From: Philip Homburg Date: Wed, 22 Jun 2022 13:00:28 +0000 (+0200) Subject: Fix use after free issue with edns options (https://github.com/NLnetLabs/unbound... X-Git-Tag: release-1.16.1rc1~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F703%2Fhead;p=thirdparty%2Funbound.git Fix use after free issue with edns options (https://github.com/NLnetLabs/unbound/issues/663) --- diff --git a/doc/Changelog b/doc/Changelog index f02d159d8..df1255017 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +22 June 2022: Philip + - Fix #663: use after free issue with edns options. + 21 June 2022: Philip - Fix for loading locally stored zones that have lines with blanks or blanks and comments. diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index f629d631f..75446113b 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -100,7 +100,7 @@ subnet_new_qstate(struct module_qstate *qstate, int id) /** Add ecs struct to edns list, after parsing it to wire format. */ void subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, - struct module_qstate *qstate) + struct module_qstate *qstate, struct regional *region) { size_t sn_octs, sn_octs_remainder; sldns_buffer* buf = qstate->env->scratch_buffer; @@ -132,7 +132,7 @@ subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, edns_opt_list_append(list, qstate->env->cfg->client_subnet_opcode, sn_octs + sn_octs_remainder + 4, - sldns_buffer_begin(buf), qstate->region); + sldns_buffer_begin(buf), region); } } @@ -140,7 +140,7 @@ int ecs_whitelist_check(struct query_info* qinfo, uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), - struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs)) + struct regional *region, int id, void* ATTR_UNUSED(cbargs)) { struct subnet_qstate *sq; struct subnet_env *sn_env; @@ -166,7 +166,7 @@ int ecs_whitelist_check(struct query_info* qinfo, if(!edns_opt_list_find(qstate->edns_opts_back_out, qstate->env->cfg->client_subnet_opcode)) { subnet_ecs_opt_list_append(&sq->ecs_server_out, - &qstate->edns_opts_back_out, qstate); + &qstate->edns_opts_back_out, qstate, region); } sq->subnet_sent = 1; } @@ -773,7 +773,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, qstate->ext_state[id] = module_finished; subnet_ecs_opt_list_append(&sq->ecs_client_out, - &qstate->edns_opts_front_out, qstate); + &qstate->edns_opts_front_out, qstate, + qstate->region); return; } lock_rw_unlock(&sne->biglock); @@ -820,7 +821,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, if(qstate->ext_state[id] == module_finished && qstate->return_msg) { subnet_ecs_opt_list_append(&sq->ecs_client_out, - &qstate->edns_opts_front_out, qstate); + &qstate->edns_opts_front_out, qstate, + qstate->region); } qstate->no_cache_store = sq->started_no_cache_store; qstate->no_cache_lookup = sq->started_no_cache_lookup; diff --git a/edns-subnet/subnetmod.h b/edns-subnet/subnetmod.h index 4acd1a0a0..f0bcaad33 100644 --- a/edns-subnet/subnetmod.h +++ b/edns-subnet/subnetmod.h @@ -148,7 +148,7 @@ void subnet_markdel(void* key); /** Add ecs struct to edns list, after parsing it to wire format. */ void subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, - struct module_qstate *qstate); + struct module_qstate *qstate, struct regional *region); /** Create ecs_data from the sockaddr_storage information. */ void subnet_option_from_ss(struct sockaddr_storage *ss, struct ecs_data* ecs, diff --git a/services/mesh.c b/services/mesh.c index fbaa966bd..c40eb50dc 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -811,7 +811,8 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, log_err("prefetch_subnet subnet_option_from_ss: invalid data"); return; } - subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, &s->s); + subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, + &s->s, s->s.region); if(!s->s.edns_opts_front_in) { log_err("prefetch_subnet subnet_ecs_opt_list_append: out of memory"); return;