diff options
author | Zhixiong Chi <zhixiong.chi@windriver.com> | 2020-01-09 18:18:45 -0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2020-01-19 08:55:36 -0800 |
commit | 688e19d04d67afa8cc848e91b891ba0a84ec739b (patch) | |
tree | 7cdbbaa5682c5a48d75d49556af77034ff7735e3 /meta-networking | |
parent | ff16275b3f51eb24aa27039b738f74deb914b362 (diff) | |
download | meta-openembedded-688e19d04d67afa8cc848e91b891ba0a84ec739b.tar.gz |
dnsmasq: CVE-2019-14834
Backport the CVE patch from the upstream to fix the memory leak.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c8ca82feb5d6ceb843aad33dada947b456f7fcac)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking')
-rw-r--r-- | meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch | 49 | ||||
-rw-r--r-- | meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb | 1 |
2 files changed, 50 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch new file mode 100644 index 000000000..ccd6f82ae --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon Kelley <simon@thekelleys.org.uk> | ||
3 | Date: Wed, 14 Aug 2019 20:44:50 +0100 | ||
4 | Subject: [PATCH] Fix memory leak in helper.c | ||
5 | |||
6 | Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this. | ||
7 | |||
8 | CVE: CVE-2019-14834 | ||
9 | Upstream-Status: Backport | ||
10 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
11 | --- | ||
12 | src/helper.c | 12 +++++++++--- | ||
13 | 1 file changed, 9 insertions(+), 3 deletions(-) | ||
14 | |||
15 | diff --git a/src/helper.c b/src/helper.c | ||
16 | index 33ba120..c392eec 100644 | ||
17 | --- a/src/helper.c | ||
18 | +++ b/src/helper.c | ||
19 | @@ -82,7 +82,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) | ||
20 | pid_t pid; | ||
21 | int i, pipefd[2]; | ||
22 | struct sigaction sigact; | ||
23 | - | ||
24 | + unsigned char *alloc_buff = NULL; | ||
25 | + | ||
26 | /* create the pipe through which the main program sends us commands, | ||
27 | then fork our process. */ | ||
28 | if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) | ||
29 | @@ -188,11 +189,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) | ||
30 | struct script_data data; | ||
31 | char *p, *action_str, *hostname = NULL, *domain = NULL; | ||
32 | unsigned char *buf = (unsigned char *)daemon->namebuff; | ||
33 | - unsigned char *end, *extradata, *alloc_buff = NULL; | ||
34 | + unsigned char *end, *extradata; | ||
35 | int is6, err = 0; | ||
36 | int pipeout[2]; | ||
37 | |||
38 | - free(alloc_buff); | ||
39 | + /* Free rarely-allocated memory from previous iteration. */ | ||
40 | + if (alloc_buff) | ||
41 | + { | ||
42 | + free(alloc_buff); | ||
43 | + alloc_buff = NULL; | ||
44 | + } | ||
45 | |||
46 | /* we read zero bytes when pipe closed: this is our signal to exit */ | ||
47 | if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1)) | ||
48 | -- | ||
49 | 1.7.10.4 | ||
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb index 6f3d5daa6..827565051 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb | |||
@@ -5,5 +5,6 @@ SRC_URI[dnsmasq-2.80.sha256sum] = "9e4a58f816ce0033ce383c549b7d4058ad9b823968d35 | |||
5 | SRC_URI += "\ | 5 | SRC_URI += "\ |
6 | file://lua.patch \ | 6 | file://lua.patch \ |
7 | file://0001-dnsmasq-fix-build-against-5.2-headers.patch \ | 7 | file://0001-dnsmasq-fix-build-against-5.2-headers.patch \ |
8 | file://0001-dnsmasq-fix-memory-leak-in-helper-c.patch \ | ||
8 | " | 9 | " |
9 | 10 | ||