Package: dnsmasq
Version: 2.90-6
Severity: grave
Tags: patch
Justification: causes non-serious data loss
X-Debbugs-Cc: miriam.esp...@canonical.com
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu plucky ubuntu-patch
Dear Maintainer,
We received a bug crash [2] from the ironic community affecting to their
production enviroments, with this orientative steps to reproduce:
- to start dnsmasq with --dhcp-optsfile and pass it a file that sets tags
(like neutron does)
- to have it answer to one request from the host mentioned in the configuration
- to send SIGHUP to the daemon
using kolla images based on debian bookworm [2].
In Ubuntu, the attached patch from upstream discussed at [3] but not released
yet [4]
* d/p/fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch:
Confusion in the code to free old DHCP configuration when
it's being reloaded causes invalid pointers to be followed
and a crash (LP: #2026757).
was applied to avoid the crash (as reported from ironic community).
Thanks for considering the patch,
Miriam
[1] https://bugs.launchpad.net/ironic/+bug/2026757
[2] https://bugs.launchpad.net/ironic/+bug/2026757/comments/46
[3] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017764.html
[4]
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg17661.html
-- System Information:
Debian Release: trixie/sid
APT prefers noble-updates
APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'),
(100, 'noble-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 6.8.0-50-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru
dnsmasq-2.90/debian/patches/fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
dnsmasq-2.90/debian/patches/fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
---
dnsmasq-2.90/debian/patches/fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
1970-01-01 01:00:00.000000000 +0100
+++
dnsmasq-2.90/debian/patches/fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
2024-12-16 15:49:29.000000000 +0100
@@ -0,0 +1,42 @@
+From f006be7842104a9f86fbf419326b7aad08ade61d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <si...@thekelleys.org.uk>
+Date: Fri, 4 Oct 2024 16:59:14 +0100
+Subject: [PATCH] Fix crash when reloading DHCP config on SIGHUP.
+ Confusion in the code to free old DHCP configuration when it's
+ being reloaded causes invalid pointers to be followed and a crash.
+ .
+ https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017764.html
+ has a more complete explanation of the problem.
+Origin:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=f006be7842104a9f86fbf419326b7aad08ade61d
+Bug-Ubuntu:
https://bugs.launchpad.net/ubuntu/jammy/+source/dnsmasq/+bug/2026757
+Fordwarded: not-needed
+---
+ src/option.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/src/option.c
++++ b/src/option.c
+@@ -1336,7 +1336,7 @@
+
+ /* Parse one or more tag:s before parameters.
+ * Moves arg to the end of tags. */
+-static struct dhcp_netid * dhcp_tags(char **arg)
++static struct dhcp_netid *dhcp_tags(char **arg)
+ {
+ struct dhcp_netid *id = NULL;
+
+@@ -1360,7 +1360,13 @@
+ {
+ struct dhcp_netid_list *tmplist = netid;
+ netid = netid->next;
+- dhcp_netid_free(tmplist->list);
++ /* Note: don't use dhcp_netid_free() here, since that
++ frees a list linked on netid->next. Where a netid_list
++ is used that's because the the ->next pointers in the
++ netids are being used to temporarily construct
++ a list of valid tags. */
++ free(tmplist->list->net);
++ free(tmplist->list);
+ free(tmplist);
+ }
+ }
diff -Nru dnsmasq-2.90/debian/patches/series dnsmasq-2.90/debian/patches/series
--- dnsmasq-2.90/debian/patches/series 2024-12-10 20:44:54.000000000 +0100
+++ dnsmasq-2.90/debian/patches/series 2024-12-16 15:49:29.000000000 +0100
@@ -1,2 +1,3 @@
eliminate-privacy-breaches.patch
trailing-white-space.patch
+fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch
