[Dnsmasq-discuss] Picking up the patches
Another 17th of the month, another "picking up the patches"
Previous-Subject: Re: [Dnsmasq-discuss] [PATCH] Ensure resize_packet() does not
overflow header
In-Reply-To: <20240513020401.841150-1-dominique.marti...@atmark-techno.com>
( https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q2/017572.html )
On Mon, May 13, 2024 at 11:04:01AM +0900, Dominique Martinet wrote:
> This is a "fix" for OSV-2022-785 (oss-fuzz automated report that
> apparently hasn't been looked into)
>
> It really is a redundant safety in case something goes wrong when
> finding pheader: the only caller of resize_packet() with a pheader are
> shortly after find_pseudoheader(), which follows the same logic as
> resize_packet such as when the "faulty" memmove is run we have
> packet <= ansp <= pheader < pheader + plen <= header + hlen
>
> As such, the real code here really shouldn't ever trigger this overflow
> and the fuzzer does not reproduce a realistic workload, but bugs can
> happen so it might be safer to check in case a malicious packet could
> cause the code between find_pseudoheader and reply_packet to modify
> something unexpected.
>
> Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50617
> Link: https://osv.dev/vulnerability/OSV-2022-785
> ---
> This is just a drive-by patch as I noticed these silly oss-fuzz issues
> looking at some security reporting tools, but in all honesty feel free
> to refuse this. (I've also complained on the oss-fuzz issue)
The "just a drive-by patch" did made me realize
that there are more "drive-by patches".
The not drive-by patches increase their survival rate by
adding / CC-ing email address ~stappers/dnsmasqm...@lists.sr.ht
> Thanks!
>
> src/rfc1035.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/rfc1035.c b/src/rfc1035.c
> index 387d894a25df..3be2f1748f14 100644
> --- a/src/rfc1035.c
> +++ b/src/rfc1035.c
> @@ -338,6 +338,10 @@ size_t resize_packet(struct dns_header *header, size_t
> plen, unsigned char *phea
>/* restore pseudoheader */
>if (pheader && ntohs(header->arcount) == 0)
> {
> + /* pseudoheader does not fit: return original packet. This should never
> + * happen as pheader should be strictly within header after current
> ansp */
> + if (!CHECK_LEN(header, ansp, plen, hlen))
> +return plen;
>/* must use memmove, may overlap */
>memmove(ansp, pheader, hlen);
>header->arcount = htons(1);
> --
> 2.39.2
>
Groeten
Geert Stappers
--
Silence is hard to parse
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Picking up the patches
On Fri, May 17, 2024 at 11:00:17PM +0200, Geert Stappers wrote: > On Wed, Apr 17, 2024 at 09:40:17PM +0200, Geert Stappers wrote: > > Hi, > > > > Another 17th of month, another attempt > > to prevent that patches fall through the cracks. :-) > > At https://lists.sr.ht/~stappers/dnsmasqmlpc/patches > > is 1 pending patch, "Quieten DHCPv6 log when in static mode. > > My plan is to keep it warm for two months. > > > > We are half way :-/ > Another month passed without new commits to the leading git repo at the thekelleys.co.uk. > One new patch, Update DNS records after pruning DHCP leases, added. One new patch, Add support for --dhcp-allowed-srvids option, added. Patches from "old contributors" are missing. That is due my assumption they know about CC-ing ~stappers/dnsmasqm...@lists.sr.ht Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Picking up the patches
On Wed, Apr 17, 2024 at 09:40:17PM +0200, Geert Stappers wrote: > Hi, > > Another 17th of month, another attempt > to prevent that patches fall through the cracks. > > > At https://lists.sr.ht/~stappers/dnsmasqmlpc/patches > is 1 pending patch, "Quieten DHCPv6 log when in static mode. > My plan is to keep it warm for two months. > We are half way :-/ One new patch, Update DNS records after pruning DHCP leases, added. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Picking up the patches
Hi, Another 17th of month, another attempt to prevent that patches fall through the cracks. At https://lists.sr.ht/~stappers/dnsmasqmlpc/patches is 1 pending patch, "Quieten DHCPv6 log when in static mode. My plan is to keep it warm for two months. Checking the archive learnt me that some patches haven't yet reached the "mailinglist patch collector". Such as "Fix dependency in make install target". See email 2024-03-17. Most likely more patches were missed / are missing please resend them with Cc: ~stappers/dnsmasqm...@lists.sr.ht Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Picking up the patches
Le ven. 17 mars 2023 à 06:03, Petr Menšík a écrit : > > Could we perhaps make some service, which would gather list of patches > sent to mailing list. Sounds like patchwork (not really a user, I just know OpenWrt uses it) If you don't want to host it or just want to try it out, ask to be added to ozlabs.org one https://patchwork.ozlabs.org/about/ > And if Simon would not respond to it in any way, > it would make a list of sender, subject and name of patches in a summary. > > If no response were say in a week, it might send a summary mail with a > list of such pending patches. Maybe supporting some keywords to mark a > reason, why it is not merged (yet). > > It might be doable > > Examples: > > [merged] - merged as it is. In some cases this could be detected without > any message by watching git repo. > > [modified] - merged by a different change. Solved the problem in a > different way. > > [modify] - request to make a changes in patch, is waiting on the > contributor to do so > > [refused] - stating such change won't be merged even with small > modifications, stop tracking that patch. > > Altough it would be much easier if Simon would accept also pull requests > on any kind of git hosting service, which already provides a way to > create pull request, which can be commented on, merged or closed. > Services like github.com, gitlab or pagure already implements similar > workflows. > > But above proposal would allow Simon just add those keywords into his > reply and otherwise do not change his way of processing incoming > patches. It would require to do some coding by us and hosting such > service somewhere. > > Maybe even very simple reminder threads containing patches do not > contain any message for some time from Simon would help. Looking at > pipermail threads page, some hacking at HTML level in python might solve > that. Ideally with once a day generated page of links to messages > waiting for any comment, which could be checked any time. > > On 3/16/23 22:51, Geert Stappers wrote: > > Hi, > > > > How can I help that patches get the attention that they deserve? > > > > > > Groeten > > Geert Stappers > > > > > > On Wed, Mar 08, 2023 at 03:38:02PM +, Simon Kelley wrote: > >> On 07/03/2023 23:20, Clayton Craft wrote: > >>> On Thu, 23 Feb 2023 21:40:10 -0800 Clayton Craft wrote: > On Fri, 10 Feb 2023 13:53:05 -0800 Clayton Craft wrote: > > Any chance this could get merged? Being able to set filters at runtime > is very > useful for multi-homed phones and other devices in cases where we need to > restrict DNS response answers based on IP protocol. > > Please let me know if I need to make changes so that it is acceptable. > >>> Is this patch something that could be accepted? > >>> > >> Apologies for ignoring you. Patch looks fine. Applied to git repo. > >> > >> > >> Cheers, > >> Simon. > > -- > Petr Menšík > Software Engineer, RHEL > Red Hat, https://www.redhat.com/ > PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Picking up the patches
Could we perhaps make some service, which would gather list of patches sent to mailing list. And if Simon would not respond to it in any way, it would make a list of sender, subject and name of patches in a summary. If no response were say in a week, it might send a summary mail with a list of such pending patches. Maybe supporting some keywords to mark a reason, why it is not merged (yet). It might be doable Examples: [merged] - merged as it is. In some cases this could be detected without any message by watching git repo. [modified] - merged by a different change. Solved the problem in a different way. [modify] - request to make a changes in patch, is waiting on the contributor to do so [refused] - stating such change won't be merged even with small modifications, stop tracking that patch. Altough it would be much easier if Simon would accept also pull requests on any kind of git hosting service, which already provides a way to create pull request, which can be commented on, merged or closed. Services like github.com, gitlab or pagure already implements similar workflows. But above proposal would allow Simon just add those keywords into his reply and otherwise do not change his way of processing incoming patches. It would require to do some coding by us and hosting such service somewhere. Maybe even very simple reminder threads containing patches do not contain any message for some time from Simon would help. Looking at pipermail threads page, some hacking at HTML level in python might solve that. Ideally with once a day generated page of links to messages waiting for any comment, which could be checked any time. On 3/16/23 22:51, Geert Stappers wrote: Hi, How can I help that patches get the attention that they deserve? Groeten Geert Stappers On Wed, Mar 08, 2023 at 03:38:02PM +, Simon Kelley wrote: On 07/03/2023 23:20, Clayton Craft wrote: On Thu, 23 Feb 2023 21:40:10 -0800 Clayton Craft wrote: On Fri, 10 Feb 2023 13:53:05 -0800 Clayton Craft wrote: Any chance this could get merged? Being able to set filters at runtime is very useful for multi-homed phones and other devices in cases where we need to restrict DNS response answers based on IP protocol. Please let me know if I need to make changes so that it is acceptable. Is this patch something that could be accepted? Apologies for ignoring you. Patch looks fine. Applied to git repo. Cheers, Simon. -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Picking up the patches
Hi, How can I help that patches get the attention that they deserve? Groeten Geert Stappers On Wed, Mar 08, 2023 at 03:38:02PM +, Simon Kelley wrote: > On 07/03/2023 23:20, Clayton Craft wrote: > > On Thu, 23 Feb 2023 21:40:10 -0800 Clayton Craft wrote: > > > On Fri, 10 Feb 2023 13:53:05 -0800 Clayton Craft wrote: > > > > > > Any chance this could get merged? Being able to set filters at runtime is > > > very > > > useful for multi-homed phones and other devices in cases where we need to > > > restrict DNS response answers based on IP protocol. > > > > > > Please let me know if I need to make changes so that it is acceptable. > > > > Is this patch something that could be accepted? > > > > Apologies for ignoring you. Patch looks fine. Applied to git repo. > > > Cheers, > Simon. -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] picking up the patches
Hello, https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016776.html is applied to branch 'ml2301' at https://salsa.debian.org/debian/dnsmasq Explaining branch name 'ml2301': - ml: mailing list - 23: year 2023 - 01: month 1 The idea of the 'mlYYMM' branches is preventing that patches get lost. Regards 17th of this month ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] picking up the patches
Am 17.01.23 um 23:22 schrieb 17th of this month: Previous-Subject: Re: [Dnsmasq-discuss] [PATCH] Add run-time option to disable CHAOS TXT records In-Reply-To: <9e8bb769-db3e-770b-f058-fcc73f557...@thekelleys.org.uk> On Mon, Jan 16, 2023 at 10:46:25PM +, Simon Kelley wrote: ... Have I missed something? Yes. :-) https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016776.html The patch moves the relevant code to after processing of command-line arguments, but not reading configuration file(s). I can't think of any reason why you wouldn't want to put no-ident into /etc/dnsmasq.conf That in my words: I'm british, consider me way too polite. The patch has been reviewed, the idea is good, the implementation should be better. Please submit a updated version. Regards 17th of this month Geert Stappers, your way of communicating is intrusive, overbearing and obnoxious. Stop that. Now. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] picking up the patches
Previous-Subject: Re: [Dnsmasq-discuss] [PATCH] Add run-time option to disable CHAOS TXT records In-Reply-To: <9e8bb769-db3e-770b-f058-fcc73f557...@thekelleys.org.uk> On Mon, Jan 16, 2023 at 10:46:25PM +, Simon Kelley wrote: >... > Have I missed something? Yes. :-) https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016776.html > The patch moves the relevant code to after processing of command-line > arguments, but not reading configuration file(s). I can't think of any > reason why you wouldn't want to put > > no-ident > > into /etc/dnsmasq.conf That in my words: I'm british, consider me way too polite. The patch has been reviewed, the idea is good, the implementation should be better. Please submit a updated version. Regards 17th of this month ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Picking up the patches
Hi, There is the manual page patch, "conf-script patch" ( https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016776.html ) that needs to be merged IMNSHO. If there need other patches to picked up, say so. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Picking up the patches
On Thu, Nov 17, 2022 at 07:58:05PM +0100, Geert Stappers via Dnsmasq-discuss wrote: > Hi, > > > Another 17th day of the month. > > Patches for which it is unclear when they should resubmitted: > > * Offer alternative DHCPv6 address if requested is taken ( Petr Mensik ) First posted https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015640.html Reposted https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016637.html It would be a pity if another 14 months later we get again "Oh, this patch slipped through the cracks, reposting". > * Coding style ( Geert Stappers ) Was a concept, new version is on the back burner. > * Connection track mark based DNS query filtering Original submitter moved on, in https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016685.html was a "would like to have", but no "have tried it, works for me". Request: We mark the patch as "archived after never been accepted and never been rejected" > * Make ECC-GOST ( Petr Mensik ) Simons review https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016697.html ends with "I don't think there's a need to be able to disable the GOST algorithms, but I'm happy to hear arguments to the contrary." Groeten Geert Stappers Attempting to express Software gets improved by patches, do not ignore patches. -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Picking up the patches
Hi, Another 17th day of the month. Patches for which it is unclear when they should resubmitted: * Offer alternative DHCPv6 address if requested is taken ( Petr Mensik ) * Coding style ( Geert Stappers ) * Connection track mark based DNS query filtering * Make ECC-GOST ( Petr Mensik ) Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Picking up the patches
Hi, IIRC there is only one patch pending, the "describe" patch. In https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q3/016577.html is reported that it is yak shaving[1] and work in progress. If I'm wrong about no ignored patches, say so. It is the whole idea of this message, picking up patches. Groeten Geert Stappers [1] http://www.catb.org/jargon/html/Y/yak-shaving.html -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
