resolve: fix use after free in DnsAnswer by yuwata · Pull Request #18135 · systemd/systemd

yuwata · 2021-01-05T06:28:53Z

This fixes a bug introduced by ae45e1a.

Fixes #18132.

src/resolve/resolved-dns-answer.c

bluca · 2021-01-05T13:23:48Z

@mrc0mmand if you have a reliable reproducer, could you please check this patch, if you have time?

mrc0mmand · 2021-01-05T13:26:30Z

@mrc0mmand if you have a reliable reproducer, could you please check this patch, if you have time?

Unfortunately I don't, this issue happened quite randomly across several runs in the past couple of days.

src/resolve/resolved-dns-answer.c

yuwata · 2021-01-08T07:51:29Z

@poettering and @bluca Thank you for the review. Force-pushed a new version. PTAL.

src/resolve/resolved-dns-answer.c

This fixes a bug introduced by ae45e1a. The set DnsAnswer::set_items contains the reference to the array in DnsAnswer. So, the set must be reconstructed when we realloc() the object. Fixes systemd#18132.

yuwata · 2021-01-08T14:10:44Z

@poettering Thank you for your comment. The comment is updated. Setting the green label.

yuwata added the resolve label Jan 5, 2021

yuwata mentioned this pull request Jan 5, 2021

Potential heap-use-after-free in systemd-resolved #18132

Closed

bluca reviewed Jan 5, 2021

View reviewed changes

src/resolve/resolved-dns-answer.c Outdated Show resolved Hide resolved

bluca reviewed Jan 5, 2021

View reviewed changes

src/resolve/resolved-dns-answer.c Show resolved Hide resolved

poettering requested changes Jan 6, 2021

View reviewed changes

src/resolve/resolved-dns-answer.c Outdated Show resolved Hide resolved

poettering added the reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks label Jan 6, 2021

topimiettinen mentioned this pull request Jan 6, 2021

resolved: access control feature #17126

Open

yuwata force-pushed the resolve-fix-dns-answer-18132 branch from 8041cdb to 25e9a02 Compare January 8, 2021 07:50

yuwata removed the reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks label Jan 8, 2021

poettering added the good-to-merge/with-minor-suggestions label Jan 8, 2021

poettering reviewed Jan 8, 2021

View reviewed changes

src/resolve/resolved-dns-answer.c Outdated Show resolved Hide resolved

resolve: fix use after free in DnsAnswer

b863809

This fixes a bug introduced by ae45e1a. The set DnsAnswer::set_items contains the reference to the array in DnsAnswer. So, the set must be reconstructed when we realloc() the object. Fixes systemd#18132.

yuwata force-pushed the resolve-fix-dns-answer-18132 branch from 25e9a02 to b863809 Compare January 8, 2021 14:10

yuwata added good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed and removed good-to-merge/with-minor-suggestions labels Jan 8, 2021

mrc0mmand added the ci-failure-appears-unrelated label Jan 8, 2021

mrc0mmand merged commit 0c2c0fd into systemd:master Jan 8, 2021

mrc0mmand removed the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Jan 8, 2021

yuwata deleted the resolve-fix-dns-answer-18132 branch January 8, 2021 18:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

resolve: fix use after free in DnsAnswer#18135

resolve: fix use after free in DnsAnswer#18135
mrc0mmand merged 1 commit intosystemd:masterfrom
yuwata:resolve-fix-dns-answer-18132

yuwata commented Jan 5, 2021

Uh oh!

Uh oh!

Uh oh!

bluca commented Jan 5, 2021

Uh oh!

mrc0mmand commented Jan 5, 2021

Uh oh!

Uh oh!

yuwata commented Jan 8, 2021

Uh oh!

Uh oh!

yuwata commented Jan 8, 2021

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

5 participants

Uh oh!

Conversation

yuwata commented Jan 5, 2021

Uh oh!

Uh oh!

Uh oh!

bluca commented Jan 5, 2021

Uh oh!

mrc0mmand commented Jan 5, 2021

Uh oh!

Uh oh!

yuwata commented Jan 8, 2021

Uh oh!

Uh oh!

yuwata commented Jan 8, 2021

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

5 participants