Blame SOURCES/dnsmasq-2.79-CVE-2020-25686-2.patch

bc86c2
From e9db3fdf55cdf3175d96db90313c33f848985960 Mon Sep 17 00:00:00 2001
bc86c2
From: Simon Kelley <simon@thekelleys.org.uk>
bc86c2
Date: Fri, 4 Dec 2020 18:35:11 +0000
bc86c2
Subject: [PATCH] Small cleanups in frec_src datastucture handling.
bc86c2
bc86c2
---
bc86c2
 src/forward.c | 22 +++++++++++++---------
bc86c2
 1 file changed, 13 insertions(+), 9 deletions(-)
bc86c2
bc86c2
diff --git a/src/forward.c b/src/forward.c
bc86c2
index 25ad8b1..c496f86 100644
bc86c2
--- a/src/forward.c
bc86c2
+++ b/src/forward.c
bc86c2
@@ -364,7 +364,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
bc86c2
 	  if (!daemon->free_frec_src &&
bc86c2
 	      daemon->frec_src_count < daemon->ftabsize &&
bc86c2
 	      (daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
bc86c2
-	    daemon->frec_src_count++;
bc86c2
+	    {
bc86c2
+	      daemon->frec_src_count++;
bc86c2
+	      daemon->free_frec_src->next = NULL;
bc86c2
+	    }
bc86c2
 	  
bc86c2
 	  /* If we've been spammed with many duplicates, just drop the query. */
bc86c2
 	  if (daemon->free_frec_src)
bc86c2
@@ -401,6 +404,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
bc86c2
 	  forward->frec_src.orig_id = ntohs(header->id);
bc86c2
 	  forward->frec_src.dest = *dst_addr;
bc86c2
 	  forward->frec_src.iface = dst_iface;
bc86c2
+	  forward->frec_src.next = NULL;
bc86c2
 	  forward->new_id = get_id();
bc86c2
 	  forward->fd = udpfd;
bc86c2
 	  memcpy(forward->hash, hash, HASH_SIZE);
bc86c2
@@ -2262,16 +2266,16 @@ void free_rfd(struct randfd *rfd)
bc86c2
 
bc86c2
 static void free_frec(struct frec *f)
bc86c2
 {
bc86c2
-  struct frec_src *src, *tmp;
bc86c2
-
bc86c2
-   /* add back to freelist of not the record builtin to every frec. */
bc86c2
-  for (src = f->frec_src.next; src; src = tmp)
bc86c2
+  struct frec_src *last;
bc86c2
+  
bc86c2
+  /* add back to freelist if not the record builtin to every frec. */
bc86c2
+  for (last = f->frec_src.next; last && last->next; last = last->next) ;
bc86c2
+  if (last)
bc86c2
     {
bc86c2
-      tmp = src->next;
bc86c2
-      src->next = daemon->free_frec_src;
bc86c2
-      daemon->free_frec_src = src;
bc86c2
+      last->next = daemon->free_frec_src;
bc86c2
+      daemon->free_frec_src = f->frec_src.next;
bc86c2
     }
bc86c2
-  
bc86c2
+    
bc86c2
   f->frec_src.next = NULL;    
bc86c2
   free_rfd(f->rfd4);
bc86c2
   f->rfd4 = NULL;
bc86c2
-- 
bc86c2
2.26.2
bc86c2