Tree - rpms/dnsmasq - CentOS Git server

rpms / dnsmasq

Blame dnsmasq-2.77-underflow.patch

Blob History Raw

Petr Menšík	9b6efc	`From 0033eaa7ba2e1a15a8bc2bbe055c6cee264b7147 Mon Sep 17 00:00:00 2001`
Petr Menšík	9b6efc	`From: Doran Moppert <dmoppert@redhat.com>`
Petr Menšík	9b6efc	`Date: Tue, 26 Sep 2017 14:48:20 +0930`
Petr Menšík	9b6efc	`Subject: [PATCH] google patch hand-applied`
Petr Menšík	9b6efc
Petr Menšík	9b6efc	`---`
Petr Menšík	9b6efc	`src/edns0.c \| 10 +++++-----`
Petr Menšík	9b6efc	`src/forward.c \| 4 ++++`
Petr Menšík	9b6efc	`src/rfc1035.c \| 8 +++++---`
Petr Menšík	9b6efc	`3 files changed, 14 insertions(+), 8 deletions(-)`
Petr Menšík	9b6efc
Petr Menšík	9b6efc	`diff --git a/src/edns0.c b/src/edns0.c`
Petr Menšík	9b6efc	`index a9ee717..d3ab895 100644`
Petr Menšík	9b6efc	`--- a/src/edns0.c`
Petr Menšík	9b6efc	`+++ b/src/edns0.c`
Petr Menšík	9b6efc	`@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header header, size_t plen, unsigned char l`
Petr Menšík	9b6efc	`/* Copy back any options */`
Petr Menšík	9b6efc	`if (buff)`
Petr Menšík	9b6efc	`{`
Petr Menšík	9b6efc	`- if (p + rdlen > limit)`
Petr Menšík	9b6efc	`- {`
Petr Menšík	9b6efc	`- free(buff);`
Petr Menšík	9b6efc	`- return plen; /* Too big */`
Petr Menšík	9b6efc	`- }`
Petr Menšík	9b6efc	`+ if (p + rdlen > limit)`
Petr Menšík	9b6efc	`+ {`
Petr Menšík	9b6efc	`+ free(buff);`
Petr Menšík	9b6efc	`+ return plen; /* Too big */`
Petr Menšík	9b6efc	`+ }`
Petr Menšík	9b6efc	`memcpy(p, buff, rdlen);`
Petr Menšík	9b6efc	`free(buff);`
Petr Menšík	9b6efc	`p += rdlen;`
Petr Menšík	9b6efc	`diff --git a/src/forward.c b/src/forward.c`
Petr Menšík	9b6efc	`index 0f8f462..a729c06 100644`
Petr Menšík	9b6efc	`--- a/src/forward.c`
Petr Menšík	9b6efc	`+++ b/src/forward.c`
Petr Menšík	9b6efc	`@@ -1412,6 +1412,10 @@ void receive_query(struct listener *listen, time_t now)`
Petr Menšík	9b6efc	`udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */`
Petr Menšík	9b6efc	`}`
Petr Menšík	9b6efc
Petr Menšík	9b6efc	`+ // Make sure the udp size is not smaller than the incoming message so that we`
Petr Menšík	9b6efc	`+ // do not underflow`
Petr Menšík	9b6efc	`+ if (udp_size < n) udp_size = n;`
Petr Menšík	9b6efc	`+`
Petr Menšík	9b6efc	`#ifdef HAVE_AUTH`
Petr Menšík	9b6efc	`if (auth_dns)`
Petr Menšík	9b6efc	`{`
Petr Menšík	9b6efc	`diff --git a/src/rfc1035.c b/src/rfc1035.c`
Petr Menšík	9b6efc	`index ec3f283..aa7c664 100644`
Petr Menšík	9b6efc	`--- a/src/rfc1035.c`
Petr Menšík	9b6efc	`+++ b/src/rfc1035.c`
Petr Menšík	9b6efc	`@@ -1185,8 +1185,8 @@ int add_resource_record(struct dns_header header, char limit, int *truncp, int`
Petr Menšík	9b6efc	`va_end(ap); /* clean up variable argument pointer */`
Petr Menšík	9b6efc
Petr Menšík	9b6efc	`j = p - sav - 2;`
Petr Menšík	9b6efc	`- /* this has already been checked against limit before */`
Petr Menšík	9b6efc	`- PUTSHORT(j, sav); /* Now, store real RDLength */`
Petr Menšík	9b6efc	`+ /* this has already been checked against limit before */`
Petr Menšík	9b6efc	`+ PUTSHORT(j, sav); /* Now, store real RDLength */`
Petr Menšík	9b6efc
Petr Menšík	9b6efc	`/* check for overflow of buffer */`
Petr Menšík	9b6efc	`if (limit && ((unsigned char *)limit - p) < 0)`
Petr Menšík	9b6efc	`@@ -1246,7 +1246,9 @@ size_t answer_request(struct dns_header header, char limit, size_t qlen,`
Petr Menšík	9b6efc	`int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;`
Petr Menšík	9b6efc	`struct mx_srv_record *rec;`
Petr Menšík	9b6efc	`size_t len;`
Petr Menšík	9b6efc	`-`
Petr Menšík	9b6efc	`+ // Make sure we do not underflow here too.`
Petr Menšík	9b6efc	`+ if (qlen > (limit - ((char *)header))) return 0;`
Petr Menšík	9b6efc	`+`
Petr Menšík	9b6efc	`if (ntohs(header->ancount) != 0 \|\|`
Petr Menšík	9b6efc	`ntohs(header->nscount) != 0 \|\|`
Petr Menšík	9b6efc	`ntohs(header->qdcount) == 0 \|\|`
Petr Menšík	9b6efc	`--`
Petr Menšík	9b6efc	`2.9.5`
Petr Menšík	9b6efc

rpms / dnsmasq

Source Code

Blame dnsmasq-2.77-underflow.patch