[Buildroot] [git commit branch/2019.02.x] package/dnsmasq: fix CVE-2019-14834
Peter Korsgaard
peter at korsgaard.com
Sat Mar 14 17:26:57 UTC 2020
commit: https://git.buildroot.net/buildroot/commit/?id=80197d7feff4363feb055dd8ad45e3389884c7ab
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.02.x
A vulnerability was found in dnsmasq before version 2.81, where the
memory leak allows remote attackers to cause a denial of service
(memory consumption) via vectors involving DHCP response creation.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit d0063f2ff14101d7efe1d1a3a8374845b7bc9847)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
.../dnsmasq/0004-Fix-memory-leak-in-helper-c.patch | 49 ++++++++++++++++++++++
package/dnsmasq/dnsmasq.mk | 3 ++
2 files changed, 52 insertions(+)
diff --git a/package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch b/package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch
new file mode 100644
index 0000000000..c00a9cc3ef
--- /dev/null
+++ b/package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch
@@ -0,0 +1,49 @@
+From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon at thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:44:50 +0100
+Subject: [PATCH] Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995 at outlook.com> for spotting this.
+[Retrieved from:
+http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
+---
+ src/helper.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ pid_t pid;
+ int i, pipefd[2];
+ struct sigaction sigact;
+-
++ unsigned char *alloc_buff = NULL;
++
+ /* create the pipe through which the main program sends us commands,
+ then fork our process. */
+ if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ struct script_data data;
+ char *p, *action_str, *hostname = NULL, *domain = NULL;
+ unsigned char *buf = (unsigned char *)daemon->namebuff;
+- unsigned char *end, *extradata, *alloc_buff = NULL;
++ unsigned char *end, *extradata;
+ int is6, err = 0;
+ int pipeout[2];
+
+- free(alloc_buff);
++ /* Free rarely-allocated memory from previous iteration. */
++ if (alloc_buff)
++ {
++ free(alloc_buff);
++ alloc_buff = NULL;
++ }
+
+ /* we read zero bytes when pipe closed: this is our signal to exit */
+ if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+--
+1.7.10.4
+
diff --git a/package/dnsmasq/dnsmasq.mk b/package/dnsmasq/dnsmasq.mk
index 366cebf012..d0f38cb3b4 100644
--- a/package/dnsmasq/dnsmasq.mk
+++ b/package/dnsmasq/dnsmasq.mk
@@ -15,6 +15,9 @@ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
+# 0004-Fix-memory-leak-in-helper-c.patch
+DNSMASQ_IGNORE_CVES += CVE-2019-14834
+
DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)
ifneq ($(BR2_PACKAGE_DNSMASQ_DHCP),y)
More information about the buildroot
mailing list