Blame SOURCES/dnsmasq-2.79-CVE-2020-25686-2.patch

ed3ca9
From e9db3fdf55cdf3175d96db90313c33f848985960 Mon Sep 17 00:00:00 2001
ed3ca9
From: Simon Kelley <simon@thekelleys.org.uk>
ed3ca9
Date: Fri, 4 Dec 2020 18:35:11 +0000
ed3ca9
Subject: [PATCH] Small cleanups in frec_src datastucture handling.
ed3ca9
ed3ca9
---
ed3ca9
 src/forward.c | 22 +++++++++++++---------
ed3ca9
 1 file changed, 13 insertions(+), 9 deletions(-)
ed3ca9
ed3ca9
diff --git a/src/forward.c b/src/forward.c
ed3ca9
index 25ad8b1..c496f86 100644
ed3ca9
--- a/src/forward.c
ed3ca9
+++ b/src/forward.c
ed3ca9
@@ -364,7 +364,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
ed3ca9
 	  if (!daemon->free_frec_src &&
ed3ca9
 	      daemon->frec_src_count < daemon->ftabsize &&
ed3ca9
 	      (daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
ed3ca9
-	    daemon->frec_src_count++;
ed3ca9
+	    {
ed3ca9
+	      daemon->frec_src_count++;
ed3ca9
+	      daemon->free_frec_src->next = NULL;
ed3ca9
+	    }
ed3ca9
 	  
ed3ca9
 	  /* If we've been spammed with many duplicates, just drop the query. */
ed3ca9
 	  if (daemon->free_frec_src)
ed3ca9
@@ -401,6 +404,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
ed3ca9
 	  forward->frec_src.orig_id = ntohs(header->id);
ed3ca9
 	  forward->frec_src.dest = *dst_addr;
ed3ca9
 	  forward->frec_src.iface = dst_iface;
ed3ca9
+	  forward->frec_src.next = NULL;
ed3ca9
 	  forward->new_id = get_id();
ed3ca9
 	  forward->fd = udpfd;
ed3ca9
 	  memcpy(forward->hash, hash, HASH_SIZE);
ed3ca9
@@ -2262,16 +2266,16 @@ void free_rfd(struct randfd *rfd)
ed3ca9
 
ed3ca9
 static void free_frec(struct frec *f)
ed3ca9
 {
ed3ca9
-  struct frec_src *src, *tmp;
ed3ca9
-
ed3ca9
-   /* add back to freelist of not the record builtin to every frec. */
ed3ca9
-  for (src = f->frec_src.next; src; src = tmp)
ed3ca9
+  struct frec_src *last;
ed3ca9
+  
ed3ca9
+  /* add back to freelist if not the record builtin to every frec. */
ed3ca9
+  for (last = f->frec_src.next; last && last->next; last = last->next) ;
ed3ca9
+  if (last)
ed3ca9
     {
ed3ca9
-      tmp = src->next;
ed3ca9
-      src->next = daemon->free_frec_src;
ed3ca9
-      daemon->free_frec_src = src;
ed3ca9
+      last->next = daemon->free_frec_src;
ed3ca9
+      daemon->free_frec_src = f->frec_src.next;
ed3ca9
     }
ed3ca9
-  
ed3ca9
+    
ed3ca9
   f->frec_src.next = NULL;    
ed3ca9
   free_rfd(f->rfd4);
ed3ca9
   f->rfd4 = NULL;
ed3ca9
-- 
ed3ca9
2.26.2
ed3ca9