packages/dnsmasq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!130 Fix buffer overflow when configured lease-change script name

Browse Source 
From: @xiangyu2020 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12
This commit is contained in:
openeuler-ci-bot 2024-12-17 02:17:51 +00:00 committed by Gitee
commit b53d1dd2bb
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch Normal file
View File

@ -0,0 +1,32 @@
From ae85ea38581e97445622d2dad79cd09775cb201a Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 21 Nov 2024 15:42:49 +0000
Subject: [PATCH] Fix buffer overflow when configured lease-change script name
is too long.
Thanks to Daniel Rhea for finding this one.
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=ae85ea38581e97445622d2dad79cd09775cb201a
Conflict:NA
---
src/lease.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lease.c b/src/lease.c
index 1a9f1c6..a944fbb 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -155,6 +155,10 @@ void lease_init(time_t now)
#ifdef HAVE_SCRIPT
if (daemon->lease_change_command)
{
+ /* 6 == strlen(" init") plus terminator */
+ if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
+ die(_("lease-change script name is too long"), NULL, EC_FILE);
+
strcpy(daemon->dhcp_buff, daemon->lease_change_command);
strcat(daemon->dhcp_buff, " init");
leasestream = popen(daemon->dhcp_buff, "r");
--
2.33.0

9
dnsmasq.spec
View File

@ -1,6 +1,6 @@
Name: dnsmasq Name: dnsmasq
Version: 2.82 Version: 2.82
Release: 16 Release: 17
Summary: Dnsmasq provides network infrastructure for small networks Summary: Dnsmasq provides network infrastructure for small networks
License: GPLv2 or GPLv3 License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/ URL: http://www.thekelleys.org.uk/dnsmasq/
@ -40,6 +40,7 @@ Patch29: backport-Reduce-code-duplication-reuse-existing-functions.patch
Patch30: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch Patch30: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch
Patch31: backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch Patch31: backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch
Patch32: backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch Patch32: backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
Patch33: backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
Requires: nettle >= 3.4 %{name}-help Requires: nettle >= 3.4 %{name}-help
@ -132,6 +133,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man8/dnsmasq* %{_mandir}/man8/dnsmasq*
%changelog %changelog
* Thu Dec 12 2024 huyizhen <huyizhen2@huawei.com> - 2.82-17
- Type:bugfix
- CVE:
- SUG:NA
- DESC:backport upstream patches
* Sat Oct 12 2024 huyizhen <huyizhen2@huawei.com> - 2.82-16 * Sat Oct 12 2024 huyizhen <huyizhen2@huawei.com> - 2.82-16
- Type:bugfix - Type:bugfix
- CVE: - CVE: