From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/dnsmasq: fix CVE-2019-14834
Date: Sat, 29 Feb 2020 16:12:45 +0100 [thread overview]
Message-ID: <20200229151245.GL8743@scaer> (raw)
In-Reply-To: <20200229133437.2780453-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2020-02-29 14:34 +0100, Fabrice Fontaine spake thusly:
> A vulnerability was found in dnsmasq before version 2.81, where the
> memory leak allows remote attackers to cause a denial of service
> (memory consumption) via vectors involving DHCP response creation.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> .../0004-Fix-memory-leak-in-helper-c.patch | 49 +++++++++++++++++++
> package/dnsmasq/dnsmasq.mk | 3 ++
> 2 files changed, 52 insertions(+)
> create mode 100644 package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch
>
> diff --git a/package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch b/package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch
> new file mode 100644
> index 0000000000..c00a9cc3ef
> --- /dev/null
> +++ b/package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch
> @@ -0,0 +1,49 @@
> +From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
> +From: Simon Kelley <simon@thekelleys.org.uk>
> +Date: Wed, 14 Aug 2019 20:44:50 +0100
> +Subject: [PATCH] Fix memory leak in helper.c
> +
> +Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
> +[Retrieved from:
> +http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5]
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +---
> + src/helper.c | 12 +++++++++---
> + 1 file changed, 9 insertions(+), 3 deletions(-)
> +
> +diff --git a/src/helper.c b/src/helper.c
> +index 33ba120..c392eec 100644
> +--- a/src/helper.c
> ++++ b/src/helper.c
> +@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
> + pid_t pid;
> + int i, pipefd[2];
> + struct sigaction sigact;
> +-
> ++ unsigned char *alloc_buff = NULL;
> ++
> + /* create the pipe through which the main program sends us commands,
> + then fork our process. */
> + if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
> +@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
> + struct script_data data;
> + char *p, *action_str, *hostname = NULL, *domain = NULL;
> + unsigned char *buf = (unsigned char *)daemon->namebuff;
> +- unsigned char *end, *extradata, *alloc_buff = NULL;
> ++ unsigned char *end, *extradata;
> + int is6, err = 0;
> + int pipeout[2];
> +
> +- free(alloc_buff);
> ++ /* Free rarely-allocated memory from previous iteration. */
> ++ if (alloc_buff)
> ++ {
> ++ free(alloc_buff);
> ++ alloc_buff = NULL;
> ++ }
> +
> + /* we read zero bytes when pipe closed: this is our signal to exit */
> + if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
> +--
> +1.7.10.4
> +
> diff --git a/package/dnsmasq/dnsmasq.mk b/package/dnsmasq/dnsmasq.mk
> index f271523068..3f25ac0885 100644
> --- a/package/dnsmasq/dnsmasq.mk
> +++ b/package/dnsmasq/dnsmasq.mk
> @@ -15,6 +15,9 @@ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
> DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
> DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
>
> +# 0004-Fix-memory-leak-in-helper-c.patch
> +DNSMASQ_IGNORE_CVES += CVE-2019-14834
> +
> DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)
>
> ifneq ($(BR2_PACKAGE_DNSMASQ_DHCP),y)
> --
> 2.25.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2020-02-29 15:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-29 13:34 [Buildroot] [PATCH 1/1] package/dnsmasq: fix CVE-2019-14834 Fabrice Fontaine
2020-02-29 15:12 ` Yann E. MORIN [this message]
2020-03-14 17:27 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200229151245.GL8743@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.