[25.12] backport fixes from master#389
Merged
openwrt-bot merged 6 commits intoopenwrt:openwrt-25.12from Mar 16, 2026
Merged
Conversation
snprintf() returns also in the failure case how many characters would have been required to print the full string. Check return of snprintf() and ensure the log_ctxt->buf_idx never points outside of the given log_ctxt->buf. (cherry picked from commit 13cec01) Fixes: TOB-OWRT-5 Reported-by: Trail of Bits Signed-off-by: Alexander Couzens <lynxis@fe80.eu> Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Member
|
Nice, thanks! |
Noltari
changed the title
dhcpv4_free_lease already calls avl_delete() on the node it's freeing, and thus shouldn't be called inside an avl_remove_all_elements() loop. Use avl_for_each_element_safe() instead. Its documentation says: "This loop can be used if the current element might be removed from the tree during the loop." (cherry picked from commit ea5af5b) Closes: openwrt#371 Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: openwrt#381 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
dhcpv4_free_lease() unconditionally calls avl_delete() to remove the lease from the avl tree at lease->iface->dhcpv4_leases. This corrupts the tree if the lease is not in it, which happens if dhcpv4_assign() returns false during address reassignment (line ~611) or assignment (line ~630). The check for (lease->iface == NULL) before avl_delete() does not guard against this and is not necessary, because lease->iface is populated by dhcpv4_alloc_lease() and never cleared. Fix by explicitly checking that the lease is in the tree before deleting it. (cherry picked from commit 4e26e13) Fixes: aa6870b ("dhcpv4: use an AVL to store leases") Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: openwrt#381 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The assigned_subnet_id field in struct dhcpv6_lease is uint32_t, not uint16_t. Unlikely to matter in practice, since the number of meaningful bits in the field is (assignment size) - (interface assignemt size), so largest typically be 64 - 48 = 16. But it is possible to assign a /32 to an interface in openwrt. (cherry picked from commit b960d4c) Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: openwrt#383 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
When DHCPV4_SUPPORT is not defined, a stub implementation of dhcpv4_free_lease() is provided that logs an error when it's called. A couple sites in config.c unconditionally free the dhcpv4_lease field of struct lease_cfg, causing log spam like: | Trying to free IPv4 assignment 0x(nil) Silence by making the stub a noop if the argument is NULL, just like the actual implementation. (cherry picked from commit 2a316db) Closes: openwrt#382 Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: openwrt#384 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
From https://www.rfc-editor.org/rfc/rfc8106#section-5.2 regarding the DNSSL field: Because the size of this field MUST be a multiple of 8 octets, for the minimum multiple including the domain name representations, the remaining octets other than the encoding parts of the domain name representations MUST be padded with zeros. The current code leaves the trailing octets in uninitialized state, resulting in parsing errors on (at least) systemd RA clients. This commit restores the explicit zeroing of the trailing octets. (cherry picked from commit 160e5fa) Closes: openwrt/openwrt#22351 Fixes: 0a54ce0 ("odhcpd: rename iface->search -> iface->dns_search") Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> Link: openwrt#386 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CC @lynxis @aparcar