!95 [sync] PR-94: Fix parsing of IPv6 addresses with peer from netlink
From: @openeuler-sync-bot Reviewed-by: @gebidelidaye Signed-off-by: @gebidelidaye
This commit is contained in:
openeuler-ci-bot
Gitee
commit
43d868babd
@ -0,0 +1,71 @@
|
|||||||
|
From 770bce967cfc9967273d0acfb3ea018fb7b17522 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Fri, 27 May 2022 21:16:18 +0100
|
||||||
|
Subject: [PATCH] Fix parsing of IPv6 addresses with peer from netlink.
|
||||||
|
|
||||||
|
In the most common case, an IPv6 address doesn't have a peer and the
|
||||||
|
IFA_ADDRESS netlink attribute contains the address itself.
|
||||||
|
|
||||||
|
But if the address has a peer (typically for point to point links),
|
||||||
|
then IFA_ADDRESS contains the peer address and IFA_LOCAL contains the
|
||||||
|
address [1].
|
||||||
|
|
||||||
|
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/addrconf.c?h=v5.17#n5030
|
||||||
|
|
||||||
|
Fix the parsing of IPv6 addresses with peers, as currently dnsmasq
|
||||||
|
unsuccessfully tries to bind on the peer address.
|
||||||
|
|
||||||
|
A simple reproducer is:
|
||||||
|
|
||||||
|
dnsmasq --conf-file=/dev/null -i dummy1 -d --bind-dynamic &
|
||||||
|
sleep 2
|
||||||
|
ip link add dummy1 type dummy
|
||||||
|
ip link set dummy1 up
|
||||||
|
ip addr add dev dummy1 fd01::1/64 peer fd01::2/64
|
||||||
|
ip addr add dev dummy1 fd01::42/64
|
||||||
|
sleep 2
|
||||||
|
ss -lnp | grep dnsmasq | grep fd01
|
||||||
|
|
||||||
|
Before the patch:
|
||||||
|
dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
|
||||||
|
dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
|
||||||
|
udp UNCONN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23947,fd=14))
|
||||||
|
tcp LISTEN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23947,fd=15
|
||||||
|
|
||||||
|
After:
|
||||||
|
udp UNCONN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23973,fd=16))
|
||||||
|
udp UNCONN 0 [fd01::1]:53 [::]:* users:(("dnsmasq",pid=23973,fd=14))
|
||||||
|
tcp LISTEN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23973,fd=17))
|
||||||
|
tcp LISTEN 0 [fd01::1]:53 [::]:* users:(("dnsmasq",pid=23973,fd=15))
|
||||||
|
|
||||||
|
Conflict:NA
|
||||||
|
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=770bce967cfc9967273d0acfb3ea018fb7b17522
|
||||||
|
---
|
||||||
|
src/netlink.c | 11 ++++++++++-
|
||||||
|
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/netlink.c b/src/netlink.c
|
||||||
|
index da82943..c156cde 100644
|
||||||
|
--- a/src/netlink.c
|
||||||
|
+++ b/src/netlink.c
|
||||||
|
@@ -258,7 +258,16 @@ int iface_enumerate(int family, void *parm, int (*callback)())
|
||||||
|
|
||||||
|
while (RTA_OK(rta, len1))
|
||||||
|
{
|
||||||
|
- if (rta->rta_type == IFA_ADDRESS)
|
||||||
|
+ /*
|
||||||
|
+ * Important comment: (from if_addr.h)
|
||||||
|
+ * IFA_ADDRESS is prefix address, rather than local interface address.
|
||||||
|
+ * It makes no difference for normally configured broadcast interfaces,
|
||||||
|
+ * but for point-to-point IFA_ADDRESS is DESTINATION address,
|
||||||
|
+ * local address is supplied in IFA_LOCAL attribute.
|
||||||
|
+ */
|
||||||
|
+ if (rta->rta_type == IFA_LOCAL)
|
||||||
|
+ addrp = ((struct in6_addr *)(rta+1));
|
||||||
|
+ else if (rta->rta_type == IFA_ADDRESS && !addrp)
|
||||||
|
addrp = ((struct in6_addr *)(rta+1));
|
||||||
|
else if (rta->rta_type == IFA_CACHEINFO)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: dnsmasq
|
Name: dnsmasq
|
||||||
Version: 2.82
|
Version: 2.82
|
||||||
Release: 12
|
Release: 13
|
||||||
Summary: Dnsmasq provides network infrastructure for small networks
|
Summary: Dnsmasq provides network infrastructure for small networks
|
||||||
License: GPLv2 or GPLv3
|
License: GPLv2 or GPLv3
|
||||||
URL: http://www.thekelleys.org.uk/dnsmasq/
|
URL: http://www.thekelleys.org.uk/dnsmasq/
|
||||||
@ -35,6 +35,7 @@ Patch24: backport-0010-CVE-2021-3448.patch
|
|||||||
Patch25: backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch
|
Patch25: backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch
|
||||||
Patch26: backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
|
Patch26: backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
|
||||||
Patch27: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
|
Patch27: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
|
||||||
|
Patch28: backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
|
||||||
|
|
||||||
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
|
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
|
||||||
Requires: nettle >= 3.4 %{name}-help
|
Requires: nettle >= 3.4 %{name}-help
|
||||||
@ -127,6 +128,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
|
|||||||
%{_mandir}/man8/dnsmasq*
|
%{_mandir}/man8/dnsmasq*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Dec 5 2023 renmingshuai <renmingshuai@huawei.com> - 2.82-13
|
||||||
|
- Type:bugfix
|
||||||
|
- Id:
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:Fix parsing of IPv6 addresses with peer from netlink
|
||||||
|
|
||||||
* Tue Mar 28 2023 renmingshuai <renmingshuai@huawei.com> - 2.82-12
|
* Tue Mar 28 2023 renmingshuai <renmingshuai@huawei.com> - 2.82-12
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- Id:CVE-2023-28450
|
- Id:CVE-2023-28450
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user