From 819610ca2b3aba240eea5d154a6d883b3f73a99c Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Mon, 8 Jul 2024 01:45:16 +0000 Subject: [PATCH] fix CVE-2023-49441 --- ...Fix-standalone-SHA256-implementation.patch | 49 +++++++++++++++++++ dnsmasq.spec | 9 +++- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch diff --git a/backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch b/backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch new file mode 100644 index 0000000..814baed --- /dev/null +++ b/backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch @@ -0,0 +1,49 @@ +From 65c2d6afd67a032f45f40d7e4d620f5d73e5f07d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 22 Nov 2023 22:02:05 +0000 +Subject: [PATCH] Fix standalone SHA256 implementation. + +Bug report here: +https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.html + +This error probably has no practical effect since even if the hash +is wrong, it's only compared internally to other hashes computed using +the same code. + +Understanding the error: + +hash-questions.c:168:21: runtime error: left shift of 128 by 24 places +cannot be represented in type 'int' + +requires a certain amount of c-lawyerliness. I think the problem is that + +m[i] = data[j] << 24 + +promotes the unsigned char data array value to int before doing the shift and +then promotes the result to unsigned char to match the type of m[i]. +What needs to happen is to cast the unsigned char to unsigned int +BEFORE the shift. + +This patch does that with explicit casts. + +Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=65c2d6afd67a032f45f40d7e4d620f5d73e5f07d +--- + src/hash_questions.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/hash_questions.c b/src/hash_questions.c +index c1ee135..e6304ac 100644 +--- a/src/hash_questions.c ++++ b/src/hash_questions.c +@@ -165,7 +165,7 @@ static void sha256_transform(SHA256_CTX *ctx, const BYTE data[]) + WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64]; + + for (i = 0, j = 0; i < 16; ++i, j += 4) +- m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]); ++ m[i] = (((WORD)data[j]) << 24) | (((WORD)data[j + 1]) << 16) | (((WORD)data[j + 2]) << 8) | (((WORD)data[j + 3])); + for ( ; i < 64; ++i) + m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16]; + +-- +2.33.0 + diff --git a/dnsmasq.spec b/dnsmasq.spec index f2bcf7d..54c607c 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq Version: 2.82 -Release: 14 +Release: 15 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -38,6 +38,7 @@ Patch27: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patc Patch28: backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch Patch29: backport-Reduce-code-duplication-reuse-existing-functions.patch Patch30: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch +Patch31: backport-CVE-2023-49441-Fix-standalone-SHA256-implementation.patch BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd Requires: nettle >= 3.4 %{name}-help @@ -130,6 +131,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Mon Jul 8 2024 renmingshuai - 2.82-15 +- Type:CVE +- Id: +- SUG:NA +- DESC:fix CVE-2023-49441 + * Wed Dec 6 2023 renmingshuai - 2.82-14 - Type:bugfix - Id: -- Gitee