rpms
/
c-ares
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from AlmaLinux stable repository

This commit is contained in:
eabdullin 2024-05-15 07:09:44 +00:00
parent cc0f86b4bc
commit 5712eeade2
5 changed files with 18 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.c-ares.metadata
View File

@ -1 +1 @@
431d5ff705db752f5d25e610827b7cb3653fc7ff SOURCES/c-ares-1.17.1.tar.gz
99566278e4ed4b261891aa62c8b88227bf1a2823 SOURCES/c-ares-1.19.1.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/c-ares-1.17.1.tar.gz
SOURCES/c-ares-1.19.1.tar.gz

192
SOURCES/0002-fix-CVE-2021-3672.patch
View File

@ -1,192 +0,0 @@
From 362f91d807d293791008cdb7616d40f7784ece83 Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Fri, 11 Jun 2021 11:27:45 -0400
Subject: [PATCH 1/2] ares_expand_name() should escape more characters
RFC1035 5.1 specifies some reserved characters and escaping sequences
that are allowed to be specified. Expand the list of reserved characters
and also escape non-printable characters using the \DDD format as
specified in the RFC.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
---
src/lib/ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++---
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c
index 407200ef..f1c874a9 100644
--- a/src/lib/ares_expand_name.c
+++ b/src/lib/ares_expand_name.c
@@ -32,6 +32,26 @@
static int name_length(const unsigned char *encoded, const unsigned char *abuf,
int alen);
+/* Reserved characters for names that need to be escaped */
+static int is_reservedch(int ch)
+{
+ switch (ch) {
+ case '"':
+ case '.':
+ case ';':
+ case '\\':
+ case '(':
+ case ')':
+ case '@':
+ case '$':
+ return 1;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
/* Expand an RFC1035-encoded domain name given by encoded. The
* containing message is given by abuf and alen. The result given by
* *s, which is set to a NUL-terminated allocated buffer. *enclen is
@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
p++;
while (len--)
{
- if (*p == '.' || *p == '\\')
+ if (!isprint(*p)) {
+ /* Output as \DDD for consistency with RFC1035 5.1 */
+ *q++ = '\\';
+ *q++ = '0' + *p / 100;
+ *q++ = '0' + (*p % 100) / 10;
+ *q++ = '0' + (*p % 10);
+ } else if (is_reservedch(*p)) {
*q++ = '\\';
- *q++ = *p;
+ *q++ = *p;
+ } else {
+ *q++ = *p;
+ }
p++;
}
*q++ = '.';
@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
encoded++;
while (offset--)
{
- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
+ if (!isprint(*encoded)) {
+ n += 4;
+ } else if (is_reservedch(*encoded)) {
+ n += 2;
+ } else {
+ n += 1;
+ }
encoded++;
}
n++;
From 44c009b8e62ea1929de68e3f438181bea469ec14 Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Fri, 11 Jun 2021 12:39:24 -0400
Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root
name response
Fixes issue introduced in prior commit with formatting and handling
of parsing a root name response which should not be escaped.
Fix By: Brad House
---
src/lib/ares_expand_name.c | 62 ++++++++++++++++++++++++--------------
1 file changed, 40 insertions(+), 22 deletions(-)
diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c
index f1c874a9..eb9268c1 100644
--- a/src/lib/ares_expand_name.c
+++ b/src/lib/ares_expand_name.c
@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
}
else
{
- len = *p;
+ int name_len = *p;
+ len = name_len;
p++;
+
while (len--)
{
- if (!isprint(*p)) {
- /* Output as \DDD for consistency with RFC1035 5.1 */
- *q++ = '\\';
- *q++ = '0' + *p / 100;
- *q++ = '0' + (*p % 100) / 10;
- *q++ = '0' + (*p % 10);
- } else if (is_reservedch(*p)) {
- *q++ = '\\';
- *q++ = *p;
- } else {
- *q++ = *p;
- }
+ /* Output as \DDD for consistency with RFC1035 5.1, except
+ * for the special case of a root name response */
+ if (!isprint(*p) && !(name_len == 1 && *p == 0))
+ {
+
+ *q++ = '\\';
+ *q++ = '0' + *p / 100;
+ *q++ = '0' + (*p % 100) / 10;
+ *q++ = '0' + (*p % 10);
+ }
+ else if (is_reservedch(*p))
+ {
+ *q++ = '\\';
+ *q++ = *p;
+ }
+ else
+ {
+ *q++ = *p;
+ }
p++;
}
*q++ = '.';
}
- }
+ }
+
if (!indir)
*enclen = aresx_uztosl(p + 1U - encoded);
@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
}
else if (top == 0x00)
{
- offset = *encoded;
+ int name_len = *encoded;
+ offset = name_len;
if (encoded + offset + 1 >= abuf + alen)
return -1;
encoded++;
+
while (offset--)
{
- if (!isprint(*encoded)) {
- n += 4;
- } else if (is_reservedch(*encoded)) {
- n += 2;
- } else {
- n += 1;
- }
+ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0))
+ {
+ n += 4;
+ }
+ else if (is_reservedch(*encoded))
+ {
+ n += 2;
+ }
+ else
+ {
+ n += 1;
+ }
encoded++;
}
+
n++;
}
else

82
SOURCES/0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
View File

@ -1,82 +0,0 @@
From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Mon, 22 May 2023 06:51:49 -0400
Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
---
src/lib/ares_process.c | 41 +++++++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 16 deletions(-)
diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
index bf0cde4..6cac0a9 100644
--- a/src/lib/ares_process.c
+++ b/src/lib/ares_process.c
@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
{
struct server_state *server;
int i;
- ares_ssize_t count;
+ ares_ssize_t read_len;
unsigned char buf[MAXENDSSZ + 1];
#ifdef HAVE_RECVFROM
ares_socklen_t fromlen;
@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
/* To reduce event loop overhead, read and process as many
* packets as we can. */
do {
- if (server->udp_socket == ARES_SOCKET_BAD)
- count = 0;
-
- else {
- if (server->addr.family == AF_INET)
+ if (server->udp_socket == ARES_SOCKET_BAD) {
+ read_len = -1;
+ } else {
+ if (server->addr.family == AF_INET) {
fromlen = sizeof(from.sa4);
- else
+ } else {
fromlen = sizeof(from.sa6);
- count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
- sizeof(buf), 0, &from.sa, &fromlen);
+ }
+ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+ sizeof(buf), 0, &from.sa, &fromlen);
}
- if (count == -1 && try_again(SOCKERRNO))
+ if (read_len == 0) {
+ /* UDP is connectionless, so result code of 0 is a 0-length UDP
+ * packet, and not an indication the connection is closed like on
+ * tcp */
continue;
- else if (count <= 0)
+ } else if (read_len < 0) {
+ if (try_again(SOCKERRNO))
+ continue;
+
handle_error(channel, i, now);
+
#ifdef HAVE_RECVFROM
- else if (!same_address(&from.sa, &server->addr))
+ } else if (!same_address(&from.sa, &server->addr)) {
/* The address the response comes from does not match the address we
* sent the request to. Someone may be attempting to perform a cache
* poisoning attack. */
- break;
+ continue;
#endif
- else
- process_answer(channel, buf, (int)count, i, 0, now);
- } while (count > 0);
+
+ } else {
+ process_answer(channel, buf, (int)read_len, i, 0, now);
+ }
+ } while (read_len >= 0);
}
}
--
2.38.1

26
SPECS/c-ares.spec
View File

@ -2,16 +2,14 @@
Summary: A library that performs asynchronous DNS operations
Name: c-ares
Version: 1.17.1
Release: 5%{?dist}.1
Version: 1.19.1
Release: 1%{?dist}
License: MIT
URL: http://c-ares.haxx.se/
Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz
URL: http://c-ares.org/
Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz
# The license can be obtained at http://c-ares.haxx.se/license.html
Source1: LICENSE
Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: 0002-fix-CVE-2021-3672.patch
Patch2: 0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
BuildRequires: gcc
%if %{use_cmake}
@ -24,8 +22,8 @@ BuildRequires: libtool
BuildRequires: make
%description
c-ares is a C library that performs DNS requests and name resolves
asynchronously. c-ares is a fork of the library named 'ares', written
c-ares is a C library that performs DNS requests and name resolves
asynchronously. c-ares is a fork of the library named 'ares', written
by Greg Hudson at MIT.
%package devel
@ -75,6 +73,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%{_includedir}/ares.h
%{_includedir}/ares_build.h
%{_includedir}/ares_dns.h
%{_includedir}/ares_nameser.h
%{_includedir}/ares_rules.h
%{_includedir}/ares_version.h
%{_libdir}/*.so
@ -85,8 +84,15 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%{_mandir}/man3/ares_*
%changelog
* Wed May 31 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5.1
- Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z]
* Fri May 26 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-1
- Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9]
- Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9]
- Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9]
- Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0]
- Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3
* Fri May 12 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-6
- Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9]
* Fri Nov 26 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5
- Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9]