rpms/c-ares
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-30025 - Out of bounds read in ares__read_line() [rhel-10.0]

Browse Source
This commit is contained in:
Alexey Tikhonov 2024-03-26 18:18:57 +01:00
parent 8a2ad22f03
commit e6ad467a79
3 changed files with 36 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0001-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch Normal file
View File

@ -0,0 +1,31 @@
From a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Thu, 22 Feb 2024 16:23:33 -0500
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
---
src/lib/ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
index d65ac1f..018f55e 100644
--- a/src/lib/ares__read_line.c
+++ b/src/lib/ares__read_line.c
@@ -59,6 +59,14 @@ ares_status_t ares__read_line(FILE *fp, char **buf, size_t *bufsize)
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
}
len = offset + ares_strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n') {
(*buf)[len - 1] = 0;
break;
--
2.42.0

41
0001-Use-RPM-compiler-options.patch
View File

@ -1,41 +0,0 @@
From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 10 Apr 2013 12:32:44 -0400
Subject: [PATCH] Use RPM compiler options
---
m4/cares-compilers.m4 | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4
index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644
--- a/m4/cares-compilers.m4
+++ b/m4/cares-compilers.m4
@@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
- flags_dbg_all="-g -g0 -g1 -g2 -g3"
- flags_dbg_all="$flags_dbg_all -ggdb"
- flags_dbg_all="$flags_dbg_all -gstabs"
- flags_dbg_all="$flags_dbg_all -gstabs+"
- flags_dbg_all="$flags_dbg_all -gcoff"
- flags_dbg_all="$flags_dbg_all -gxcoff"
- flags_dbg_all="$flags_dbg_all -gdwarf-2"
- flags_dbg_all="$flags_dbg_all -gvms"
- flags_dbg_yes="-g"
- flags_dbg_off="-g0"
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
- flags_opt_yes="-O2"
- flags_opt_off="-O0"
+ flags_dbg_all=""
+ flags_dbg_yes=""
+ flags_dbg_off=""
+ flags_opt_all=""
+ flags_opt_yes=""
+ flags_opt_off=""
CURL_CHECK_DEF([_WIN32], [], [silent])
else
AC_MSG_RESULT([no])
--
1.8.1.4

6
c-ares.spec
View File

@ -3,10 +3,11 @@
Summary: A library that performs asynchronous DNS operations Summary: A library that performs asynchronous DNS operations
Name: c-ares Name: c-ares
Version: 1.25.0 Version: 1.25.0
Release: 3%{?dist} Release: 4%{?dist}
License: MIT License: MIT
URL: http://c-ares.org/ URL: http://c-ares.org/
Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz
Patch0: 0001-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
BuildRequires: gcc BuildRequires: gcc
%if %{use_cmake} %if %{use_cmake}
BuildRequires: cmake BuildRequires: cmake
@ -80,6 +81,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%{_mandir}/man3/ares_* %{_mandir}/man3/ares_*
%changelog %changelog
* Tue Mar 26 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.25.0-4
- Resolves: RHEL-30025 - Out of bounds read in ares__read_line() [rhel-10.0]
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.25.0-3 * Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.25.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild