[ipfire-2.x.git] / src / patches / dnsmasq / 007-Fix_logic_error_in_Linux_netlink_code.patch

From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001
From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Date: Mon, 11 Jul 2016 18:36:05 +0100
Subject: [PATCH] Fix logic error in Linux netlink code.

This could cause dnsmasq to enter a tight loop on systems
with a very large number of network interfaces.
---
 CHANGELOG     |    6 ++++++
 src/netlink.c |    8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 0559a6f..59c9c49 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,6 +11,12 @@ version 2.77
 	    Thanks to Mozilla for funding the security audit 
 	    which spotted this bug.
 
+	    Fix logic error in Linux netlink code. This could
+	    cause dnsmasq to enter a tight loop on systems
+	    with a very large number of network interfaces.
+	    Thanks to Ivan Kokshaysky for the diagnosis and
+	    patch.
+
 
 version 2.76
             Include 0.0.0.0/8 in DNS rebind checks. This range 
diff --git a/src/netlink.c b/src/netlink.c
index 049247b..8cd51af 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -188,11 +188,17 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	}
 
       for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
-	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+	if (h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
 	  {
 	    /* May be multicast arriving async */
 	    nl_async(h);
 	  }
+	else if (h->nlmsg_seq != seq)
+	  {
+	    /* May be part of incomplete response to previous request after
+	       ENOBUFS. Drop it. */
+	    continue;
+	  }
 	else if (h->nlmsg_type == NLMSG_DONE)
 	  return callback_ok;
 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
-- 
1.7.10.4
Commit	Line	Data
a4fdc176 MF	1	From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001
	2	From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
	3	Date: Mon, 11 Jul 2016 18:36:05 +0100
	4	Subject: [PATCH] Fix logic error in Linux netlink code.
	5
	6	This could cause dnsmasq to enter a tight loop on systems
	7	with a very large number of network interfaces.
	8	---
	9	CHANGELOG \| 6 ++++++
	10	src/netlink.c \| 8 +++++++-
	11	2 files changed, 13 insertions(+), 1 deletion(-)
	12
	13	diff --git a/CHANGELOG b/CHANGELOG
	14	index 0559a6f..59c9c49 100644
	15	--- a/CHANGELOG
	16	+++ b/CHANGELOG
	17	@@ -11,6 +11,12 @@ version 2.77
	18	Thanks to Mozilla for funding the security audit
	19	which spotted this bug.
	20
	21	+ Fix logic error in Linux netlink code. This could
	22	+ cause dnsmasq to enter a tight loop on systems
	23	+ with a very large number of network interfaces.
	24	+ Thanks to Ivan Kokshaysky for the diagnosis and
	25	+ patch.
	26	+
	27
	28	version 2.76
	29	Include 0.0.0.0/8 in DNS rebind checks. This range
	30	diff --git a/src/netlink.c b/src/netlink.c
	31	index 049247b..8cd51af 100644
	32	--- a/src/netlink.c
	33	+++ b/src/netlink.c
	34	@@ -188,11 +188,17 @@ int iface_enumerate(int family, void parm, int (callback)())
	35	}
	36
	37	for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
	38	- if (h->nlmsg_seq != seq \|\| h->nlmsg_pid != netlink_pid \|\| h->nlmsg_type == NLMSG_ERROR)
	39	+ if (h->nlmsg_pid != netlink_pid \|\| h->nlmsg_type == NLMSG_ERROR)
	40	{
	41	/* May be multicast arriving async */
	42	nl_async(h);
	43	}
	44	+ else if (h->nlmsg_seq != seq)
	45	+ {
	46	+ /* May be part of incomplete response to previous request after
	47	+ ENOBUFS. Drop it. */
	48	+ continue;
	49	+ }
	50	else if (h->nlmsg_type == NLMSG_DONE)
	51	return callback_ok;
	52	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
	53	--
	54	1.7.10.4
	55