From 5ba8da2eb8f4c2b1b88d9890680a5aa9cb037e01 Mon Sep 17 00:00:00 2001
From: zengwefeng <zwfeng@huawei.com>
Date: Thu, 25 Feb 2021 14:39:33 +0800
Subject: [PATCH] synchronize some bugfix patches from upstream community

(cherry picked from commit 70d952723a49c074b76617a8bb8c3febb09eca2d)
---
 ...ck-for-NULL-return-from-allocate_rfd.patch | 71 +++++++++++++++++++
 ...en-asking-for-DNSSEC-and-a-validated.patch | 28 ++++++++
 dnsmasq.spec                                  | 11 ++-
 3 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 backport-Add-missing-check-for-NULL-return-from-allocate_rfd.patch
 create mode 100644 backport-Fix-DNS-reply-when-asking-for-DNSSEC-and-a-validated.patch

diff --git a/backport-Add-missing-check-for-NULL-return-from-allocate_rfd.patch b/backport-Add-missing-check-for-NULL-return-from-allocate_rfd.patch
new file mode 100644
index 0000000..9de07a4
--- /dev/null
+++ b/backport-Add-missing-check-for-NULL-return-from-allocate_rfd.patch
@@ -0,0 +1,71 @@
+From 824461192ca5098043f9ca4ddeba7df1f65b30ba Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 15 Nov 2020 22:13:25 +0000
+Subject: [PATCH] Add missing check for NULL return from allocate_rfd().
+
+Conflict:NA
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=824461192ca5098043f9ca4ddeba7df1f65b30ba
+---
+ src/forward.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 4f9a963..50da095 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -823,7 +823,6 @@ void reply_query(int fd, int family, time_t now)
+       int is_sign;
+ 
+ #ifdef HAVE_DNSSEC
+-      /* For DNSSEC originated queries, just retry the query to the same server. */
+       if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
+ 	{
+ 	  struct server *start;
+@@ -849,6 +848,8 @@ void reply_query(int fd, int family, time_t now)
+ 	      }
+ 	    
+ 	  
++	  fd = -1;
++
+ 	  if (start->sfd)
+ 	    fd = start->sfd->fd;
+ 	  else
+@@ -856,19 +857,21 @@ void reply_query(int fd, int family, time_t now)
+ 	      if (start->addr.sa.sa_family == AF_INET6)
+ 		{
+ 		  /* may have changed family */
+-		  if (!forward->rfd6)
+-		    forward->rfd6 = allocate_rfd(AF_INET6);
+-		  fd = forward->rfd6->fd;
++		  if (forward->rfd6 || (forward->rfd6 = allocate_rfd(AF_INET6)))
++		    fd = forward->rfd6->fd;
+ 		}
+ 	      else
+ 		{
+ 		  /* may have changed family */
+-		  if (!forward->rfd4)
+-		    forward->rfd4 = allocate_rfd(AF_INET);
+-		  fd = forward->rfd4->fd;
++		  if (forward->rfd4 || (forward->rfd4 = allocate_rfd(AF_INET)))
++		    fd = forward->rfd4->fd;
+ 		}
+ 	    }
+ 
++	  /* Can't get socket. */
++	  if (fd == -1)
++	    return;
++	  
+ #ifdef HAVE_DUMPFILE
+ 	  dump_packet(DUMP_SEC_QUERY, (void *)header, (size_t)plen, NULL, &start->addr);
+ #endif
+@@ -2311,7 +2314,6 @@ struct frec *get_new_frec(time_t now, int *wait, struct frec *force)
+   return f; /* OK if malloc fails and this is NULL */
+ }
+ 
+-/* crc is all-ones if not known. */
+ static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash)
+ {
+   struct frec *f;
+-- 
+2.23.0
+
diff --git a/backport-Fix-DNS-reply-when-asking-for-DNSSEC-and-a-validated.patch b/backport-Fix-DNS-reply-when-asking-for-DNSSEC-and-a-validated.patch
new file mode 100644
index 0000000..95738b6
--- /dev/null
+++ b/backport-Fix-DNS-reply-when-asking-for-DNSSEC-and-a-validated.patch
@@ -0,0 +1,28 @@
+From 1eb6cedb03cb335071fda22ee7c623b2298d3729 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 14 Nov 2020 15:29:34 +0000
+Subject: [PATCH] Fix DNS reply when asking for DNSSEC and a validated CNAME is
+ already cached.
+
+Conflict:NA
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1eb6cedb03cb335071fda22ee7c623b2298d3729
+---
+ src/rfc1035.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index a8cdc6e..79af53f 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1359,6 +1359,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 		}
+ 
+ 	    }
++	  else
++	    return 0; /* give up if any cached CNAME in chain can't be used for DNSSEC reasons. */
+ 
+ 	  strcpy(name, cname_target);
+ 	}
+-- 
+2.23.0
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 3bd8a57..88d57d4 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -1,6 +1,6 @@
 Name:           dnsmasq
 Version:        2.82
-Release:        4
+Release:        5
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@@ -19,6 +19,8 @@ Patch8:      backport-CVE-2020-25685_2.patch
 Patch9:      backport-CVE-2020-25686_1.patch
 Patch10:     backport-CVE-2020-25686_2.patch
 Patch11:     backport-fix-regression-in-s_config_in_context-method.patch
+Patch12:     backport-Add-missing-check-for-NULL-return-from-allocate_rfd.patch
+Patch13:     backport-Fix-DNS-reply-when-asking-for-DNSSEC-and-a-validated.patch
 
 BuildRequires:  dbus-devel pkgconfig libidn2-devel nettle-devel systemd
 Requires:       nettle >= 3.4
@@ -111,6 +113,13 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*
 
 %changelog
+* Thu Feb 25 2021 zengwefeng <zwfeng@huawei.com> - 2.82-5
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:Add missing check for NULL return from allocate_rfd
+       Fix DNS reply when asking for DNSSEC
+
 * Thu Jan 21 2021 zhujh <zhujunhao8@huawei.com> - 2.82-4
 - Type:bugfix
 - Id:NA
-- 
Gitee