f4b98f2cbf
Fix buffer overflow when configured lease-change script name (cherry picked from commit b580ae493fc991eab96d764efa6818568be9a47c)
36 lines
1.3 KiB
Diff
36 lines
1.3 KiB
Diff
From b087cf4a6c3dd4c323a099770a44c24812381bf4 Mon Sep 17 00:00:00 2001
|
|
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
Date: Thu, 21 Nov 2024 15:28:31 +0000
|
|
Subject: [PATCH] Fix out-of-bounds heap read in order_qsort().
|
|
|
|
We only need to order two server records on the ->serial field.
|
|
Literal address records are smaller and don't have
|
|
this field and don't need to be ordered on it.
|
|
To actually provoke this bug seems to need the same server-literal
|
|
to be repeated twice, eg --address=/a/1.1.1.1 --address-/a/1.1.1.1
|
|
which is clearly rare in the wild, but if it did exist it could
|
|
provoke a SIGSEV. Thanks to Daniel Rhea for fuzzing this one.
|
|
|
|
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=b087cf4a6c3dd4c323a099770a44c24812381bf4
|
|
Conflict:NA
|
|
---
|
|
src/domain-match.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/domain-match.c b/src/domain-match.c
|
|
index e0f4313..d79967f 100644
|
|
--- a/src/domain-match.c
|
|
+++ b/src/domain-match.c
|
|
@@ -540,7 +540,7 @@ static int order_qsort(const void *a, const void *b)
|
|
|
|
/* Finally, order by appearance in /etc/resolv.conf etc, for --strict-order */
|
|
if (rc == 0)
|
|
- if (!(s1->flags & SERV_LITERAL_ADDRESS))
|
|
+ if (!(s1->flags & SERV_IS_LOCAL) && !(s2->flags & SERV_IS_LOCAL))
|
|
rc = s1->serial - s2->serial;
|
|
|
|
return rc;
|
|
--
|
|
2.33.0
|
|
|