This is a backport from the dnsmasq master which should fix a bug which could cause a crash in dnsmasq.
I saw the following crashes in my log: [522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450 [522413.124464] epc = 004197f1 in dnsmasq[400000+23000] [522413.129459] ra = 004197ef in dnsmasq[400000+23000] This is happening in blockdata_write() when block->next is dereferenced, but I am not sure if this is related to this problem or if this is a different problem. I am unable to reproduce this problem. Signed-off-by: Hauke Mehrtens <[email protected]> --- ...egative-SRV-response-over-TCP-gets-s.patch | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch diff --git a/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch new file mode 100644 index 0000000000..5b1d59566d --- /dev/null +++ b/package/network/services/dnsmasq/patches/0040-Fix-crash-when-negative-SRV-response-over-TCP-gets-s.patch @@ -0,0 +1,35 @@ +From e710c34469af4378c2db6fa0b0be88313adcb68f Mon Sep 17 00:00:00 2001 +From: Alin Nastac <[email protected]> +Date: Mon, 30 Sep 2019 15:30:26 +0100 +Subject: [PATCH] Fix crash when negative SRV response over TCP gets stored in + LRU cache entry. + +Patch extended to receive side of pipe by SRK. +--- + src/cache.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/src/cache.c ++++ b/src/cache.c +@@ -665,7 +665,11 @@ void cache_end_insert(void) + if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV)) + read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); + if (flags & F_SRV) +- blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); ++ { ++ /* A negative SRV entry is possible and has no data, obviously. */ ++ if (!(flags & F_NEG)) ++ blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); ++ } + #ifdef HAVE_DNSSEC + if (flags & F_DNSKEY) + { +@@ -737,7 +741,7 @@ int cache_recv_insert(time_t now, int fd + if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) + return 0; + +- if (flags & F_SRV && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) ++ if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) + return 0; + + #ifdef HAVE_DNSSEC -- 2.20.1 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
