From ee4e32cf42928e0d69f6ad7f489f7e6dfe115819 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Tue, 5 Dec 2023 21:49:33 +0800
Subject: [PATCH] Fix parsing of IPv6 addresses with peer from netlink

(cherry picked from commit 8a88865197713f6fcd41523f0f2aaac7669c4ab5)
---
 ...Pv6-addresses-with-peer-from-netlink.patch | 71 +++++++++++++++++++
 dnsmasq.spec                                  |  9 ++-
 2 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch

diff --git a/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch b/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
new file mode 100644
index 0000000..094dbc3
--- /dev/null
+++ b/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
@@ -0,0 +1,71 @@
+From 770bce967cfc9967273d0acfb3ea018fb7b17522 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Fri, 27 May 2022 21:16:18 +0100
+Subject: [PATCH] Fix parsing of IPv6 addresses with peer from netlink.
+
+In the most common case, an IPv6 address doesn't have a peer and the
+IFA_ADDRESS netlink attribute contains the address itself.
+
+But if the address has a peer (typically for point to point links),
+then IFA_ADDRESS contains the peer address and IFA_LOCAL contains the
+address [1].
+
+[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/addrconf.c?h=v5.17#n5030
+
+Fix the parsing of IPv6 addresses with peers, as currently dnsmasq
+unsuccessfully tries to bind on the peer address.
+
+A simple reproducer is:
+
+  dnsmasq --conf-file=/dev/null -i dummy1 -d --bind-dynamic &
+  sleep 2
+  ip link add dummy1 type dummy
+  ip link set dummy1 up
+  ip addr add dev dummy1 fd01::1/64 peer fd01::2/64
+  ip addr add dev dummy1 fd01::42/64
+  sleep 2
+  ss -lnp | grep dnsmasq | grep fd01
+
+Before the patch:
+  dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
+  dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
+  udp   UNCONN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23947,fd=14))
+  tcp   LISTEN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23947,fd=15
+
+After:
+  udp   UNCONN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=16))
+  udp   UNCONN 0    [fd01::1]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=14))
+  tcp   LISTEN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=17))
+  tcp   LISTEN 0    [fd01::1]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=15))
+
+Conflict:NA
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=770bce967cfc9967273d0acfb3ea018fb7b17522
+---
+ src/netlink.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/netlink.c b/src/netlink.c
+index da82943..c156cde 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -258,7 +258,16 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+ 		    
+ 		    while (RTA_OK(rta, len1))
+ 		      {
+-			if (rta->rta_type == IFA_ADDRESS)
++			/*
++			 * Important comment: (from if_addr.h)
++			 * IFA_ADDRESS is prefix address, rather than local interface address.
++			 * It makes no difference for normally configured broadcast interfaces,
++			 * but for point-to-point IFA_ADDRESS is DESTINATION address,
++			 * local address is supplied in IFA_LOCAL attribute.
++			 */
++			if (rta->rta_type == IFA_LOCAL)
++			  addrp = ((struct in6_addr *)(rta+1));
++			else if (rta->rta_type == IFA_ADDRESS && !addrp)
+ 			  addrp = ((struct in6_addr *)(rta+1)); 
+ 			else if (rta->rta_type == IFA_CACHEINFO)
+ 			  {
+-- 
+2.23.0
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 583e6d6..b8410c0 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -1,6 +1,6 @@
 Name:           dnsmasq
 Version:        2.82
-Release:        12
+Release:        13
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@@ -35,6 +35,7 @@ Patch24:     backport-0010-CVE-2021-3448.patch
 Patch25:     backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch
 Patch26:     backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
 Patch27:     backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
+Patch28:     backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
 
 BuildRequires:  dbus-devel pkgconfig libidn2-devel nettle-devel systemd
 Requires:       nettle >= 3.4 %{name}-help
@@ -127,6 +128,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*
 
 %changelog
+* Tue Dec 5 2023 renmingshuai <renmingshuai@huawei.com> - 2.82-13
+- Type:bugfix
+- Id:
+- SUG:NA
+- DESC:Fix parsing of IPv6 addresses with peer from netlink
+
 * Tue Mar 28 2023 renmingshuai <renmingshuai@huawei.com> - 2.82-12
 - Type:CVE
 - Id:CVE-2023-28450
-- 
Gitee