Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]
This commit is contained in:
parent
3696a44433
commit
35e8ecb5fc
33
0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
Normal file
33
0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 5fdda1a5891f8828075225975fbdef1d3e87fb57 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Date: Mon, 11 Mar 2024 20:46:09 +0100
|
||||||
|
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
|
||||||
|
|
||||||
|
Backported from
|
||||||
|
https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
|
||||||
|
---
|
||||||
|
ares__read_line.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/ares__read_line.c b/ares__read_line.c
|
||||||
|
index c62ad2a..d6625a3 100644
|
||||||
|
--- a/ares__read_line.c
|
||||||
|
+++ b/ares__read_line.c
|
||||||
|
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
|
||||||
|
if (!fgets(*buf + offset, bytestoread, fp))
|
||||||
|
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
|
||||||
|
len = offset + strlen(*buf + offset);
|
||||||
|
+
|
||||||
|
+ /* Probably means there was an embedded NULL as the first character in
|
||||||
|
+ * the line, throw away line */
|
||||||
|
+ if (len == 0) {
|
||||||
|
+ offset = 0;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if ((*buf)[len - 1] == '\n')
|
||||||
|
{
|
||||||
|
(*buf)[len - 1] = 0;
|
||||||
|
--
|
||||||
|
2.42.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A library that performs asynchronous DNS operations
|
Summary: A library that performs asynchronous DNS operations
|
||||||
Name: c-ares
|
Name: c-ares
|
||||||
Version: 1.13.0
|
Version: 1.13.0
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://c-ares.haxx.se/
|
URL: http://c-ares.haxx.se/
|
||||||
@ -14,6 +14,7 @@ Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
|
|||||||
Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
|
Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
|
||||||
Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
|
Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
|
||||||
Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch
|
Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch
|
||||||
|
Patch6: 0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
@ -44,6 +45,7 @@ compile applications or shared objects that use c-ares.
|
|||||||
%patch3 -p1 -b .udp
|
%patch3 -p1 -b .udp
|
||||||
%patch4 -p1 -b .buffer
|
%patch4 -p1 -b .buffer
|
||||||
%patch5 -p1 -b .underwrite
|
%patch5 -p1 -b .underwrite
|
||||||
|
%patch6 -p1 -b .bounds
|
||||||
|
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
|
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
|
||||||
@ -82,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_mandir}/man3/ares_*
|
%{_mandir}/man3/ares_*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 12 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-11
|
||||||
|
- Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]
|
||||||
|
|
||||||
* Wed Oct 4 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-10
|
* Wed Oct 4 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-10
|
||||||
- Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8]
|
- Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user