From 5d2cde891f94eed8019bde4deb0612af08cb0d30 Mon Sep 17 00:00:00 2001
From: Allen-Webb <allenwebb@google.com>
Date: Wed, 1 Apr 2020 09:44:02 -0500
Subject: [PATCH] net-dns/dnsmasq-2.80-r2: Revbump, fix CVE-2019-14834

Bug: https://bugs.gentoo.org/715764
Signed-off-by: Allen-Webb <allenwebb@google.com>
Closes: https://github.com/gentoo/gentoo/pull/15197
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
---
 ...-2.80-r1.ebuild => dnsmasq-2.80-r2.ebuild} |  1 +
 .../files/dnsmasq-2.80-cve-2019-14834.patch   | 39 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 rename net-dns/dnsmasq/{dnsmasq-2.80-r1.ebuild => dnsmasq-2.80-r2.ebuild} (98%)
 create mode 100644 net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch

diff --git a/net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild b/net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
similarity index 98%
rename from net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild
rename to net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
index ba0e02d67311..42e58c51d0ba 100644
--- a/net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild
+++ b/net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
@@ -56,6 +56,7 @@ REQUIRED_USE="dhcp-tools? ( dhcp )
 PATCHES=(
 	"${FILESDIR}/dnsmasq-2.80-nettle-3.5.patch"
 	"${FILESDIR}/dnsmasq-2.80-linux-headers-5.2.patch"
+	"${FILESDIR}/dnsmasq-2.80-cve-2019-14834.patch"
 )
 
 use_have() {
diff --git a/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch b/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch
new file mode 100644
index 000000000000..a44ceabece71
--- /dev/null
+++ b/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch
@@ -0,0 +1,39 @@
+Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+
+author: Simon Kelley <simon@thekelleys.org.uk>	
+commit-url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644 (file)
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+   pid_t pid;
+   int i, pipefd[2];
+   struct sigaction sigact;
+-
++  unsigned char *alloc_buff = NULL;
++  
+   /* create the pipe through which the main program sends us commands,
+      then fork our process. */
+   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+       struct script_data data;
+       char *p, *action_str, *hostname = NULL, *domain = NULL;
+       unsigned char *buf = (unsigned char *)daemon->namebuff;
+-      unsigned char *end, *extradata, *alloc_buff = NULL;
++      unsigned char *end, *extradata;
+       int is6, err = 0;
+       int pipeout[2];
+ 
+-      free(alloc_buff);
++      /* Free rarely-allocated memory from previous iteration. */
++      if (alloc_buff)
++       {
++         free(alloc_buff);
++         alloc_buff = NULL;
++       }
+       
+       /* we read zero bytes when pipe closed: this is our signal to exit */ 
+       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
-- 
2.26.2