Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]

This commit is contained in:
Alexey Tikhonov 2024-03-12 09:18:42 +01:00
parent 3696a44433
commit 35e8ecb5fc
2 changed files with 39 additions and 1 deletions

View File

@ -0,0 +1,33 @@
From 5fdda1a5891f8828075225975fbdef1d3e87fb57 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 11 Mar 2024 20:46:09 +0100
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
Backported from
https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
---
ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/ares__read_line.c b/ares__read_line.c
index c62ad2a..d6625a3 100644
--- a/ares__read_line.c
+++ b/ares__read_line.c
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
if (!fgets(*buf + offset, bytestoread, fp))
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
len = offset + strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n')
{
(*buf)[len - 1] = 0;
--
2.42.0

View File

@ -1,7 +1,7 @@
Summary: A library that performs asynchronous DNS operations Summary: A library that performs asynchronous DNS operations
Name: c-ares Name: c-ares
Version: 1.13.0 Version: 1.13.0
Release: 10%{?dist} Release: 11%{?dist}
License: MIT License: MIT
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://c-ares.haxx.se/ URL: http://c-ares.haxx.se/
@ -14,6 +14,7 @@ Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch
Patch6: 0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -44,6 +45,7 @@ compile applications or shared objects that use c-ares.
%patch3 -p1 -b .udp %patch3 -p1 -b .udp
%patch4 -p1 -b .buffer %patch4 -p1 -b .buffer
%patch5 -p1 -b .underwrite %patch5 -p1 -b .underwrite
%patch6 -p1 -b .bounds
cp %{SOURCE1} . cp %{SOURCE1} .
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
@ -82,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/ares_* %{_mandir}/man3/ares_*
%changelog %changelog
* Tue Mar 12 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-11
- Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]
* Wed Oct 4 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-10 * Wed Oct 4 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-10
- Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8] - Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8]