Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
lfs/dnsmasq | 6 ++
.../004-Fix_editing_error_on_man_page.patch | 40 ++++++++++
src/patches/dnsmasq/005-Manpage_typo.patch | 25 ++++++
...aviour_with_some_DHCP_option_arrangements.patch | 49 ++++++++++++
...007-Fix_logic_error_in_Linux_netlink_code.patch | 55 +++++++++++++
.../008-Fix_problem_with_--dnssec-timestamp.patch | 93 ++++++++++++++++++++++
.../009-malloc_memset_calloc_for_efficiency.patch | 46 +++++++++++
7 files changed, 314 insertions(+)
create mode 100644 src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
create mode 100644 src/patches/dnsmasq/005-Manpage_typo.patch
create mode 100644 src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
create mode 100644 src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
create mode 100644 src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
create mode 100644 src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
diff --git a/lfs/dnsmasq b/lfs/dnsmasq
index 5782f77..a0fdc50 100644
--- a/lfs/dnsmasq
+++ b/lfs/dnsmasq
@@ -76,6 +76,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-Check_return_of_expand_always.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-Manpage_typo.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
diff --git a/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch b/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
new file mode 100644
index 0000000..f4d0d20
--- /dev/null
+++ b/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
@@ -0,0 +1,40 @@
+From 5874f3e9222397d82aabd9884d9bf5ce7e4109b0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Sun, 10 Jul 2016 22:12:08 +0100
+Subject: [PATCH] Fix editing error on man page.
+
+Thanks to Eric Westbrook for spotting this.
+---
+ man/dnsmasq.8 | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 0521534..bd8c0b3 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -1037,6 +1037,10 @@ is given, then read all the files contained in that directory. The advantage of
+ using this option is the same as for --dhcp-hostsfile: the
+ dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
+ it is possible to encode the information in a
++.B --dhcp-boot
++flag as DHCP options, using the options names bootfile-name,
++server-ip-address and tftp-server. This allows these to be included
++in a dhcp-optsfile.
+ .TP
+ .B --dhcp-hostsdir=<path>
+ This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a
+@@ -1048,11 +1052,6 @@ is restarted; ie host records are only added dynamically.
+ .TP
+ .B --dhcp-optsdir=<path>
+ This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir.
+-.TP
+-.B --dhcp-boot
+-flag as DHCP options, using the options names bootfile-name,
+-server-ip-address and tftp-server. This allows these to be included
+-in a dhcp-optsfile.
+ .TP
+ .B \-Z, --read-ethers
+ Read /etc/ethers for information about hosts for the DHCP server. The
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/005-Manpage_typo.patch b/src/patches/dnsmasq/005-Manpage_typo.patch
new file mode 100644
index 0000000..52f16de
--- /dev/null
+++ b/src/patches/dnsmasq/005-Manpage_typo.patch
@@ -0,0 +1,25 @@
+From 907efeb2dc712603271093bce8a93c7c3e6fe64d Mon Sep 17 00:00:00 2001
+From: Kristjan Onu <jeixav(a)gmail.com>
+Date: Sun, 10 Jul 2016 22:37:57 +0100
+Subject: [PATCH] Manpage typo.
+
+---
+ man/dnsmasq.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index bd8c0b3..ac8d921 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -242,7 +242,7 @@ addresses associated with the interface.
+ .B --local-service
+ Accept DNS queries only from hosts whose address is on a local subnet,
+ ie a subnet for which an interface exists on the server. This option
+-only has effect is there are no --interface --except-interface,
++only has effect if there are no --interface --except-interface,
+ --listen-address or --auth-server options. It is intended to be set as
+ a default on installation, to allow unconfigured installations to be
+ useful but also safe from being used for DNS amplification attacks.
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch b/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
new file mode 100644
index 0000000..ec17115
--- /dev/null
+++ b/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
@@ -0,0 +1,49 @@
+From 591ed1e90503817938ccf5f127e677a8dd48b6d8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 11 Jul 2016 18:18:42 +0100
+Subject: [PATCH] Fix bad behaviour with some DHCP option arrangements.
+
+The check that there's enough space to store the DHCP agent-id
+at the end of the packet could succeed when it should fail
+if the END option is in either of the oprion-overload areas.
+That could overwrite legit options in the request and cause
+bad behaviour. It's highly unlikely that any sane DHCP client
+would trigger this bug, and it's never been seen, but this
+fixes the problem.
+
+Also fix off-by-one in bounds checking of option processing.
+Worst case scenario on that is a read one byte beyond the
+end off a buffer with a crafted packet, and maybe therefore
+a SIGV crash if the memory after the buffer is not mapped.
+
+Thanks to Timothy Becker for spotting these.
+---
+ src/rfc2131.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index b7c167e..8b99d4b 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -186,7 +186,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ be enough free space at the end of the packet to copy the option. */
+ unsigned char *sopt;
+ unsigned int total = option_len(opt) + 2;
+- unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0);
++ unsigned char *last_opt = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + sz,
++ OPTION_END, 0);
+ if (last_opt && last_opt < end - total)
+ {
+ end -= total;
+@@ -1606,7 +1607,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt
+ {
+ while (1)
+ {
+- if (p > end)
++ if (p >= end)
+ return NULL;
+ else if (*p == OPTION_END)
+ return opt == OPTION_END ? p : NULL;
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch b/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
new file mode 100644
index 0000000..6a79eac
--- /dev/null
+++ b/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
@@ -0,0 +1,55 @@
+From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001
+From: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru>
+Date: Mon, 11 Jul 2016 18:36:05 +0100
+Subject: [PATCH] Fix logic error in Linux netlink code.
+
+This could cause dnsmasq to enter a tight loop on systems
+with a very large number of network interfaces.
+---
+ CHANGELOG | 6 ++++++
+ src/netlink.c | 8 +++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0559a6f..59c9c49 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -11,6 +11,12 @@ version 2.77
+ Thanks to Mozilla for funding the security audit
+ which spotted this bug.
+
++ Fix logic error in Linux netlink code. This could
++ cause dnsmasq to enter a tight loop on systems
++ with a very large number of network interfaces.
++ Thanks to Ivan Kokshaysky for the diagnosis and
++ patch.
++
+
+ version 2.76
+ Include 0.0.0.0/8 in DNS rebind checks. This range
+diff --git a/src/netlink.c b/src/netlink.c
+index 049247b..8cd51af 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -188,11 +188,17 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+ }
+
+ for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+- if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
++ if (h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+ {
+ /* May be multicast arriving async */
+ nl_async(h);
+ }
++ else if (h->nlmsg_seq != seq)
++ {
++ /* May be part of incomplete response to previous request after
++ ENOBUFS. Drop it. */
++ continue;
++ }
+ else if (h->nlmsg_type == NLMSG_DONE)
+ return callback_ok;
+ else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch b/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
new file mode 100644
index 0000000..b32d17a
--- /dev/null
+++ b/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
@@ -0,0 +1,93 @@
+From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <kevin(a)darbyshire-bryant.me.uk>
+Date: Mon, 11 Jul 2016 21:03:27 +0100
+Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of
+ SIGHUP would erroneously engage timestamp checking.
+
+---
+ CHANGELOG | 4 ++++
+ src/dnsmasq.c | 7 ++++---
+ src/dnsmasq.h | 1 +
+ src/dnssec.c | 5 +++--
+ 4 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 59c9c49..9f1e404 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -17,6 +17,10 @@ version 2.77
+ Thanks to Ivan Kokshaysky for the diagnosis and
+ patch.
+
++ Fix problem with --dnssec-timestamp whereby receipt
++ of SIGHUP would erroneously engage timestamp checking.
++ Thanks to Kevin Darbyshire-Bryant for this work.
++
+
+ version 2.76
+ Include 0.0.0.0/8 in DNS rebind checks. This range
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 045ec53..a47273f 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -750,7 +750,8 @@ int main (int argc, char **argv)
+
+ my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+
+- if (option_bool(OPT_DNSSEC_TIME))
++ daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
++ if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
+ my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
+
+ if (rc == 1)
+@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
+ {
+ case EVENT_RELOAD:
+ #ifdef HAVE_DNSSEC
+- if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
++ if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+ {
+ my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
+- reset_option_bool(OPT_DNSSEC_TIME);
++ daemon->dnssec_no_time_check = 0;
+ }
+ #endif
+ /* fall through */
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 1896a64..be27ae0 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -992,6 +992,7 @@ extern struct daemon {
+ #endif
+ #ifdef HAVE_DNSSEC
+ struct ds_config *ds;
++ int dnssec_no_time_check;
+ int back_to_the_future;
+ char *timestamp_file;
+ #endif
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 3c77c7d..64358fa 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
+ if (utime(daemon->timestamp_file, NULL) != 0)
+ my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
+
++ my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
+ daemon->back_to_the_future = 1;
+- set_option_bool(OPT_DNSSEC_TIME);
++ daemon->dnssec_no_time_check = 0;
+ queue_event(EVENT_RELOAD); /* purge cache */
+ }
+
+ if (daemon->back_to_the_future == 0)
+ return 1;
+ }
+- else if (option_bool(OPT_DNSSEC_TIME))
++ else if (daemon->dnssec_no_time_check)
+ return 1;
+
+ /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch b/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
new file mode 100644
index 0000000..0300853
--- /dev/null
+++ b/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
@@ -0,0 +1,46 @@
+From d6dce53e08b3a06be16d43e1bf566c6c1988e4a9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 11 Jul 2016 21:34:31 +0100
+Subject: [PATCH] malloc(); memset() -> calloc() for efficiency.
+
+---
+ src/util.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 82443c9..211690e 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -244,13 +244,11 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
+ /* for use during startup */
+ void *safe_malloc(size_t size)
+ {
+- void *ret = malloc(size);
++ void *ret = calloc(1, size);
+
+ if (!ret)
+ die(_("could not get memory"), NULL, EC_NOMEM);
+- else
+- memset(ret, 0, size);
+-
++
+ return ret;
+ }
+
+@@ -264,12 +262,10 @@ void safe_pipe(int *fd, int read_noblock)
+
+ void *whine_malloc(size_t size)
+ {
+- void *ret = malloc(size);
++ void *ret = calloc(1, size);
+
+ if (!ret)
+ my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
+- else
+- memset(ret, 0, size);
+
+ return ret;
+ }
+--
+1.7.10.4
+
--
2.9.1
