From 17f4cc97f1767cb898b9ef7e1fd419a79374ab38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=83=A1=E4=B9=89=E8=87=BB?= Date: Mon, 11 Nov 2024 17:00:06 +0800 Subject: [PATCH] Fix crash when reloading DHCP config on SIGHUP Conflict:NA Reference:https://github.com/rhuijben/dnsmasq/commit/f006be7842104a9f86fbf419326b7aad08ade61d --- ...when-reloading-DHCP-config-on-SIGHUP.patch | 50 +++++++++++++++++++ dnsmasq.spec | 9 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch diff --git a/backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch b/backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch new file mode 100644 index 0000000..eb102cb --- /dev/null +++ b/backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch @@ -0,0 +1,50 @@ +From f006be7842104a9f86fbf419326b7aad08ade61d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 4 Oct 2024 16:59:14 +0100 +Subject: [PATCH] Fix crash when reloading DHCP config on SIGHUP. + + Confusion in the code to free old DHCP configuration when it's + being reloaded causes invalid pointers to be followed and a crash. + + https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017764.html + + has a more complete explanation of the problem. + +Conflict:NA +Reference:https://github.com/rhuijben/dnsmasq/commit/f006be7842104a9f86fbf419326b7aad08ade61d + +--- + src/option.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/option.c b/src/option.c +index f4ff7c0..ed0d9e1 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -1336,7 +1336,7 @@ static void dhcp_netid_free(struct dhcp_netid *nid) + + /* Parse one or more tag:s before parameters. + * Moves arg to the end of tags. */ +-static struct dhcp_netid * dhcp_tags(char **arg) ++static struct dhcp_netid *dhcp_tags(char **arg) + { + struct dhcp_netid *id = NULL; + +@@ -1360,7 +1360,13 @@ static void dhcp_netid_list_free(struct dhcp_netid_list *netid) + { + struct dhcp_netid_list *tmplist = netid; + netid = netid->next; +- dhcp_netid_free(tmplist->list); ++ /* Note: don't use dhcp_netid_free() here, since that ++ frees a list linked on netid->next. Where a netid_list ++ is used that's because the the ->next pointers in the ++ netids are being used to temporarily construct ++ a list of valid tags. */ ++ free(tmplist->list->net); ++ free(tmplist->list); + free(tmplist); + } + } +-- +2.33.0 + diff --git a/dnsmasq.spec b/dnsmasq.spec index 54c607c..f9d8662 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq Version: 2.82 -Release: 15 +Release: 16 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -39,6 +39,7 @@ Patch28: backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch Patch29: backport-Reduce-code-duplication-reuse-existing-functions.patch Patch30: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch Patch31: backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch +Patch32: backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd Requires: nettle >= 3.4 %{name}-help @@ -131,6 +132,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Sat Oct 12 2024 huyizhen - 2.82-16 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:Fix crash when reloading DHCP config on SIGHUP + * Mon Jul 8 2024 renmingshuai - 2.82-15 - Type:CVE - Id: -- Gitee