From 688e19d04d67afa8cc848e91b891ba0a84ec739b Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Thu, 9 Jan 2020 18:18:45 -0800 Subject: dnsmasq: CVE-2019-14834 Backport the CVE patch from the upstream to fix the memory leak. Signed-off-by: Zhixiong Chi Signed-off-by: Khem Raj (cherry picked from commit c8ca82feb5d6ceb843aad33dada947b456f7fcac) Signed-off-by: Armin Kuster --- .../0001-dnsmasq-fix-memory-leak-in-helper-c.patch | 49 ++++++++++++++++++++++ .../recipes-support/dnsmasq/dnsmasq_2.80.bb | 1 + 2 files changed, 50 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch new file mode 100644 index 0000000000..ccd6f82ae8 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch @@ -0,0 +1,49 @@ +From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 14 Aug 2019 20:44:50 +0100 +Subject: [PATCH] Fix memory leak in helper.c + +Thanks to Xu Mingjie for spotting this. + +CVE: CVE-2019-14834 +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi +--- + src/helper.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/helper.c b/src/helper.c +index 33ba120..c392eec 100644 +--- a/src/helper.c ++++ b/src/helper.c +@@ -82,7 +82,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) + pid_t pid; + int i, pipefd[2]; + struct sigaction sigact; +- ++ unsigned char *alloc_buff = NULL; ++ + /* create the pipe through which the main program sends us commands, + then fork our process. */ + if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) +@@ -188,11 +189,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) + struct script_data data; + char *p, *action_str, *hostname = NULL, *domain = NULL; + unsigned char *buf = (unsigned char *)daemon->namebuff; +- unsigned char *end, *extradata, *alloc_buff = NULL; ++ unsigned char *end, *extradata; + int is6, err = 0; + int pipeout[2]; + +- free(alloc_buff); ++ /* Free rarely-allocated memory from previous iteration. */ ++ if (alloc_buff) ++ { ++ free(alloc_buff); ++ alloc_buff = NULL; ++ } + + /* we read zero bytes when pipe closed: this is our signal to exit */ + if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1)) +-- +1.7.10.4 diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb index 6f3d5daa62..827565051d 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.80.bb @@ -5,5 +5,6 @@ SRC_URI[dnsmasq-2.80.sha256sum] = "9e4a58f816ce0033ce383c549b7d4058ad9b823968d35 SRC_URI += "\ file://lua.patch \ file://0001-dnsmasq-fix-build-against-5.2-headers.patch \ + file://0001-dnsmasq-fix-memory-leak-in-helper-c.patch \ " -- cgit 1.2.3-korg