packages/dnsmasq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-49441

Browse Source 
(cherry picked from commit eb7f313c79a6e5f789fa3fe271f49e2148f09b92)
This commit is contained in:
renmingshuai 2024-06-11 02:15:31 +00:00 committed by openeuler-sync-bot
parent c3cc74f2e5
commit 209753bf6c
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch Normal file
View File

@ -0,0 +1,49 @@
From 65c2d6afd67a032f45f40d7e4d620f5d73e5f07d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 22 Nov 2023 22:02:05 +0000
Subject: [PATCH] Fix standalone SHA256 implementation.
Bug report here:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.html
This error probably has no practical effect since even if the hash
is wrong, it's only compared internally to other hashes computed using
the same code.
Understanding the error:
hash-questions.c:168:21: runtime error: left shift of 128 by 24 places
cannot be represented in type 'int'
requires a certain amount of c-lawyerliness. I think the problem is that
m[i] = data[j] << 24
promotes the unsigned char data array value to int before doing the shift and
then promotes the result to unsigned char to match the type of m[i].
What needs to happen is to cast the unsigned char to unsigned int
BEFORE the shift.
This patch does that with explicit casts.
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=65c2d6afd67a032f45f40d7e4d620f5d73e5f07d
---
src/hash-questions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/hash-questions.c b/src/hash-questions.c
index c1ee135..e6304ac 100644
--- a/src/hash-questions.c
+++ b/src/hash-questions.c
@@ -165,7 +165,7 @@ static void sha256_transform(SHA256_CTX *ctx, const BYTE data[])
WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
for (i = 0, j = 0; i < 16; ++i, j += 4)
- m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
+ m[i] = (((WORD)data[j]) << 24) | (((WORD)data[j + 1]) << 16) | (((WORD)data[j + 2]) << 8) | (((WORD)data[j + 3]));
for ( ; i < 64; ++i)
m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
--
2.33.0

9
dnsmasq.spec
View File

@ -1,6 +1,6 @@
Name: dnsmasq Name: dnsmasq
Version: 2.86 Version: 2.86
Release: 7 Release: 8
Summary: Dnsmasq provides network infrastructure for small networks Summary: Dnsmasq provides network infrastructure for small networks
License: GPLv2 or GPLv3 License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/ URL: http://www.thekelleys.org.uk/dnsmasq/
@ -47,6 +47,7 @@ Patch36: backport-Optimize-inserting-records-into-server-list.patch
Patch37: backport-Fix-massive-confusion-on-server-reload.patch Patch37: backport-Fix-massive-confusion-on-server-reload.patch
Patch38: backport-Fix-use-after-free-in-mark_servers.patch Patch38: backport-Fix-use-after-free-in-mark_servers.patch
Patch39: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch Patch39: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch
Patch40: backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
@ -136,6 +137,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man8/dnsmasq* %{_mandir}/man8/dnsmasq*
%changelog %changelog
* Tue Jun 11 2024 renmingshuai <renmingshuai@huawei.com> - 2.86-8
- Type:CVE
- Id:CVE-2023-49441
- SUG:NA
- DESC:Fix CVE-2023-49441
* Wed Nov 22 2023 renmingshuai <renmingshuai@huawei.com> - 2.86-7 * Wed Nov 22 2023 renmingshuai <renmingshuai@huawei.com> - 2.86-7
- Type:bugfix - Type:bugfix
- Id:NA - Id:NA