src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch

   1 From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
   2 From: Simon Kelley <simon@thekelleys.org.uk>
   3 Date: Mon, 6 Apr 2015 17:19:13 +0100
   4 Subject: [PATCH 72/78] Fix crash caused by looking up servers.bind when many
   5  servers defined.
   6
   7 ---
   8  CHANGELOG   | 7 ++++++-
   9  src/cache.c | 4 ++--
  10  2 files changed, 8 insertions(+), 3 deletions(-)
  11
  12 diff --git a/CHANGELOG b/CHANGELOG
  13 index 34432ae4807f..6aa3d851a297 100644
  14 --- a/CHANGELOG
  15 +++ b/CHANGELOG
  16 @@ -75,7 +75,12 @@ version 2.73
  17
  18             Add --tftp-no-fail option. Thanks to Stefan Tomanek for
  19             the patch.
  20 -
  21 +
  22 +           Fix crash caused by looking up servers.bind, CHAOS text record,
  23 +           when more than about five --servers= lines are in the dnsmasq
  24 +           config. This causes memory corruption which causes a crash later.
  25 +           Thanks to Matt Coddington for sterling work chasing this down.
  26 +
  27
  28  version 2.72
  29              Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
  30 diff --git a/src/cache.c b/src/cache.c
  31 index d7bea574c0d8..178d654ca92e 100644
  32 --- a/src/cache.c
  33 +++ b/src/cache.c
  34 @@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t)
  35                 }
  36             port = prettyprint_addr(&serv->addr, daemon->addrbuff);
  37             lenp = p++; /* length */
  38 -           bytes_avail = (p - buff) + bufflen;
  39 +           bytes_avail = bufflen - (p - buff );
  40             bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
  41             if (bytes_needed >= bytes_avail)
  42               {
  43 @@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t)
  44                 lenp = p - 1;
  45                 buff = new;
  46                 bufflen = newlen;
  47 -               bytes_avail = (p - buff) + bufflen;
  48 +               bytes_avail =  bufflen - (p - buff );
  49                 bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
  50               }
  51             *lenp = bytes_needed;
  52 --
  53 2.1.0
  54