]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c806b5a)
Fix use after free issue with edns options (https://github.com/NLnetLabs/unbound... 703/head
authorPhilip Homburg <philip@nlnetlabs.nl>
Wed, 22 Jun 2022 13:00:28 +0000 (15:00 +0200)
committerPhilip Homburg <philip@nlnetlabs.nl>
Wed, 22 Jun 2022 13:00:28 +0000 (15:00 +0200)
doc/Changelog patch | blob | blame | history
edns-subnet/subnetmod.c patch | blob | blame | history
edns-subnet/subnetmod.h patch | blob | blame | history
services/mesh.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index f02d159d88e18de5bdea6d6bbb0df55cfb7a6f64..df1255017c57c758c6f0e9c08cd96a9b15e31c4d 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+22 June 2022: Philip
+       - Fix #663: use after free issue with edns options.
+
 21 June 2022: Philip
        - Fix for loading locally stored zones that have lines with blanks or
          blanks and comments.
diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c
index f629d631f53a1f3343a8b809939e578fb453259c..75446113b742a46a12650f53f1d7da9aa66926f5 100644 (file)
--- a/edns-subnet/subnetmod.c
+++ b/edns-subnet/subnetmod.c
@@ -100,7 +100,7 @@ subnet_new_qstate(struct module_qstate *qstate, int id)
 /** Add ecs struct to edns list, after parsing it to wire format. */
 void
 subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list,
-       struct module_qstate *qstate)
+       struct module_qstate *qstate, struct regional *region)
 {
        size_t sn_octs, sn_octs_remainder;
        sldns_buffer* buf = qstate->env->scratch_buffer;
@@ -132,7 +132,7 @@ subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list,
                edns_opt_list_append(list,
                                qstate->env->cfg->client_subnet_opcode,
                                sn_octs + sn_octs_remainder + 4,
-                               sldns_buffer_begin(buf), qstate->region);
+                               sldns_buffer_begin(buf), region);
        }
 }
 
@@ -140,7 +140,7 @@ int ecs_whitelist_check(struct query_info* qinfo,
        uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate,
        struct sockaddr_storage* addr, socklen_t addrlen,
        uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen),
-       struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs))
+       struct regional *region, int id, void* ATTR_UNUSED(cbargs))
 {
        struct subnet_qstate *sq;
        struct subnet_env *sn_env;
@@ -166,7 +166,7 @@ int ecs_whitelist_check(struct query_info* qinfo,
                if(!edns_opt_list_find(qstate->edns_opts_back_out,
                        qstate->env->cfg->client_subnet_opcode)) {
                        subnet_ecs_opt_list_append(&sq->ecs_server_out,
-                               &qstate->edns_opts_back_out, qstate);
+                               &qstate->edns_opts_back_out, qstate, region);
                }
                sq->subnet_sent = 1;
        }
@@ -773,7 +773,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
                                qstate->ext_state[id] = module_finished;
 
                                subnet_ecs_opt_list_append(&sq->ecs_client_out,
-                                       &qstate->edns_opts_front_out, qstate);
+                                       &qstate->edns_opts_front_out, qstate,
+                                       qstate->region);
                                return;
                        }
                        lock_rw_unlock(&sne->biglock);
@@ -820,7 +821,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
                if(qstate->ext_state[id] == module_finished &&
                        qstate->return_msg) {
                        subnet_ecs_opt_list_append(&sq->ecs_client_out,
-                               &qstate->edns_opts_front_out, qstate);
+                               &qstate->edns_opts_front_out, qstate,
+                               qstate->region);
                }
                qstate->no_cache_store = sq->started_no_cache_store;
                qstate->no_cache_lookup = sq->started_no_cache_lookup;
diff --git a/edns-subnet/subnetmod.h b/edns-subnet/subnetmod.h
index 4acd1a0a06674cc1093caf8cb53d4b0c8217bf7b..f0bcaad33e155d3f7750cc87c7a101c83366bc40 100644 (file)
--- a/edns-subnet/subnetmod.h
+++ b/edns-subnet/subnetmod.h
@@ -148,7 +148,7 @@ void subnet_markdel(void* key);
 
 /** Add ecs struct to edns list, after parsing it to wire format. */
 void subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list,
-       struct module_qstate *qstate);
+       struct module_qstate *qstate, struct regional *region);
 
 /** Create ecs_data from the sockaddr_storage information. */
 void subnet_option_from_ss(struct sockaddr_storage *ss, struct ecs_data* ecs,
diff --git a/services/mesh.c b/services/mesh.c
index fbaa966bdd05921b3551fc47e8db6a684ca5e527..c40eb50dc55c8b985e2e4f2caea072be3a62a26b 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -811,7 +811,8 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh,
                        log_err("prefetch_subnet subnet_option_from_ss: invalid data");
                        return;
                }
-               subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, &s->s);
+               subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in,
+                       &s->s, s->s.region);
                if(!s->s.edns_opts_front_in) {
                        log_err("prefetch_subnet subnet_ecs_opt_list_append: out of memory");
                        return;
Mirror of https://github.com/NLnetLabs/unbound.git