From cc0f86b4bc6d60bbb633286e086103275ead8a46 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mon, 12 Jun 2023 08:00:00 +0000
Subject: [PATCH] import c-ares-1.17.1-5.el9_2.1

---
 ...ull-request-from-GHSA-9g78-jv2r-p7vc.patch | 82 +++++++++++++++++++
 SPECS/c-ares.spec                             |  7 +-
 2 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch

diff --git a/SOURCES/0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch b/SOURCES/0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
new file mode 100644
index 0000000..e3f3942
--- /dev/null
+++ b/SOURCES/0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
@@ -0,0 +1,82 @@
+From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:49 -0400
+Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
+
+---
+ src/lib/ares_process.c | 41 +++++++++++++++++++++++++----------------
+ 1 file changed, 25 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
+index bf0cde4..6cac0a9 100644
+--- a/src/lib/ares_process.c
++++ b/src/lib/ares_process.c
+@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+ {
+   struct server_state *server;
+   int i;
+-  ares_ssize_t count;
++  ares_ssize_t read_len;
+   unsigned char buf[MAXENDSSZ + 1];
+ #ifdef HAVE_RECVFROM
+   ares_socklen_t fromlen;
+@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+       /* To reduce event loop overhead, read and process as many
+        * packets as we can. */
+       do {
+-        if (server->udp_socket == ARES_SOCKET_BAD)
+-          count = 0;
+-
+-        else {
+-          if (server->addr.family == AF_INET)
++        if (server->udp_socket == ARES_SOCKET_BAD) {
++          read_len = -1;
++        } else {
++          if (server->addr.family == AF_INET) {
+             fromlen = sizeof(from.sa4);
+-          else
++          } else {
+             fromlen = sizeof(from.sa6);
+-          count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+-                                  sizeof(buf), 0, &from.sa, &fromlen);
++          }
++          read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
++                                     sizeof(buf), 0, &from.sa, &fromlen);
+         }
+ 
+-        if (count == -1 && try_again(SOCKERRNO))
++        if (read_len == 0) {
++          /* UDP is connectionless, so result code of 0 is a 0-length UDP
++           * packet, and not an indication the connection is closed like on
++           * tcp */
+           continue;
+-        else if (count <= 0)
++        } else if (read_len < 0) {
++          if (try_again(SOCKERRNO))
++            continue;
++
+           handle_error(channel, i, now);
++
+ #ifdef HAVE_RECVFROM
+-        else if (!same_address(&from.sa, &server->addr))
++        } else if (!same_address(&from.sa, &server->addr)) {
+           /* The address the response comes from does not match the address we
+            * sent the request to. Someone may be attempting to perform a cache
+            * poisoning attack. */
+-          break;
++          continue;
+ #endif
+-        else
+-          process_answer(channel, buf, (int)count, i, 0, now);
+-       } while (count > 0);
++
++        } else {
++          process_answer(channel, buf, (int)read_len, i, 0, now);
++        }
++      } while (read_len >= 0);
+     }
+ }
+ 
+-- 
+2.38.1
+
diff --git a/SPECS/c-ares.spec b/SPECS/c-ares.spec
index e5487c8..89fde6d 100644
--- a/SPECS/c-ares.spec
+++ b/SPECS/c-ares.spec
@@ -3,7 +3,7 @@
 Summary: A library that performs asynchronous DNS operations
 Name: c-ares
 Version: 1.17.1
-Release: 5%{?dist}
+Release: 5%{?dist}.1
 License: MIT
 URL: http://c-ares.haxx.se/
 Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz
@@ -11,6 +11,8 @@ Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz
 Source1: LICENSE
 Patch0: 0001-Use-RPM-compiler-options.patch
 Patch1: 0002-fix-CVE-2021-3672.patch
+Patch2: 0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
+
 BuildRequires: gcc
 %if %{use_cmake}
 BuildRequires: cmake
@@ -83,6 +85,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
 %{_mandir}/man3/ares_*
 
 %changelog
+* Wed May 31 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5.1
+- Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z]
+
 * Fri Nov 26 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5
 - Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9]