[ipfire-2.x.git] / src / patches / dnsmasq / 0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch

From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 6 Apr 2015 17:19:13 +0100
Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many
 servers defined.

---
 CHANGELOG   | 7 ++++++-
 src/cache.c | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 34432ae4807f..6aa3d851a297 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -75,7 +75,12 @@ version 2.73
 
 	    Add --tftp-no-fail option. Thanks to Stefan Tomanek for
 	    the patch.
-	
+
+	    Fix crash caused by looking up servers.bind, CHAOS text record,
+	    when more than about five --servers= lines are in the dnsmasq
+	    config. This causes memory corruption which causes a crash later.
+	    Thanks to Matt Coddington for sterling work chasing this down.
+
 	
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/cache.c b/src/cache.c
index d7bea574c0d8..178d654ca92e 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t)
 		}
 	    port = prettyprint_addr(&serv->addr, daemon->addrbuff);
 	    lenp = p++; /* length */
-	    bytes_avail = (p - buff) + bufflen;
+	    bytes_avail = bufflen - (p - buff );
 	    bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
 	    if (bytes_needed >= bytes_avail)
 	      {
@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t)
 		lenp = p - 1;
 		buff = new;
 		bufflen = newlen;
-		bytes_avail = (p - buff) + bufflen;
+		bytes_avail =  bufflen - (p - buff );
 		bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
 	      }
 	    *lenp = bytes_needed;
-- 
2.1.0
Commit	Line	Data
d54a2ce4 MT	1	From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Mon, 6 Apr 2015 17:19:13 +0100
5f206778	4	Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many
d54a2ce4 MT	5	servers defined.
	6
	7	---
	8	CHANGELOG \| 7 ++++++-
	9	src/cache.c \| 4 ++--
	10	2 files changed, 8 insertions(+), 3 deletions(-)
	11
	12	diff --git a/CHANGELOG b/CHANGELOG
	13	index 34432ae4807f..6aa3d851a297 100644
	14	--- a/CHANGELOG
	15	+++ b/CHANGELOG
	16	@@ -75,7 +75,12 @@ version 2.73
	17
	18	Add --tftp-no-fail option. Thanks to Stefan Tomanek for
	19	the patch.
	20	-
	21	+
	22	+ Fix crash caused by looking up servers.bind, CHAOS text record,
	23	+ when more than about five --servers= lines are in the dnsmasq
	24	+ config. This causes memory corruption which causes a crash later.
	25	+ Thanks to Matt Coddington for sterling work chasing this down.
	26	+
	27
	28	version 2.72
	29	Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
	30	diff --git a/src/cache.c b/src/cache.c
	31	index d7bea574c0d8..178d654ca92e 100644
	32	--- a/src/cache.c
	33	+++ b/src/cache.c
	34	@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t)
	35	}
	36	port = prettyprint_addr(&serv->addr, daemon->addrbuff);
	37	lenp = p++; /* length */
	38	- bytes_avail = (p - buff) + bufflen;
	39	+ bytes_avail = bufflen - (p - buff );
	40	bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
	41	if (bytes_needed >= bytes_avail)
	42	{
	43	@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t)
	44	lenp = p - 1;
	45	buff = new;
	46	bufflen = newlen;
	47	- bytes_avail = (p - buff) + bufflen;
	48	+ bytes_avail = bufflen - (p - buff );
	49	bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
	50	}
	51	*lenp = bytes_needed;
	52	--
	53	2.1.0
	54