From 4490c693e77ae98cde29ddbf8d77e80788d455e3 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sun, 24 Jan 2021 10:24:29 +0000 Subject: [PATCH] dnsmasq: backport fixes Signed-off-by: Kevin Darbyshire-Bryant --- ...c_src-fixes-15b60ddf935a531269bb8c68.patch | 60 +++++++++++ ...f0aec33e58ef5b8d4d107d821c215a52827c.patch | 20 ++++ ...set-for-the-case-where-the-RR-type-n.patch | 99 +++++++++++++++++++ ...2b171de0d678d98583e2190789e544440e02.patch | 21 ++++ 4 files changed, 200 insertions(+) create mode 100644 package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch create mode 100644 package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch create mode 100644 package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch create mode 100644 package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch diff --git a/package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch b/package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch new file mode 100644 index 0000000000..6d4d80f4d5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch @@ -0,0 +1,60 @@ +From 04490bf622ac84891aad6f2dd2edf83725decdee Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 22 Jan 2021 16:49:12 +0000 +Subject: [PATCH 1/4] Move fd into frec_src, fixes + 15b60ddf935a531269bb8c68198de012a4967156 + +If identical queries from IPv4 and IPv6 sources are combined by the +new code added in 15b60ddf935a531269bb8c68198de012a4967156 then replies +can end up being sent via the wrong family of socket. The ->fd +should be per query, not per-question. + +In bind-interfaces mode, this could also result in replies being sent +via the wrong socket even when IPv4/IPV6 issues are not in play. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dnsmasq.h | 3 ++- + src/forward.c | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -653,6 +653,7 @@ struct frec { + union mysockaddr source; + union all_addr dest; + unsigned int iface, log_id; ++ int fd; + unsigned short orig_id; + struct frec_src *next; + } frec_src; +@@ -660,7 +661,7 @@ struct frec { + struct randfd *rfd4; + struct randfd *rfd6; + unsigned short new_id; +- int fd, forwardall, flags; ++ int forwardall, flags; + time_t time; + unsigned char *hash[HASH_SIZE]; + #ifdef HAVE_DNSSEC +--- a/src/forward.c ++++ b/src/forward.c +@@ -394,8 +394,8 @@ static int forward_query(int udpfd, unio + forward->frec_src.dest = *dst_addr; + forward->frec_src.iface = dst_iface; + forward->frec_src.next = NULL; ++ forward->frec_src.fd = udpfd; + forward->new_id = get_id(); +- forward->fd = udpfd; + memcpy(forward->hash, hash, HASH_SIZE); + forward->forwardall = 0; + forward->flags = fwd_flags; +@@ -1284,7 +1284,7 @@ void reply_query(int fd, int family, tim + dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source); + #endif + +- send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, ++ send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, + &src->source, &src->dest, src->iface); + + if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src) diff --git a/package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch b/package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch new file mode 100644 index 0000000000..23a9e96d9e --- /dev/null +++ b/package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch @@ -0,0 +1,20 @@ +From 12af2b171de0d678d98583e2190789e544440e02 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 22 Jan 2021 18:24:03 +0000 +Subject: [PATCH 2/4] Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/forward.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/src/forward.c ++++ b/src/forward.c +@@ -370,6 +370,7 @@ static int forward_query(int udpfd, unio + new->dest = *dst_addr; + new->log_id = daemon->log_id; + new->iface = dst_iface; ++ forward->frec_src.fd = udpfd; + } + + return 1; diff --git a/package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch b/package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch new file mode 100644 index 0000000000..4c25f93f7d --- /dev/null +++ b/package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch @@ -0,0 +1,99 @@ +From 8ebdc364afd886461d209284ad4c946ac65e6d2b Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 22 Jan 2021 18:50:43 +0000 +Subject: [PATCH 3/4] Optimise sort_rrset for the case where the RR type no + canonicalisation. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dnssec.c | 69 ++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 48 insertions(+), 21 deletions(-) + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -333,37 +333,64 @@ static int sort_rrset(struct dns_header + if (!CHECK_LEN(header, state2.ip, plen, rdlen2)) + return rrsetidx; /* short packet */ + state2.end = state2.ip + rdlen2; +- +- while (1) ++ ++ /* If the RR has no names in it then canonicalisation ++ is the identity function and we can compare ++ the RRs directly. If not we compare the ++ canonicalised RRs one byte at a time. */ ++ if (*rr_desc == (u16)-1) + { +- int ok1, ok2; ++ int rdmin = rdlen1 > rdlen2 ? rdlen2 : rdlen1; ++ int cmp = memcmp(state1.ip, state2.ip, rdmin); + +- ok1 = get_rdata(header, plen, &state1); +- ok2 = get_rdata(header, plen, &state2); +- +- if (!ok1 && !ok2) ++ if (cmp > 0 || (cmp == 0 && rdlen1 > rdmin)) ++ { ++ unsigned char *tmp = rrset[i+1]; ++ rrset[i+1] = rrset[i]; ++ rrset[i] = tmp; ++ swap = 1; ++ } ++ else if (cmp == 0 && (rdlen1 == rdlen2)) + { + /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */ + for (j = i+1; j < rrsetidx-1; j++) + rrset[j] = rrset[j+1]; + rrsetidx--; + i--; +- break; + } +- else if (ok1 && (!ok2 || *state1.op > *state2.op)) +- { +- unsigned char *tmp = rrset[i+1]; +- rrset[i+1] = rrset[i]; +- rrset[i] = tmp; +- swap = 1; +- break; +- } +- else if (ok2 && (!ok1 || *state2.op > *state1.op)) +- break; +- +- /* arrive here when bytes are equal, go round the loop again +- and compare the next ones. */ + } ++ else ++ /* Comparing canonicalised RRs, byte-at-a-time. */ ++ while (1) ++ { ++ int ok1, ok2; ++ ++ ok1 = get_rdata(header, plen, &state1); ++ ok2 = get_rdata(header, plen, &state2); ++ ++ if (!ok1 && !ok2) ++ { ++ /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */ ++ for (j = i+1; j < rrsetidx-1; j++) ++ rrset[j] = rrset[j+1]; ++ rrsetidx--; ++ i--; ++ break; ++ } ++ else if (ok1 && (!ok2 || *state1.op > *state2.op)) ++ { ++ unsigned char *tmp = rrset[i+1]; ++ rrset[i+1] = rrset[i]; ++ rrset[i] = tmp; ++ swap = 1; ++ break; ++ } ++ else if (ok2 && (!ok1 || *state2.op > *state1.op)) ++ break; ++ ++ /* arrive here when bytes are equal, go round the loop again ++ and compare the next ones. */ ++ } + } + } while (swap); + diff --git a/package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch b/package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch new file mode 100644 index 0000000000..e25a265da7 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch @@ -0,0 +1,21 @@ +From 3f535da79e7a42104543ef5c7b5fa2bed819a78b Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 22 Jan 2021 22:26:25 +0000 +Subject: [PATCH 4/4] Fix for 12af2b171de0d678d98583e2190789e544440e02 + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/forward.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/forward.c ++++ b/src/forward.c +@@ -370,7 +370,7 @@ static int forward_query(int udpfd, unio + new->dest = *dst_addr; + new->log_id = daemon->log_id; + new->iface = dst_iface; +- forward->frec_src.fd = udpfd; ++ new->fd = udpfd; + } + + return 1; -- 2.25.1