diff --git a/0141-Fix-memory-leak-in-helper.c.patch b/0141-Fix-memory-leak-in-helper.c.patch new file mode 100644 index 0000000..88b72f6 --- /dev/null +++ b/0141-Fix-memory-leak-in-helper.c.patch @@ -0,0 +1,46 @@ +From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 14 Aug 2019 20:44:50 +0100 +Subject: [PATCH 141/156] Fix memory leak in helper.c + +Thanks to Xu Mingjie for spotting this. +--- + src/helper.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/helper.c b/src/helper.c +index 33ba120..c392eec 100644 +--- a/src/helper.c ++++ b/src/helper.c +@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) + pid_t pid; + int i, pipefd[2]; + struct sigaction sigact; +- ++ unsigned char *alloc_buff = NULL; ++ + /* create the pipe through which the main program sends us commands, + then fork our process. */ + if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) +@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) + struct script_data data; + char *p, *action_str, *hostname = NULL, *domain = NULL; + unsigned char *buf = (unsigned char *)daemon->namebuff; +- unsigned char *end, *extradata, *alloc_buff = NULL; ++ unsigned char *end, *extradata; + int is6, err = 0; + int pipeout[2]; + +- free(alloc_buff); ++ /* Free rarely-allocated memory from previous iteration. */ ++ if (alloc_buff) ++ { ++ free(alloc_buff); ++ alloc_buff = NULL; ++ } + + /* we read zero bytes when pipe closed: this is our signal to exit */ + if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1)) +-- +1.8.3.1 + diff --git a/bugfix-allow-binding-mac-with-ipv6.patch b/bugfix-allow-binding-mac-with-ipv6.patch new file mode 100644 index 0000000..3a1dad2 --- /dev/null +++ b/bugfix-allow-binding-mac-with-ipv6.patch @@ -0,0 +1,139 @@ +From 7d8a6199730a2fd0cd2a7cfa4fdb73b8399f110a Mon Sep 17 00:00:00 2001 +From: Shufeng Cao +Date: Tue, 27 Nov 2018 15:03:59 +0800 +Subject: [PATCH 1/2] allow binding mac address with ipv6 + +This change introduces a new option --bind-mac-with-ip6, when this +option is enabled, a client of same mac address will always get the +bound ipv6 address, even when it's duid has been changed. +--- + src/dnsmasq.c | 1 + + src/dnsmasq.h | 4 +++- + src/option.c | 3 +++ + src/rfc3315.c | 34 +++++++++++++++++++++++++++++++++- + 4 files changed, 40 insertions(+), 2 deletions(-) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 9f6c020..32a4d22 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -243,6 +243,7 @@ int main (int argc, char **argv) + if (daemon->dhcp6) + { + daemon->doing_ra = option_bool(OPT_RA); ++ daemon->bind_mac_with_ip6 = option_bool(OPT_BIND_MAC_IP6); + + for (context = daemon->dhcp6; context; context = context->next) + { +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 6773b69..8b31d42 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -250,7 +250,8 @@ struct event_desc { + #define OPT_MAC_B64 54 + #define OPT_MAC_HEX 55 + #define OPT_TFTP_APREF_MAC 56 +-#define OPT_LAST 57 ++#define OPT_BIND_MAC_IP6 57 ++#define OPT_LAST 58 + + /* extra flags for my_syslog, we use a couple of facilities since they are known + not to occupy the same bits as priorities, no matter how syslog.h is set up. */ +@@ -1000,6 +1001,7 @@ extern struct daemon { + int override; + int enable_pxe; + int doing_ra, doing_dhcp6; ++ int bind_mac_with_ip6; + struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *dhcp_gen_names; + struct dhcp_netid_list *force_broadcast, *bootp_dynamic; + struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs; +diff --git a/src/option.c b/src/option.c +index d358d99..919e5a3 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -160,6 +160,7 @@ struct myoption { + #define LOPT_DHCPTTL 348 + #define LOPT_TFTP_MTU 349 + #define LOPT_REPLY_DELAY 350 ++#define LOPT_BIND_MAC_IP6 351 + + #ifdef HAVE_GETOPT_LONG + static const struct option opts[] = +@@ -325,6 +326,7 @@ static const struct myoption opts[] = + { "script-arp", 0, 0, LOPT_SCRIPT_ARP }, + { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL }, + { "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY }, ++ { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 }, + { NULL, 0, 0, 0 } + }; + +@@ -497,6 +499,7 @@ static struct { + { LOPT_IGNORE_ADDR, ARG_DUP, "", gettext_noop("Ignore DNS responses containing ipaddr."), NULL }, + { LOPT_DHCPTTL, ARG_ONE, "", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL }, + { LOPT_REPLY_DELAY, ARG_ONE, "", gettext_noop("Delay DHCP replies for at least number of seconds."), NULL }, ++ { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL }, + { 0, 0, NULL, NULL, NULL } + }; + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index 21fcd9b..defd966 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -55,6 +55,7 @@ static struct prefix_class *prefix_class_from_context(struct dhcp_context *conte + static void mark_context_used(struct state *state, struct in6_addr *addr); + static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr); + static int check_address(struct state *state, struct in6_addr *addr); ++static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config); + static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option, + unsigned int *min_time, struct in6_addr *addr, time_t now); + static void update_leases(struct state *state, struct dhcp_context *context, struct in6_addr *addr, unsigned int lease_time, time_t now); +@@ -746,7 +747,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + if (!(c->flags & CONTEXT_CONF_USED) && + match_netid(c->filter, solicit_tags, plain_range) && + config_valid(config, c, &addr) && +- check_address(state, &addr)) ++ check_and_try_preempte_address(state, &addr, now, config)) + { + mark_config_used(state->context, &addr); + if (have_config(config, CONFIG_TIME)) +@@ -1744,6 +1745,37 @@ static int check_address(struct state *state, struct in6_addr *addr) + return 1; + } + ++static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config) ++{ ++ struct dhcp_lease *lease; ++ ++ if (!(lease = lease6_find_by_addr(addr, 128, 0))) ++ { ++ return 1; ++ } ++ ++ ++ if(daemon->bind_mac_with_ip6) { ++ // break rfc3315 here ++ // bind mac address with a lease ++ if ((state->mac) && !(config->flags & CONFIG_CLID) && ++ config_has_mac(config, state->mac, state->mac_len, state->mac_type)) { ++ lease_prune(lease, now); ++ return 1; ++ } ++ } ++ ++ // what rfc3315 do ++ if (lease->clid_len != state->clid_len || ++ memcmp(lease->clid, state->clid, state->clid_len) != 0 || ++ lease->iaid != state->iaid) ++ { ++ return 0; ++ } ++ ++ return 1; ++} ++ + + /* Calculate valid and preferred times to send in leases/renewals. + +-- +2.19.1 + diff --git a/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch b/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch new file mode 100644 index 0000000..761abbf --- /dev/null +++ b/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch @@ -0,0 +1,66 @@ +From c4a283365bdd56e4552e7205fbfba17ca298fc3a Mon Sep 17 00:00:00 2001 +From: Shufeng Cao +Date: Fri, 14 Dec 2018 20:02:31 +0800 +Subject: [PATCH 2/2] binding mac with ipv6: dealing with invalid CONFIRM + package + +--- + src/rfc3315.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index defd966..f8ba7e4 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1087,11 +1087,31 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + case DHCP6CONFIRM: + { + int good_addr = 0; ++ int find_bind = 0; ++ struct dhcp_config *find_config = NULL; + + /* set reply message type */ + *outmsgtypep = DHCP6REPLY; + + log6_quiet(state, "DHCPCONFIRM", NULL, NULL); ++ ++ if(daemon->bind_mac_with_ip6) { ++ if(state->mac) { ++ for (find_config = daemon->dhcp_conf; find_config; find_config = find_config->next) ++ if (config_has_mac(find_config, state->mac, state->mac_len, state->mac_type) && have_config(find_config, CONFIG_ADDR6)) { ++ find_bind = 1; ++ break; ++ } ++ } ++ /* requires all mac has binding ipv6 address. */ ++ if (find_bind == 0) { ++ o1 = new_opt6(OPTION6_STATUS_CODE); ++ put_opt6_short(DHCP6NOTONLINK); ++ put_opt6_string(_("confirm failed, no binding found")); ++ end_opt6(o1); ++ return 1; ++ } ++ } + + for (opt = state->packet_options; opt; opt = opt6_next(opt, state->end)) + { +@@ -1112,6 +1132,16 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + return 1; + } + ++ if(daemon->bind_mac_with_ip6) { ++ if (!is_same_net6(req_addr, &find_config->addr6, 128)) { ++ o1 = new_opt6(OPTION6_STATUS_CODE); ++ put_opt6_short(DHCP6NOTONLINK); ++ put_opt6_string(_("confirm failed, not binding to this address")); ++ end_opt6(o1); ++ return 1; ++ } ++ } ++ + good_addr = 1; + log6_quiet(state, "DHCPREPLY", req_addr, state->hostname); + } +-- +2.19.1 + diff --git a/dnsmasq.spec b/dnsmasq.spec index 8eef055..1dd6481 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq Version: 2.79 -Release: 10 +Release: 11 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -13,6 +13,10 @@ Patch0001: dnsmasq-2.77-underflow.patch Patch0002: dnsmasq-2.78-fips.patch Patch0003: dnsmasq-2.80-dnssec.patch +Patch6000: 0141-Fix-memory-leak-in-helper.c.patch +Patch9000: bugfix-allow-binding-mac-with-ipv6.patch +Patch9001: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch + BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd Requires: nettle >= 3.4 Provides: dnsmasq-utils @@ -105,6 +109,14 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Sat Dec 21 2019 openEuler Buildteam - 2.79-11 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:Fix memory leak in helper.c; + Allow binding mac with ipv6; + Deal with CONFRIM when binding mac with ipv6 + * Mon Nov 4 2019 openEuler Buildteam - 2.79-10 - Type:bugfix - Id:NA