[PATCH] dnsmasq 2.76: latest patches from upstream (004-009)

[PATCH] dnsmasq 2.76: latest patches from upstream (004-009)

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 15211 bytes --]

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/dnsmasq                                        |  6 ++
 .../004-Fix_editing_error_on_man_page.patch        | 40 ++++++++++
 src/patches/dnsmasq/005-Manpage_typo.patch         | 25 ++++++
 ...aviour_with_some_DHCP_option_arrangements.patch | 49 ++++++++++++
 ...007-Fix_logic_error_in_Linux_netlink_code.patch | 55 +++++++++++++
 .../008-Fix_problem_with_--dnssec-timestamp.patch  | 93 ++++++++++++++++++++++
 .../009-malloc_memset_calloc_for_efficiency.patch  | 46 +++++++++++
 7 files changed, 314 insertions(+)
 create mode 100644 src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
 create mode 100644 src/patches/dnsmasq/005-Manpage_typo.patch
 create mode 100644 src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
 create mode 100644 src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
 create mode 100644 src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
 create mode 100644 src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch

diff --git a/lfs/dnsmasq b/lfs/dnsmasq
index 5782f77..a0fdc50 100644
--- a/lfs/dnsmasq
+++ b/lfs/dnsmasq
@@ -76,6 +76,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-Check_return_of_expand_always.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-Manpage_typo.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
 
 	cd $(DIR_APP) && sed -i src/config.h \
diff --git a/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch b/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
new file mode 100644
index 0000000..f4d0d20
--- /dev/null
+++ b/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
@@ -0,0 +1,40 @@
+From 5874f3e9222397d82aabd9884d9bf5ce7e4109b0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Sun, 10 Jul 2016 22:12:08 +0100
+Subject: [PATCH] Fix editing error on man page.
+
+Thanks to Eric Westbrook for spotting this.
+---
+ man/dnsmasq.8 |    9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 0521534..bd8c0b3 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -1037,6 +1037,10 @@ is given, then read all the files contained in that directory. The advantage of
+ using this option is the same as for --dhcp-hostsfile: the
+ dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
+ it is possible to encode the information in a
++.B --dhcp-boot
++flag as DHCP options, using the options names bootfile-name,
++server-ip-address and tftp-server. This allows these to be included
++in a dhcp-optsfile.
+ .TP
+ .B --dhcp-hostsdir=<path>
+ This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a
+@@ -1048,11 +1052,6 @@ is restarted; ie host records are only added dynamically.
+ .TP
+ .B --dhcp-optsdir=<path>
+ This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir.
+-.TP
+-.B --dhcp-boot
+-flag as DHCP options, using the options names bootfile-name,
+-server-ip-address and tftp-server. This allows these to be included
+-in a dhcp-optsfile.
+ .TP 
+ .B \-Z, --read-ethers
+ Read /etc/ethers for information about hosts for the DHCP server. The
+-- 
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/005-Manpage_typo.patch b/src/patches/dnsmasq/005-Manpage_typo.patch
new file mode 100644
index 0000000..52f16de
--- /dev/null
+++ b/src/patches/dnsmasq/005-Manpage_typo.patch
@@ -0,0 +1,25 @@
+From 907efeb2dc712603271093bce8a93c7c3e6fe64d Mon Sep 17 00:00:00 2001
+From: Kristjan Onu <jeixav(a)gmail.com>
+Date: Sun, 10 Jul 2016 22:37:57 +0100
+Subject: [PATCH] Manpage typo.
+
+---
+ man/dnsmasq.8 |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index bd8c0b3..ac8d921 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -242,7 +242,7 @@ addresses associated with the interface.
+ .B --local-service
+ Accept DNS queries only from hosts whose address is on a local subnet,
+ ie a subnet for which an interface exists on the server. This option
+-only has effect is there are no --interface --except-interface,
++only has effect if there are no --interface --except-interface,
+ --listen-address or --auth-server options. It is intended to be set as
+ a default on installation, to allow unconfigured installations to be
+ useful but also safe from being used for DNS amplification attacks.
+-- 
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch b/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
new file mode 100644
index 0000000..ec17115
--- /dev/null
+++ b/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
@@ -0,0 +1,49 @@
+From 591ed1e90503817938ccf5f127e677a8dd48b6d8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 11 Jul 2016 18:18:42 +0100
+Subject: [PATCH] Fix bad behaviour with some DHCP option arrangements.
+
+The check that there's enough space to store the DHCP agent-id
+at the end of the packet could succeed when it should fail
+if the END option is in either of the oprion-overload areas.
+That could overwrite legit options in the request and cause
+bad behaviour. It's highly unlikely that any sane DHCP client
+would trigger this bug, and it's never been seen, but this
+fixes the problem.
+
+Also fix off-by-one in bounds checking of option processing.
+Worst case scenario on that is a read one byte beyond the
+end off a buffer with a crafted packet, and maybe therefore
+a SIGV crash if the memory after the buffer is not mapped.
+
+Thanks to Timothy Becker for spotting these.
+---
+ src/rfc2131.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index b7c167e..8b99d4b 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -186,7 +186,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ 	     be enough free space at the end of the packet to copy the option. */
+ 	  unsigned char *sopt;
+ 	  unsigned int total = option_len(opt) + 2;
+-	  unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0);
++	  unsigned char *last_opt = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + sz,
++						 OPTION_END, 0);
+ 	  if (last_opt && last_opt < end - total)
+ 	    {
+ 	      end -= total;
+@@ -1606,7 +1607,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt
+ {
+   while (1) 
+     {
+-      if (p > end)
++      if (p >= end)
+ 	return NULL;
+       else if (*p == OPTION_END)
+ 	return opt == OPTION_END ? p : NULL;
+-- 
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch b/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
new file mode 100644
index 0000000..6a79eac
--- /dev/null
+++ b/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
@@ -0,0 +1,55 @@
+From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001
+From: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru>
+Date: Mon, 11 Jul 2016 18:36:05 +0100
+Subject: [PATCH] Fix logic error in Linux netlink code.
+
+This could cause dnsmasq to enter a tight loop on systems
+with a very large number of network interfaces.
+---
+ CHANGELOG     |    6 ++++++
+ src/netlink.c |    8 +++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0559a6f..59c9c49 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -11,6 +11,12 @@ version 2.77
+ 	    Thanks to Mozilla for funding the security audit 
+ 	    which spotted this bug.
+ 
++	    Fix logic error in Linux netlink code. This could
++	    cause dnsmasq to enter a tight loop on systems
++	    with a very large number of network interfaces.
++	    Thanks to Ivan Kokshaysky for the diagnosis and
++	    patch.
++
+ 
+ version 2.76
+             Include 0.0.0.0/8 in DNS rebind checks. This range 
+diff --git a/src/netlink.c b/src/netlink.c
+index 049247b..8cd51af 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -188,11 +188,17 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+ 	}
+ 
+       for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+-	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
++	if (h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+ 	  {
+ 	    /* May be multicast arriving async */
+ 	    nl_async(h);
+ 	  }
++	else if (h->nlmsg_seq != seq)
++	  {
++	    /* May be part of incomplete response to previous request after
++	       ENOBUFS. Drop it. */
++	    continue;
++	  }
+ 	else if (h->nlmsg_type == NLMSG_DONE)
+ 	  return callback_ok;
+ 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
+-- 
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch b/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
new file mode 100644
index 0000000..b32d17a
--- /dev/null
+++ b/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
@@ -0,0 +1,93 @@
+From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <kevin(a)darbyshire-bryant.me.uk>
+Date: Mon, 11 Jul 2016 21:03:27 +0100
+Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of
+ SIGHUP would erroneously engage timestamp checking.
+
+---
+ CHANGELOG     |    4 ++++
+ src/dnsmasq.c |    7 ++++---
+ src/dnsmasq.h |    1 +
+ src/dnssec.c  |    5 +++--
+ 4 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 59c9c49..9f1e404 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -17,6 +17,10 @@ version 2.77
+ 	    Thanks to Ivan Kokshaysky for the diagnosis and
+ 	    patch.
+ 
++ 	    Fix problem with --dnssec-timestamp whereby receipt
++            of SIGHUP would erroneously engage timestamp checking.
++	    Thanks to Kevin Darbyshire-Bryant for this work.
++	
+ 
+ version 2.76
+             Include 0.0.0.0/8 in DNS rebind checks. This range 
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 045ec53..a47273f 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -750,7 +750,8 @@ int main (int argc, char **argv)
+       
+       my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+       
+-      if (option_bool(OPT_DNSSEC_TIME))
++      daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
++      if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
+ 	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
+       
+       if (rc == 1)
+@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
+       {
+       case EVENT_RELOAD:
+ #ifdef HAVE_DNSSEC
+-	if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
++	if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+ 	  {
+ 	    my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
+-	    reset_option_bool(OPT_DNSSEC_TIME);
++	    daemon->dnssec_no_time_check = 0;
+ 	  } 
+ #endif
+ 	/* fall through */
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 1896a64..be27ae0 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -992,6 +992,7 @@ extern struct daemon {
+ #endif
+ #ifdef HAVE_DNSSEC
+   struct ds_config *ds;
++  int dnssec_no_time_check;
+   int back_to_the_future;
+   char *timestamp_file;
+ #endif
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 3c77c7d..64358fa 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
+ 	  if (utime(daemon->timestamp_file, NULL) != 0)
+ 	    my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
+ 	  
++	  my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
+ 	  daemon->back_to_the_future = 1;
+-	  set_option_bool(OPT_DNSSEC_TIME);
++	  daemon->dnssec_no_time_check = 0;
+ 	  queue_event(EVENT_RELOAD); /* purge cache */
+ 	} 
+ 
+       if (daemon->back_to_the_future == 0)
+ 	return 1;
+     }
+-  else if (option_bool(OPT_DNSSEC_TIME))
++  else if (daemon->dnssec_no_time_check)
+     return 1;
+   
+   /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
+-- 
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch b/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
new file mode 100644
index 0000000..0300853
--- /dev/null
+++ b/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
@@ -0,0 +1,46 @@
+From d6dce53e08b3a06be16d43e1bf566c6c1988e4a9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 11 Jul 2016 21:34:31 +0100
+Subject: [PATCH] malloc(); memset()  -> calloc() for efficiency.
+
+---
+ src/util.c |   10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 82443c9..211690e 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -244,13 +244,11 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
+ /* for use during startup */
+ void *safe_malloc(size_t size)
+ {
+-  void *ret = malloc(size);
++  void *ret = calloc(1, size);
+   
+   if (!ret)
+     die(_("could not get memory"), NULL, EC_NOMEM);
+-  else
+-    memset(ret, 0, size);
+-     
++      
+   return ret;
+ }    
+ 
+@@ -264,12 +262,10 @@ void safe_pipe(int *fd, int read_noblock)
+ 
+ void *whine_malloc(size_t size)
+ {
+-  void *ret = malloc(size);
++  void *ret = calloc(1, size);
+ 
+   if (!ret)
+     my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
+-  else
+-    memset(ret, 0, size);
+   
+   return ret;
+ }
+-- 
+1.7.10.4
+
-- 
2.9.1