diff --git a/backport-Fix-bad-reply-to-DHCPCONFIRM-messages-wrong-message-.patch b/backport-Fix-bad-reply-to-DHCPCONFIRM-messages-wrong-message-.patch new file mode 100644 index 0000000000000000000000000000000000000000..c8d7ae2d736888fa4c7b7a0cfbee6bf4647c5de0 --- /dev/null +++ b/backport-Fix-bad-reply-to-DHCPCONFIRM-messages-wrong-message-.patch @@ -0,0 +1,72 @@ +From 3868066085f4f73055d303ad2af59ad66245cf27 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 11 Oct 2023 22:33:17 +0100 +Subject: [PATCH] Fix bad reply to DHCPCONFIRM messages (wrong message type). + +Thanks to renmingshuai for +spotting the error, and making the initial patch. + +Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=3868066085f4 +Conflict:allow binding-mac-with-ipv6 +--- + src/rfc3315.c | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index cdb4b64..9bdb940 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1057,7 +1057,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu + + case DHCP6CONFIRM: + { +- int good_addr = 0; ++ int good_addr = 0, bad_addr = 0; + int find_bind = 0; + struct dhcp_config *find_config = NULL; + +@@ -1099,12 +1099,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu + + if (!address6_valid(state->context, &req_addr, tagif, 1)) + { +- o1 = new_opt6(OPTION6_STATUS_CODE); +- put_opt6_short(DHCP6NOTONLINK); +- put_opt6_string(_("confirm failed")); +- end_opt6(o1); +- log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed")); +- return 1; ++ bad_addr = 1; ++ log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed")); ++ } ++ else ++ { ++ good_addr = 1; ++ log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname); + } + if(daemon->bind_mac_with_ip6) { + if (!is_same_net6(&req_addr, &find_config->addr6, 128)) { +@@ -1115,18 +1116,16 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu + return 1; + } + } +- good_addr = 1; +- log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname); + } + } + + /* No addresses, no reply: RFC 3315 18.2.2 */ +- if (!good_addr) ++ if (!good_addr && !bad_addr) + return 0; + + o1 = new_opt6(OPTION6_STATUS_CODE); +- put_opt6_short(DHCP6SUCCESS ); +- put_opt6_string(_("all addresses still on link")); ++ put_opt6_short(bad_addr ? DHCP6NOTONLINK : DHCP6SUCCESS); ++ put_opt6_string(bad_addr ? (_("confirm failed")) : (_("all addresses still on link"))); + end_opt6(o1); + break; + } +-- +2.33.0 + diff --git a/dnsmasq.spec b/dnsmasq.spec index b804d99a9d0bf40eeb9a3db10d3a9c4047d13d99..c254efea8a1bbe514a2cab802668e103a29f1d1f 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq Version: 2.82 -Release: 18 +Release: 19 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -44,8 +44,10 @@ Patch33: backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch Patch34: backport-Update-DNS-records-after-pruning-DHCP-leases.patch Patch35: backport-Fix-potential-memory-leak.patch Patch36: backport-Fix-possible-SIGSEGV-in-bpf.c.patch +Patch37: backport-Fix-bad-reply-to-DHCPCONFIRM-messages-wrong-message-.patch Patch9000: adapt-bugfix-allow-binding-mac-with-ipv6.patch +Patch9001: fix-reply-confirm-packet-when-binding-mac-with-ip6-o.patch BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd Requires: nettle >= 3.4 %{name}-help @@ -138,6 +140,13 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Fri Oct 10 2025 luoguocui - 2.82-19 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:Fix bad reply to DHCPCONFIRM messages (wrong message type) + Fix reply confirm packet when binding-mac-with-ip6 on + * Fri Mar 21 2025 lingsheng - 2.82-18 - Type:bugfix - CVE:NA diff --git a/fix-reply-confirm-packet-when-binding-mac-with-ip6-o.patch b/fix-reply-confirm-packet-when-binding-mac-with-ip6-o.patch new file mode 100644 index 0000000000000000000000000000000000000000..6264818b9637fd37b990178a8747153b1fe5aec8 --- /dev/null +++ b/fix-reply-confirm-packet-when-binding-mac-with-ip6-o.patch @@ -0,0 +1,48 @@ +From fbe942addb1d41f705c716f46d945af781286dad Mon Sep 17 00:00:00 2001 +From: luoguocui +Date: Fri, 10 Oct 2025 09:22:37 +0000 +Subject: [PATCH] fix reply confirm packet when binding-mac-with-ip6 on + +--- + src/rfc3315.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index a99998b..375816c 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1074,11 +1074,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu + } + /* requires all mac has binding ipv6 address. */ + if (find_bind == 0) { ++ bad_addr = 1; ++ log6_quiet(state, "DHCPREPLY", NULL, _("confirm failed, no binding found")); + o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6NOTONLINK); + put_opt6_string(_("confirm failed, no binding found")); + end_opt6(o1); +- return 1; ++ break; + } + } + +@@ -1105,13 +1107,10 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu + good_addr = 1; + log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname); + } +- if(daemon->bind_mac_with_ip6) { ++ if(daemon->bind_mac_with_ip6 && good_addr) { + if (!is_same_net6(&req_addr, &find_config->addr6, 128)) { +- o1 = new_opt6(OPTION6_STATUS_CODE); +- put_opt6_short(DHCP6NOTONLINK); +- put_opt6_string(_("confirm failed, not binding to this address")); +- end_opt6(o1); +- return 1; ++ bad_addr = 1; ++ log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed, not binding to this address")); + } + } + } +-- +2.33.0 +