!127 [sync] PR-122: Fix crash when reloading DHCP config on SIGHUP

From: @openeuler-sync-bot Reviewed-by: @jiangheng12 Signed-off-by: @jiangheng12
2024-11-11 12:06:35 +00:00 · 2024-11-11 12:06:35 +00:00 · bf318b2894
commit bf318b2894
parent ac500ebd50 e3f1b17814
2 changed files with 58 additions and 1 deletions
--- a/backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
+++ b/backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
@ -0,0 +1,50 @@
+From f006be7842104a9f86fbf419326b7aad08ade61d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 4 Oct 2024 16:59:14 +0100
+Subject: [PATCH] Fix crash when reloading DHCP config on SIGHUP.
+ 
+ Confusion in the code to free old DHCP configuration when it's
+ being reloaded causes invalid pointers to be followed and a crash.
+ 
+ https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017764.html
+ 
+ has a more complete explanation of the problem.
+ 
+Conflict:NA
+Reference:https://github.com/rhuijben/dnsmasq/commit/f006be7842104a9f86fbf419326b7aad08ade61d
+ 
+---
+ src/option.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+ 
+diff --git a/src/option.c b/src/option.c
+index f4ff7c0..ed0d9e1 100644
+--- a/src/option.c
+++ b/src/option.c
+@@ -1336,7 +1336,7 @@ static void dhcp_netid_free(struct dhcp_netid *nid)
+ 
+ /* Parse one or more tag:s before parameters.
+  * Moves arg to the end of tags. */
+-static struct dhcp_netid * dhcp_tags(char **arg)
+static struct dhcp_netid *dhcp_tags(char **arg)
+ {
+   struct dhcp_netid *id = NULL;
+ 
+@@ -1360,7 +1360,13 @@ static void dhcp_netid_list_free(struct dhcp_netid_list *netid)
+     {
+       struct dhcp_netid_list *tmplist = netid;
+       netid = netid->next;
+-      dhcp_netid_free(tmplist->list);
+      /* Note: don't use dhcp_netid_free() here, since that 
+	 frees a list linked on netid->next. Where a netid_list
+	 is used that's because the the ->next pointers in the
+	 netids are being used to temporarily construct 
+	 a list of valid tags. */
+      free(tmplist->list->net);
+      free(tmplist->list);
+       free(tmplist);
+     }
+ }
+-- 
+2.33.0
+
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@ -1,6 +1,6 @@
 Name:           dnsmasq
 Version:        2.86
-Release:        8
+Release:        9
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@ -48,6 +48,7 @@ Patch37:        backport-Fix-massive-confusion-on-server-reload.patch
 Patch38:        backport-Fix-use-after-free-in-mark_servers.patch
 Patch39:        backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch
 Patch40:        backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch
+Patch41:        backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch

 BuildRequires:  gcc
 BuildRequires:  dbus-devel pkgconfig libidn2-devel nettle-devel systemd
@ -137,6 +138,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*

 %changelog
+* Sat Oct 12 2024 huyizhen <huyizhen2@huawei.com> - 2.86-9
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:Fix crash when reloading DHCP config on SIGHUP
+
 * Tue Jun 11 2024 renmingshuai <renmingshuai@huawei.com> - 2.86-8
 - Type:CVE
 - Id:CVE-2023-49441