Fix buffer overflow when configured lease-change script name

2024-12-16 21:18:37 +08:00 · 2024-12-16 21:18:37 +08:00 · cf6a80e1df
commit cf6a80e1df
parent f7410ac305
2 changed files with 40 additions and 1 deletions
--- a/backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch
+++ b/backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch
@ -0,0 +1,32 @@
+From ae85ea38581e97445622d2dad79cd09775cb201a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 21 Nov 2024 15:42:49 +0000
+Subject: [PATCH] Fix buffer overflow when configured lease-change script name
+ is too long.
+ 
+Thanks to Daniel Rhea for finding this one.
+ 
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=ae85ea38581e97445622d2dad79cd09775cb201a
+Conflict:NA
+---
+ src/lease.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+ 
+diff --git a/src/lease.c b/src/lease.c
+index 1a9f1c6..a944fbb 100644
+--- a/src/lease.c
+++ b/src/lease.c
+@@ -155,6 +155,10 @@ void lease_init(time_t now)
+ #ifdef HAVE_SCRIPT
+       if (daemon->lease_change_command)
+ 	{
+	  /* 6 == strlen(" init") plus terminator */
+	  if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
+	    die(_("lease-change script name is too long"), NULL, EC_FILE);
+	  
+ 	  strcpy(daemon->dhcp_buff, daemon->lease_change_command);
+ 	  strcat(daemon->dhcp_buff, " init");
+ 	  leasestream = popen(daemon->dhcp_buff, "r");
+-- 
+2.33.0
+ 
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@ -1,6 +1,6 @@
 Name:           dnsmasq
 Version:        2.82
-Release:        16
+Release:        17
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@ -40,6 +40,7 @@ Patch29:     backport-Reduce-code-duplication-reuse-existing-functions.patch
 Patch30:     backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch
 Patch31:     backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch
 Patch32:     backport-Fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
+Patch33:     backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch

 BuildRequires:  dbus-devel pkgconfig libidn2-devel nettle-devel systemd
 Requires:       nettle >= 3.4 %{name}-help
@ -132,6 +133,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*

 %changelog
+* Thu Dec 12 2024 huyizhen <huyizhen2@huawei.com> - 2.82-17
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:backport upstream patches
+
 * Sat Oct 12 2024 huyizhen <huyizhen2@huawei.com> - 2.82-16
 - Type:bugfix
 - CVE: