Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-dns
diff options
context:
space:
mode:
Diffstat (limited to 'net-dns')
-rw-r--r--net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild (renamed from net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild)1
-rw-r--r--net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch39
2 files changed, 40 insertions, 0 deletions
diff --git a/net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild b/net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
index ba0e02d67311..42e58c51d0ba 100644
--- a/net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild
+++ b/net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
@@ -56,6 +56,7 @@ REQUIRED_USE="dhcp-tools? ( dhcp )
PATCHES=(
"${FILESDIR}/dnsmasq-2.80-nettle-3.5.patch"
"${FILESDIR}/dnsmasq-2.80-linux-headers-5.2.patch"
+ "${FILESDIR}/dnsmasq-2.80-cve-2019-14834.patch"
)
use_have() {
diff --git a/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch b/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch
new file mode 100644
index 000000000000..a44ceabece71
--- /dev/null
+++ b/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch
@@ -0,0 +1,39 @@
+Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+
+author: Simon Kelley <simon@thekelleys.org.uk>
+commit-url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644 (file)
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ pid_t pid;
+ int i, pipefd[2];
+ struct sigaction sigact;
+-
++ unsigned char *alloc_buff = NULL;
++
+ /* create the pipe through which the main program sends us commands,
+ then fork our process. */
+ if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ struct script_data data;
+ char *p, *action_str, *hostname = NULL, *domain = NULL;
+ unsigned char *buf = (unsigned char *)daemon->namebuff;
+- unsigned char *end, *extradata, *alloc_buff = NULL;
++ unsigned char *end, *extradata;
+ int is6, err = 0;
+ int pipeout[2];
+
+- free(alloc_buff);
++ /* Free rarely-allocated memory from previous iteration. */
++ if (alloc_buff)
++ {
++ free(alloc_buff);
++ alloc_buff = NULL;
++ }
+
+ /* we read zero bytes when pipe closed: this is our signal to exit */
+ if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))