rpms/c-ares
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: rhbz#2235805 - read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8]

Browse Source
This commit is contained in:
Alexey Tikhonov 2023-09-08 14:04:04 +02:00
parent 530a51f26b
commit 1ca439108c
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0005-avoid-read-heap-buffer-overflow-332.patch Normal file
View File

@ -0,0 +1,30 @@
From 65f83b8bf15a128524ef5fe26e1f1e219ee9b872 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 1 Sep 2023 20:00:12 +0200
Subject: [PATCH] avoid read-heap-buffer-overflow (#332)
Fix invalid read in ares_parse_soa_reply.c found during fuzzing
Fixes Bug: #333
Fix By: lutianxiong (@ltx2018)
---
ares_parse_soa_reply.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
index 35af0a7..5924bbc 100644
--- a/ares_parse_soa_reply.c
+++ b/ares_parse_soa_reply.c
@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
if (status != ARES_SUCCESS)
goto failed_stat;
+
+ if (alen <= len + HFIXEDSZ + 1)
+ goto failed;
aptr += len;
/* skip qtype & qclass */
--
2.38.1

7
c-ares.spec
View File

@ -1,7 +1,7 @@
Summary: A library that performs asynchronous DNS operations Summary: A library that performs asynchronous DNS operations
Name: c-ares Name: c-ares
Version: 1.13.0 Version: 1.13.0
Release: 8%{?dist} Release: 9%{?dist}
License: MIT License: MIT
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://c-ares.haxx.se/ URL: http://c-ares.haxx.se/
@ -12,6 +12,7 @@ Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: 0002-fix-CVE-2021-3672.patch Patch1: 0002-fix-CVE-2021-3672.patch
Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -40,6 +41,7 @@ compile applications or shared objects that use c-ares.
%patch1 -p1 -b .dns %patch1 -p1 -b .dns
%patch2 -p1 -b .sortlist %patch2 -p1 -b .sortlist
%patch3 -p1 -b .udp %patch3 -p1 -b .udp
%patch4 -p1 -b .buffer
cp %{SOURCE1} . cp %{SOURCE1} .
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
@ -78,6 +80,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/ares_* %{_mandir}/man3/ares_*
%changelog %changelog
* Fri Sep 8 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-9
- Resolves: rhbz#2235805 - read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8]
* Mon May 29 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-8 * Mon May 29 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-8
- Resolves: rhbz#2209517 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.9.0] - Resolves: rhbz#2209517 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.9.0]