[FS#4160] Leaking host IP addresses to unrelated dnsmasq instances

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Sat Nov 27 12:42:41 PST 2021


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Robert Klauco (sanchosk) 

Attached to Project - OpenWrt/LEDE Project
Summary - Leaking host IP addresses to unrelated dnsmasq instances
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Medium
Priority - Very Low
Reported Version - All
Due in Version - Undecided
Due Date - Undecided
Details - Supply the following if possible:
 - Device problem occurs on
All openWRT devices with version 20+. Tested on raspberry pi, x86_64 and xiaomi mi aiot router

 - Software versions of OpenWrt/LEDE release, packages, etc.
Multiple, including snapshot r18191-b92a9f607b

 - Steps to reproduce
1. Create multiple dnsmasq instances by creating 'main' and 'guest' configs in /etc/config/dhcp
2. in the 'main' instance, create static host, set the option 'dns' to '1' and the option 'instance' to 'main'
3. restart the dnsmasq
4. both dnsmasq instances will run, but they will include configuration option "addn-hosts /tmp/hosts"
5. the file /tmp/hosts/dhcp.guest will have no static records, the /tmp/hosts/dhcp.main will have the record from step 2
6. connect to the guest network, try to resolve the record from step 2 (e.g. server.mainlan)

Problem: the resolver will work as the addn-hosts folder is shared with both instances. This "leaks" the dns responses to the guest lan from the main lan and vice-versa, despite this is not wanted.
I created a pull request with dirty workaround - changed the HOSTFILE variable in a way that it will create a separate directory (/tmp/hosts/dhcp/main/main and /tmp/hosts/dhcp/guest/guest), working around the problem - no more shared folders.



More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=4160

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list