From 35e8ecb5fc40bdde578a78216a2a049317fea408 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 12 Mar 2024 09:18:42 +0100 Subject: [PATCH] Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8] --- ...ull-request-from-GHSA-mg26-v6qh-x48q.patch | 33 +++++++++++++++++++ c-ares.spec | 7 +++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch diff --git a/0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch b/0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch new file mode 100644 index 0000000..5cb4b50 --- /dev/null +++ b/0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch @@ -0,0 +1,33 @@ +From 5fdda1a5891f8828075225975fbdef1d3e87fb57 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 11 Mar 2024 20:46:09 +0100 +Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q + +Backported from +https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 +--- + ares__read_line.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/ares__read_line.c b/ares__read_line.c +index c62ad2a..d6625a3 100644 +--- a/ares__read_line.c ++++ b/ares__read_line.c +@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) + if (!fgets(*buf + offset, bytestoread, fp)) + return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; + len = offset + strlen(*buf + offset); ++ ++ /* Probably means there was an embedded NULL as the first character in ++ * the line, throw away line */ ++ if (len == 0) { ++ offset = 0; ++ continue; ++ } ++ + if ((*buf)[len - 1] == '\n') + { + (*buf)[len - 1] = 0; +-- +2.42.0 + diff --git a/c-ares.spec b/c-ares.spec index 4246a50..95c4174 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -1,7 +1,7 @@ Summary: A library that performs asynchronous DNS operations Name: c-ares Version: 1.13.0 -Release: 10%{?dist} +Release: 11%{?dist} License: MIT Group: System Environment/Libraries URL: http://c-ares.haxx.se/ @@ -14,6 +14,7 @@ Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch +Patch6: 0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -44,6 +45,7 @@ compile applications or shared objects that use c-ares. %patch3 -p1 -b .udp %patch4 -p1 -b .buffer %patch5 -p1 -b .underwrite +%patch6 -p1 -b .bounds cp %{SOURCE1} . f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f @@ -82,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man3/ares_* %changelog +* Tue Mar 12 2024 Alexey Tikhonov - 1.13.0-11 +- Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8] + * Wed Oct 4 2023 Alexey Tikhonov - 1.13.0-10 - Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8]