Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which could cause a crash in dnsmasq. I saw the following crashes in my log: [522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450 [522413.124464] epc = 004197f1 in dnsmasq[400000+23000] [522413.129459] ra = 004197ef in dnsmasq[400000+23000] This is happening in blockdata_write() when block->next is dereferenced, but I am not sure if this is related to this problem or if this is a different problem. I am unable to reproduce this problem. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- Loading branch information
Showing
2 changed files
with
36 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
.../services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001 | ||
From: Alin Nastac <alin.nastac@gmail.com> | ||
Date: Mon, 30 Sep 2019 15:30:26 +0100 | ||
Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in | ||
LRU cache entry. | ||
|
||
Patch extended to receive side of pipe by SRK. | ||
--- | ||
src/cache.c | 8 ++++++-- | ||
1 file changed, 6 insertions(+), 2 deletions(-) | ||
|
||
--- a/src/cache.c | ||
+++ b/src/cache.c | ||
@@ -665,7 +665,11 @@ void cache_end_insert(void) | ||
if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) | ||
read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); | ||
if (flags & F_SRV) | ||
- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); | ||
+ { | ||
+ /* A negative SRV entry is possible and has no data, obviously. */ | ||
+ if (!(flags & F_NEG)) | ||
+ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); | ||
+ } | ||
#ifdef HAVE_DNSSEC | ||
if (flags & F_DNSKEY) | ||
{ | ||
@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd | ||
if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) | ||
return 0; | ||
|
||
- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) | ||
+ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) | ||
return 0; | ||
|
||
#ifdef HAVE_DNSSEC |