Blame SOURCES/dnsmasq-2.79-CVE-2020-25686-2.patch

ac771d
From e9db3fdf55cdf3175d96db90313c33f848985960 Mon Sep 17 00:00:00 2001
ac771d
From: Simon Kelley <simon@thekelleys.org.uk>
ac771d
Date: Fri, 4 Dec 2020 18:35:11 +0000
ac771d
Subject: [PATCH] Small cleanups in frec_src datastucture handling.
ac771d
ac771d
---
ac771d
 src/forward.c | 22 +++++++++++++---------
ac771d
 1 file changed, 13 insertions(+), 9 deletions(-)
ac771d
ac771d
diff --git a/src/forward.c b/src/forward.c
ac771d
index 25ad8b1..c496f86 100644
ac771d
--- a/src/forward.c
ac771d
+++ b/src/forward.c
ac771d
@@ -364,7 +364,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
ac771d
 	  if (!daemon->free_frec_src &&
ac771d
 	      daemon->frec_src_count < daemon->ftabsize &&
ac771d
 	      (daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
ac771d
-	    daemon->frec_src_count++;
ac771d
+	    {
ac771d
+	      daemon->frec_src_count++;
ac771d
+	      daemon->free_frec_src->next = NULL;
ac771d
+	    }
ac771d
 	  
ac771d
 	  /* If we've been spammed with many duplicates, just drop the query. */
ac771d
 	  if (daemon->free_frec_src)
ac771d
@@ -401,6 +404,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
ac771d
 	  forward->frec_src.orig_id = ntohs(header->id);
ac771d
 	  forward->frec_src.dest = *dst_addr;
ac771d
 	  forward->frec_src.iface = dst_iface;
ac771d
+	  forward->frec_src.next = NULL;
ac771d
 	  forward->new_id = get_id();
ac771d
 	  forward->fd = udpfd;
ac771d
 	  memcpy(forward->hash, hash, HASH_SIZE);
ac771d
@@ -2262,16 +2266,16 @@ void free_rfd(struct randfd *rfd)
ac771d
 
ac771d
 static void free_frec(struct frec *f)
ac771d
 {
ac771d
-  struct frec_src *src, *tmp;
ac771d
-
ac771d
-   /* add back to freelist of not the record builtin to every frec. */
ac771d
-  for (src = f->frec_src.next; src; src = tmp)
ac771d
+  struct frec_src *last;
ac771d
+  
ac771d
+  /* add back to freelist if not the record builtin to every frec. */
ac771d
+  for (last = f->frec_src.next; last && last->next; last = last->next) ;
ac771d
+  if (last)
ac771d
     {
ac771d
-      tmp = src->next;
ac771d
-      src->next = daemon->free_frec_src;
ac771d
-      daemon->free_frec_src = src;
ac771d
+      last->next = daemon->free_frec_src;
ac771d
+      daemon->free_frec_src = f->frec_src.next;
ac771d
     }
ac771d
-  
ac771d
+    
ac771d
   f->frec_src.next = NULL;    
ac771d
   free_rfd(f->rfd4);
ac771d
   f->rfd4 = NULL;
ac771d
-- 
ac771d
2.26.2
ac771d