(flags & F_NEG))
+ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent);
+ }
#ifdef HAVE_DNSSEC
if (flags & F_DNSKEY)
{
@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd
if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1))
return 0;
- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen)))
+ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen)))
return 0;
#ifdef HAVE_DNSSEC