From 9ff9e05360f99b4197f77c74be81fcde3c28511d Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Wed, 15 Jan 2020 02:06:04 +0800 Subject: [PATCH] dnsmasq: Fix potential dnsmasq crash with TCP --- ...egative-SRV-response-over-TCP-gets-s.patch | 35 +++++++++++++++++++ package/network/services/dropbear/Makefile | 1 + package/network/services/hostapd/Makefile | 1 + package/network/services/uhttpd/Makefile | 1 + 4 files changed, 38 insertions(+) create mode 100644 package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch diff --git a/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch new file mode 100644 index 0000000000..5b1d59566d --- /dev/null +++ b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch @@ -0,0 +1,35 @@ +From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001 +From: Alin Nastac +Date: Mon, 30 Sep 2019 15:30:26 +0100 +Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in + LRU cache entry. + +Patch extended to receive side of pipe by SRK. +--- + src/cache.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -665,7 +665,11 @@ void cache_end_insert(void) + if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); + if (flags & F_SRV) +- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); ++ { ++ /* A negative SRV entry is possible and has no data, obviously. */ ++ if (!(flags & F_NEG)) ++ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); ++ } + #ifdef HAVE_DNSSEC + if (flags & F_DNSKEY) + { +@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd + if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) + return 0; + +- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) ++ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) + return 0; + + #ifdef HAVE_DNSSEC diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 75a3264ebb..561546d9ce 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -22,6 +22,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_CPE_ID:=cpe:/a:matt_johnston:dropbear_ssh_server PKG_BUILD_PARALLEL:=1 +PKG_ASLR_PIE_REGULAR:=1 PKG_USE_MIPS16:=0 PKG_FIXUP:=autoreconf diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 86534054b8..acf619f84e 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -20,6 +20,7 @@ PKG_LICENSE:=BSD-3-Clause PKG_CPE_ID:=cpe:/a:w1.fi:hostapd PKG_BUILD_PARALLEL:=1 +PKG_ASLR_PIE_REGULAR:=1 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_kmod-ath9k \ diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile index e1418d64c4..36dbe636ae 100644 --- a/package/network/services/uhttpd/Makefile +++ b/package/network/services/uhttpd/Makefile @@ -18,6 +18,7 @@ PKG_MIRROR_HASH:=16977c2d7e68f6db3241f874df625af9bd3bafa06fe4499ecb3561c825321e5 PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=ISC +PKG_ASLR_PIE_REGULAR:=1 PKG_BUILD_DEPENDS = ustream-ssl PKG_CONFIG_DEPENDS:= CONFIG_uhttpd_lua