aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-12-19 09:05:54 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2019-12-19 10:25:06 +0100
commit756199c70f06ea647ed81f59c6282ef53f0371aa (patch)
treeca4b64ed1008e13077b8b357d2e4a72d8b805c8f
parent3f65ba5a6c84cbb4708025fd01ca9cc1f399c816 (diff)
downloadaports-756199c70f06ea647ed81f59c6282ef53f0371aa.tar.gz
aports-756199c70f06ea647ed81f59c6282ef53f0371aa.tar.bz2
aports-756199c70f06ea647ed81f59c6282ef53f0371aa.tar.xz
main/dnsmasq: fix CVE-2019-14834
fixes #11051
-rw-r--r--main/dnsmasq/APKBUILD8
-rw-r--r--main/dnsmasq/CVE-2019-14834.patch46
2 files changed, 52 insertions, 2 deletions
diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD
index 044dd128cb..1981c695ed 100644
--- a/main/dnsmasq/APKBUILD
+++ b/main/dnsmasq/APKBUILD
@@ -2,6 +2,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.79-r4:
+# - CVE-2019-14834
# 2.79-r0:
# - CVE-2017-15107
# 2.78-r0:
@@ -15,7 +17,7 @@
#
pkgname=dnsmasq
pkgver=2.79
-pkgrel=3
+pkgrel=4
pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
url="http://www.thekelleys.org.uk/dnsmasq/"
arch="all"
@@ -29,6 +31,7 @@ source="http://www.thekelleys.org.uk/dnsmasq/$pkgname-$pkgver.tar.gz
$pkgname.initd
$pkgname.confd
uncomment-conf-dir.patch
+ CVE-2019-14834.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -76,4 +79,5 @@ dnssec() {
sha512sums="c808abc8f24f302cac3609a78fa5a402019a397a248156cda9ce60e6cd706b9f689772af5301c8d1475c3cbbe39ea1528c1e1406f9ec0b7e8153a0899be02352 dnsmasq-2.79.tar.gz
dd283b280d74ae17cc6b68f3074c3fbad1f6ddddf7f56658b4324d14d7d91cb8b370fa3a307cec0e17de6e6d627af08d265422b10159942a5d15dc17e827f3b4 dnsmasq.initd
9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd
-d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch"
+d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch
+d4d11945578430da629d7a38b00eb552cd95b1c438a0b85b63ba637ed19b4283623e39692f48146132b7cb5d453eaa3c07680f1514017d8d458e347153215a9b CVE-2019-14834.patch"
diff --git a/main/dnsmasq/CVE-2019-14834.patch b/main/dnsmasq/CVE-2019-14834.patch
new file mode 100644
index 0000000000..5f60f5f1d9
--- /dev/null
+++ b/main/dnsmasq/CVE-2019-14834.patch
@@ -0,0 +1,46 @@
+From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:44:50 +0100
+Subject: [PATCH] Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+---
+ src/helper.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ pid_t pid;
+ int i, pipefd[2];
+ struct sigaction sigact;
+-
++ unsigned char *alloc_buff = NULL;
++
+ /* create the pipe through which the main program sends us commands,
+ then fork our process. */
+ if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ struct script_data data;
+ char *p, *action_str, *hostname = NULL, *domain = NULL;
+ unsigned char *buf = (unsigned char *)daemon->namebuff;
+- unsigned char *end, *extradata, *alloc_buff = NULL;
++ unsigned char *end, *extradata;
+ int is6, err = 0;
+ int pipeout[2];
+
+- free(alloc_buff);
++ /* Free rarely-allocated memory from previous iteration. */
++ if (alloc_buff)
++ {
++ free(alloc_buff);
++ alloc_buff = NULL;
++ }
+
+ /* we read zero bytes when pipe closed: this is our signal to exit */
+ if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+--
+1.7.10.4
+