[SCM] qtbase packaging branch, master, updated. debian/5.9.2+dfsg-4-12-g4b33f03
Dmitry Shachnev
mitya57 at moszumanska.debian.org
Sun Dec 3 10:21:42 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qtbase.git;a=commitdiff;h=4b33f03
The following commit has been merged in the master branch:
commit 4b33f0300a5e148e9b63f196c88cd0a54848e595
Author: Dmitry Shachnev <mitya57 at gmail.com>
Date: Sun Dec 3 13:20:50 2017 +0300
Backport upstream patch to fix crash in QDnsLookup for large responses.
Closes: #883099.
---
debian/changelog | 2 ++
debian/patches/qdnslookup_crash.diff | 62 ++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 65 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 098c5a9..539d0ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ qtbase-opensource-src (5.9.2+dfsg-5) UNRELEASED; urgency=medium
* Change PCRE build-dependency to PCRE2. Qt switched to PCRE2 in 5.9.
Pass a configure option to make sure that the system version is used
(closes: #883304).
+ * Backport upstream patch to fix crash in QDnsLookup when DNS response is
+ over 512 bytes (closes: #883099).
[ Lisandro Damián Nicanor Pérez Meyer ]
* Make libqt5opengl5-dev provide libqt5opengl5-desktop-dev on !armel and !armhf.
diff --git a/debian/patches/qdnslookup_crash.diff b/debian/patches/qdnslookup_crash.diff
new file mode 100644
index 0000000..48d678d
--- /dev/null
+++ b/debian/patches/qdnslookup_crash.diff
@@ -0,0 +1,62 @@
+Description: fix out of bounds reads in qdnslookup_unix
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=306c32f50e289c40
+Last-Update: 2017-12-03
+
+--- a/src/network/kernel/qdnslookup_unix.cpp
++++ b/src/network/kernel/qdnslookup_unix.cpp
+@@ -42,6 +42,7 @@
+ #if QT_CONFIG(library)
+ #include <qlibrary.h>
+ #endif
++#include <qvarlengtharray.h>
+ #include <qscopedpointer.h>
+ #include <qurl.h>
+ #include <private/qnativesocketengine_p.h>
+@@ -58,6 +59,8 @@
+ # include <gnu/lib-names.h>
+ #endif
+
++#include <cstring>
++
+ QT_BEGIN_NAMESPACE
+
+ #if QT_CONFIG(library)
+@@ -137,7 +140,7 @@
+
+ // Initialize state.
+ struct __res_state state;
+- memset(&state, 0, sizeof(state));
++ std::memset(&state, 0, sizeof(state));
+ if (local_res_ninit(&state) < 0) {
+ reply->error = QDnsLookup::ResolverError;
+ reply->errorString = tr("Resolver initialization failed");
+@@ -189,11 +192,25 @@
+ QScopedPointer<struct __res_state, QDnsLookupStateDeleter> state_ptr(&state);
+
+ // Perform DNS query.
+- unsigned char response[PACKETSZ];
+- memset(response, 0, sizeof(response));
+- const int responseLength = local_res_nquery(&state, requestName, C_IN, requestType, response, sizeof(response));
++ QVarLengthArray<unsigned char, PACKETSZ> buffer(PACKETSZ);
++ std::memset(buffer.data(), 0, buffer.size());
++ int responseLength = local_res_nquery(&state, requestName, C_IN, requestType, buffer.data(), buffer.size());
++ if (Q_UNLIKELY(responseLength > PACKETSZ)) {
++ buffer.resize(responseLength);
++ std::memset(buffer.data(), 0, buffer.size());
++ responseLength = local_res_nquery(&state, requestName, C_IN, requestType, buffer.data(), buffer.size());
++ if (Q_UNLIKELY(responseLength > buffer.size())) {
++ // Ok, we give up.
++ reply->error = QDnsLookup::ResolverError;
++ reply->errorString.clear(); // We cannot be more specific, alas.
++ return;
++ }
++ }
+
+- // Check the response header.
++ unsigned char *response = buffer.data();
++ // Check the response header. Though res_nquery returns -1 as a
++ // responseLength in case of error, we still can extract the
++ // exact error code from the response.
+ HEADER *header = (HEADER*)response;
+ const int answerCount = ntohs(header->ancount);
+ switch (header->rcode) {
diff --git a/debian/patches/series b/debian/patches/series
index fce1e1e..a2da090 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,7 @@
# Backported from upstream.
qglxconvenience_nullptr.diff
postgresql_10.diff
+qdnslookup_crash.diff
# Debian specific.
gnukfreebsd.diff
--
qtbase packaging
More information about the pkg-kde-commits
mailing list