rpms/c-ares
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c10s
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c9s
rpms:c9-beta
rpms:imports/c10s/c-ares-1.25.0-6.el10
rpms:imports/c8/c-ares-1.13.0-11.el8_10
rpms:imports/c10s/c-ares-1.25.0-5.el10
rpms:imports/c9/c-ares-1.19.1-2.el9_4
rpms:imports/c8/c-ares-1.13.0-10.el8
rpms:imports/c9/c-ares-1.19.1-1.el9
rpms:imports/c8/c-ares-1.13.0-9.el8_9.1
rpms:imports/c8-beta/c-ares-1.13.0-8.el8
rpms:imports/c9-beta/c-ares-1.19.1-1.el9
rpms:imports/c8/c-ares-1.13.0-6.el8_8.2
rpms:imports/c9/c-ares-1.17.1-5.el9_2.1
rpms:imports/c9/c-ares-1.17.1-5.el9
rpms:imports/c8/c-ares-1.13.0-6.el8
rpms:imports/c8-beta/c-ares-1.13.0-6.el8
rpms:imports/c9-beta/c-ares-1.17.1-5.el9
rpms:imports/c9-beta/c-ares-1.17.1-4.el9
rpms:imports/c8s/c-ares-1.13.0-6.el8
rpms:imports/c8-beta/c-ares-1.13.0-5.el8
rpms:imports/c8/c-ares-1.13.0-5.el8
rpms:imports/c8s/c-ares-1.13.0-5.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c10s
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:imports/c10s/c-ares-1.25.0-6.el10
rpms:imports/c8/c-ares-1.13.0-11.el8_10
rpms:imports/c10s/c-ares-1.25.0-5.el10
rpms:imports/c9/c-ares-1.19.1-2.el9_4
rpms:imports/c8/c-ares-1.13.0-10.el8
rpms:imports/c9/c-ares-1.19.1-1.el9
rpms:imports/c8/c-ares-1.13.0-9.el8_9.1
rpms:imports/c8-beta/c-ares-1.13.0-8.el8
rpms:imports/c9-beta/c-ares-1.19.1-1.el9
rpms:imports/c8/c-ares-1.13.0-6.el8_8.2
rpms:imports/c9/c-ares-1.17.1-5.el9_2.1
rpms:imports/c9/c-ares-1.17.1-5.el9
rpms:imports/c8/c-ares-1.13.0-6.el8
rpms:imports/c8-beta/c-ares-1.13.0-6.el8
rpms:imports/c9-beta/c-ares-1.17.1-5.el9
rpms:imports/c9-beta/c-ares-1.17.1-4.el9
rpms:imports/c8s/c-ares-1.13.0-6.el8
rpms:imports/c8-beta/c-ares-1.13.0-5.el8
rpms:imports/c8/c-ares-1.13.0-5.el8
rpms:imports/c8s/c-ares-1.13.0-5.el8

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

13 changed files with 95 additions and 761 deletions
Show Stats Expand all files Collapse all files

1
.c-ares.metadata Normal file
View File

@ -0,0 +1 @@
99566278e4ed4b261891aa62c8b88227bf1a2823 SOURCES/c-ares-1.19.1.tar.gz

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/c-ares-1.13.0.tar.gz
/c-ares-1.13.0.tar.gz
SOURCES/c-ares-1.19.1.tar.gz

198
0002-fix-CVE-2021-3672.patch
View File

@ -1,198 +0,0 @@
From 4bde615c5fa2a6a6f61ca533e46a062691d83f45 Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Fri, 11 Jun 2021 11:27:45 -0400
Subject: [PATCH 1/2] ares_expand_name() should escape more characters
RFC1035 5.1 specifies some reserved characters and escaping sequences
that are allowed to be specified. Expand the list of reserved characters
and also escape non-printable characters using the \DDD format as
specified in the RFC.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
---
ares_expand_name.c | 41 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/ares_expand_name.c b/ares_expand_name.c
index 3a38e67..8604543 100644
--- a/ares_expand_name.c
+++ b/ares_expand_name.c
@@ -38,6 +38,26 @@
static int name_length(const unsigned char *encoded, const unsigned char *abuf,
int alen);
+/* Reserved characters for names that need to be escaped */
+static int is_reservedch(int ch)
+{
+ switch (ch) {
+ case '"':
+ case '.':
+ case ';':
+ case '\\':
+ case '(':
+ case ')':
+ case '@':
+ case '$':
+ return 1;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
/* Expand an RFC1035-encoded domain name given by encoded. The
* containing message is given by abuf and alen. The result given by
* *s, which is set to a NUL-terminated allocated buffer. *enclen is
@@ -117,9 +137,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
p++;
while (len--)
{
- if (*p == '.' || *p == '\\')
+ if (!isprint(*p)) {
+ /* Output as \DDD for consistency with RFC1035 5.1 */
+ *q++ = '\\';
+ *q++ = '0' + *p / 100;
+ *q++ = '0' + (*p % 100) / 10;
+ *q++ = '0' + (*p % 10);
+ } else if (is_reservedch(*p)) {
*q++ = '\\';
- *q++ = *p;
+ *q++ = *p;
+ } else {
+ *q++ = *p;
+ }
p++;
}
*q++ = '.';
@@ -177,7 +206,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
encoded++;
while (offset--)
{
- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
+ if (!isprint(*encoded)) {
+ n += 4;
+ } else if (is_reservedch(*encoded)) {
+ n += 2;
+ } else {
+ n += 1;
+ }
encoded++;
}
n++;
--
2.26.3
From 86cc9241f89c1155111b992ccc03bf76d8ae634a Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Fri, 11 Jun 2021 12:39:24 -0400
Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root
name response
Fixes issue introduced in prior commit with formatting and handling
of parsing a root name response which should not be escaped.
Fix By: Brad House
---
ares_expand_name.c | 62 ++++++++++++++++++++++++++++++----------------
1 file changed, 40 insertions(+), 22 deletions(-)
diff --git a/ares_expand_name.c b/ares_expand_name.c
index 8604543..f89ee3f 100644
--- a/ares_expand_name.c
+++ b/ares_expand_name.c
@@ -133,27 +133,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
}
else
{
- len = *p;
+ int name_len = *p;
+ len = name_len;
p++;
+
while (len--)
{
- if (!isprint(*p)) {
- /* Output as \DDD for consistency with RFC1035 5.1 */
- *q++ = '\\';
- *q++ = '0' + *p / 100;
- *q++ = '0' + (*p % 100) / 10;
- *q++ = '0' + (*p % 10);
- } else if (is_reservedch(*p)) {
- *q++ = '\\';
- *q++ = *p;
- } else {
- *q++ = *p;
- }
+ /* Output as \DDD for consistency with RFC1035 5.1, except
+ * for the special case of a root name response */
+ if (!isprint(*p) && !(name_len == 1 && *p == 0))
+ {
+
+ *q++ = '\\';
+ *q++ = '0' + *p / 100;
+ *q++ = '0' + (*p % 100) / 10;
+ *q++ = '0' + (*p % 10);
+ }
+ else if (is_reservedch(*p))
+ {
+ *q++ = '\\';
+ *q++ = *p;
+ }
+ else
+ {
+ *q++ = *p;
+ }
p++;
}
*q++ = '.';
}
- }
+ }
+
if (!indir)
*enclen = aresx_uztosl(p + 1U - encoded);
@@ -200,21 +210,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
}
else if (top == 0x00)
{
- offset = *encoded;
+ int name_len = *encoded;
+ offset = name_len;
if (encoded + offset + 1 >= abuf + alen)
return -1;
encoded++;
+
while (offset--)
{
- if (!isprint(*encoded)) {
- n += 4;
- } else if (is_reservedch(*encoded)) {
- n += 2;
- } else {
- n += 1;
- }
+ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0))
+ {
+ n += 4;
+ }
+ else if (is_reservedch(*encoded))
+ {
+ n += 2;
+ }
+ else
+ {
+ n += 1;
+ }
encoded++;
}
+
n++;
}
else
--
2.26.3

64
0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
View File

@ -1,64 +0,0 @@
From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001
From: hopper-vul <118949689+hopper-vul@users.noreply.github.com>
Date: Wed, 18 Jan 2023 22:14:26 +0800
Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow
(#497)
In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
the input str and initialize a sortlist configuration.
However, ares_set_sortlist has not any checks about the validity of the input str.
It is very easy to create an arbitrary length stack overflow with the unchecked
`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
statements in the config_sortlist call, which could potentially cause severe
security impact in practical programs.
This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
potential stack overflows.
fixes #496
Fix By: @hopper-vul
---
ares_init.c | 4 ++++
test/ares-test-init.cc | 2 ++
2 files changed, 6 insertions(+)
diff --git a/ares_init.c b/ares_init.c
index f7b700b..5aad7c8 100644
--- a/ares_init.c
+++ b/ares_init.c
@@ -2065,6 +2065,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
q = str;
while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
q++;
+ if (q-str >= 16)
+ return ARES_EBADSTR;
memcpy(ipbuf, str, q-str);
ipbuf[q-str] = '\0';
/* Find the prefix */
@@ -2073,6 +2075,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
const char *str2 = q+1;
while (*q && *q != ';' && !ISSPACE(*q))
q++;
+ if (q-str >= 32)
+ return ARES_EBADSTR;
memcpy(ipbufpfx, str, q-str);
ipbufpfx[q-str] = '\0';
str = str2;
diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc
index 63c6a22..ee84518 100644
--- a/test/ares-test-init.cc
+++ b/test/ares-test-init.cc
@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) {
TEST_F(DefaultChannelTest, SetSortlistFailures) {
EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
+ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
+ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
}
--
2.37.3

82
0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
View File

@ -1,82 +0,0 @@
From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Mon, 22 May 2023 06:51:49 -0400
Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
---
ares_process.c | 41 +++++++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 16 deletions(-)
diff --git a/ares_process.c b/ares_process.c
index bf0cde4..6cac0a9 100644
--- a/ares_process.c
+++ b/ares_process.c
@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
{
struct server_state *server;
int i;
- ares_ssize_t count;
+ ares_ssize_t read_len;
unsigned char buf[MAXENDSSZ + 1];
#ifdef HAVE_RECVFROM
ares_socklen_t fromlen;
@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
/* To reduce event loop overhead, read and process as many
* packets as we can. */
do {
- if (server->udp_socket == ARES_SOCKET_BAD)
- count = 0;
-
- else {
- if (server->addr.family == AF_INET)
+ if (server->udp_socket == ARES_SOCKET_BAD) {
+ read_len = -1;
+ } else {
+ if (server->addr.family == AF_INET) {
fromlen = sizeof(from.sa4);
- else
+ } else {
fromlen = sizeof(from.sa6);
- count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
- sizeof(buf), 0, &from.sa, &fromlen);
+ }
+ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+ sizeof(buf), 0, &from.sa, &fromlen);
}
- if (count == -1 && try_again(SOCKERRNO))
+ if (read_len == 0) {
+ /* UDP is connectionless, so result code of 0 is a 0-length UDP
+ * packet, and not an indication the connection is closed like on
+ * tcp */
continue;
- else if (count <= 0)
+ } else if (read_len < 0) {
+ if (try_again(SOCKERRNO))
+ continue;
+
handle_error(channel, i, now);
+
#ifdef HAVE_RECVFROM
- else if (!same_address(&from.sa, &server->addr))
+ } else if (!same_address(&from.sa, &server->addr)) {
/* The address the response comes from does not match the address we
* sent the request to. Someone may be attempting to perform a cache
* poisoning attack. */
- break;
+ continue;
#endif
- else
- process_answer(channel, buf, (int)count, i, 0, now);
- } while (count > 0);
+
+ } else {
+ process_answer(channel, buf, (int)read_len, i, 0, now);
+ }
+ } while (read_len >= 0);
}
}
--
2.38.1

30
0005-avoid-read-heap-buffer-overflow-332.patch
View File

@ -1,30 +0,0 @@
From 65f83b8bf15a128524ef5fe26e1f1e219ee9b872 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 1 Sep 2023 20:00:12 +0200
Subject: [PATCH] avoid read-heap-buffer-overflow (#332)
Fix invalid read in ares_parse_soa_reply.c found during fuzzing
Fixes Bug: #333
Fix By: lutianxiong (@ltx2018)
---
ares_parse_soa_reply.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
index 35af0a7..5924bbc 100644
--- a/ares_parse_soa_reply.c
+++ b/ares_parse_soa_reply.c
@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
if (status != ARES_SUCCESS)
goto failed_stat;
+
+ if (alen <= len + HFIXEDSZ + 1)
+ goto failed;
aptr += len;
/* skip qtype & qclass */
--
2.38.1

294
0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch
View File

@ -1,294 +0,0 @@
From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Mon, 22 May 2023 06:51:34 -0400
Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v
* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
* Always use our own IP conversion functions now, do not delegate to OS
so we can have consistency in testing and fuzzing.
Fix By: Brad House (@bradh352)
---
inet_net_pton.c | 155 ++++++++++++++++++++-----------------
diff --git a/inet_net_pton.c b/inet_net_pton.c
index 840de50..fc50425 100644
--- a/inet_net_pton.c
+++ b/inet_net_pton.c
@@ -1,19 +1,20 @@
/*
- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
* Copyright (c) 1996,1999 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
*/
#include "ares_setup.h"
@@ -35,9 +36,6 @@
const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
-
-#ifndef HAVE_INET_NET_PTON
-
/*
* static int
* inet_net_pton_ipv4(src, dst, size)
@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,
* Paul Vixie (ISC), June 1996
*/
static int
-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
{
static const char xdigits[] = "0123456789abcdef";
static const char digits[] = "0123456789";
@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp)
}
static int
-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+ares_inet_pton6(const char *src, unsigned char *dst)
{
static const char xdigits_l[] = "0123456789abcdef",
- xdigits_u[] = "0123456789ABCDEF";
+ xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
- int ch, saw_xdigit;
+ int ch, saw_xdigit, count_xdigit;
unsigned int val;
- int digits;
- int bits;
- size_t bytes;
- int words;
- int ipv4;
memset((tp = tmp), '\0', NS_IN6ADDRSZ);
endp = tp + NS_IN6ADDRSZ;
@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
if (*++src != ':')
goto enoent;
curtok = src;
- saw_xdigit = 0;
+ saw_xdigit = count_xdigit = 0;
val = 0;
- digits = 0;
- bits = -1;
- ipv4 = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
pch = strchr((xdigits = xdigits_u), ch);
if (pch != NULL) {
+ if (count_xdigit >= 4)
+ goto enoent;
val <<= 4;
- val |= aresx_sztoui(pch - xdigits);
- if (++digits > 4)
+ val |= (pch - xdigits);
+ if (val > 0xffff)
goto enoent;
saw_xdigit = 1;
+ count_xdigit++;
continue;
}
if (ch == ':') {
@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
goto enoent;
colonp = tp;
continue;
- } else if (*src == '\0')
+ } else if (*src == '\0') {
goto enoent;
+ }
if (tp + NS_INT16SZ > endp)
- return (0);
- *tp++ = (unsigned char)((val >> 8) & 0xff);
- *tp++ = (unsigned char)(val & 0xff);
+ goto enoent;
+ *tp++ = (unsigned char) (val >> 8) & 0xff;
+ *tp++ = (unsigned char) val & 0xff;
saw_xdigit = 0;
- digits = 0;
+ count_xdigit = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
- getv4(curtok, tp, &bits) > 0) {
- tp += NS_INADDRSZ;
+ ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
+ tp += INADDRSZ;
saw_xdigit = 0;
- ipv4 = 1;
+ count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
- if (ch == '/' && getbits(src, &bits) > 0)
- break;
goto enoent;
}
if (saw_xdigit) {
if (tp + NS_INT16SZ > endp)
goto enoent;
- *tp++ = (unsigned char)((val >> 8) & 0xff);
- *tp++ = (unsigned char)(val & 0xff);
+ *tp++ = (unsigned char) (val >> 8) & 0xff;
+ *tp++ = (unsigned char) val & 0xff;
}
- if (bits == -1)
- bits = 128;
-
- words = (bits + 15) / 16;
- if (words < 2)
- words = 2;
- if (ipv4)
- words = 8;
- endp = tmp + 2 * words;
-
if (colonp != NULL) {
/*
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
- const ares_ssize_t n = tp - colonp;
- ares_ssize_t i;
+ const int n = tp - colonp;
+ int i;
if (tp == endp)
goto enoent;
for (i = 1; i <= n; i++) {
- *(endp - i) = *(colonp + n - i);
- *(colonp + n - i) = 0;
+ endp[- i] = colonp[n - i];
+ colonp[n - i] = 0;
}
tp = endp;
}
if (tp != endp)
goto enoent;
- bytes = (bits + 7) / 8;
- if (bytes > size)
- goto emsgsize;
- memcpy(dst, tmp, bytes);
- return (bits);
+ memcpy(dst, tmp, NS_IN6ADDRSZ);
+ return (1);
- enoent:
+enoent:
SET_ERRNO(ENOENT);
return (-1);
- emsgsize:
+emsgsize:
SET_ERRNO(EMSGSIZE);
return (-1);
}
+static int
+ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+{
+ struct ares_in6_addr in6;
+ int ret;
+ int bits;
+ size_t bytes;
+ char buf[INET6_ADDRSTRLEN + sizeof("/128")];
+ char *sep;
+ const char *errstr;
+
+ if (strlen(src) >= sizeof buf) {
+ SET_ERRNO(EMSGSIZE);
+ return (-1);
+ }
+ strncpy(buf, src, sizeof buf);
+
+ sep = strchr(buf, '/');
+ if (sep != NULL)
+ *sep++ = '\0';
+
+ ret = ares_inet_pton6(buf, (unsigned char *)&in6);
+ if (ret != 1)
+ return (-1);
+
+ if (sep == NULL)
+ bits = 128;
+ else {
+ if (!getbits(sep, &bits)) {
+ SET_ERRNO(ENOENT);
+ return (-1);
+ }
+ }
+
+ bytes = (bits + 7) / 8;
+ if (bytes > size) {
+ SET_ERRNO(EMSGSIZE);
+ return (-1);
+ }
+ memcpy(dst, &in6, bytes);
+ return (bits);
+}
+
/*
* int
* inet_net_pton(af, src, dst, size)
@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
{
switch (af) {
case AF_INET:
- return (inet_net_pton_ipv4(src, dst, size));
+ return (ares_inet_net_pton_ipv4(src, dst, size));
case AF_INET6:
- return (inet_net_pton_ipv6(src, dst, size));
+ return (ares_inet_net_pton_ipv6(src, dst, size));
default:
SET_ERRNO(EAFNOSUPPORT);
return (-1);
}
}
-#endif /* HAVE_INET_NET_PTON */
-
-#ifndef HAVE_INET_PTON
int ares_inet_pton(int af, const char *src, void *dst)
{
int result;
@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst)
return 0;
return (result > -1 ? 1 : -1);
}
-#else /* HAVE_INET_PTON */
-int ares_inet_pton(int af, const char *src, void *dst)
-{
- /* just relay this to the underlying function */
- return inet_pton(af, src, dst);
-}
-
-#endif
--
2.41.0

33
0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
View File

@ -1,33 +0,0 @@
From 5fdda1a5891f8828075225975fbdef1d3e87fb57 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 11 Mar 2024 20:46:09 +0100
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
Backported from
https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
---
ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/ares__read_line.c b/ares__read_line.c
index c62ad2a..d6625a3 100644
--- a/ares__read_line.c
+++ b/ares__read_line.c
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
if (!fgets(*buf + offset, bytestoread, fp))
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
len = offset + strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n')
{
(*buf)[len - 1] = 0;
--
2.42.0

0
0001-Use-RPM-compiler-options.patch → SOURCES/0001-Use-RPM-compiler-options.patch
View File

0
LICENSE → SOURCES/LICENSE
View File

143
c-ares.spec → SPECS/c-ares.spec
View File

@ -1,109 +1,152 @@
%global use_cmake 1
Summary: A library that performs asynchronous DNS operations
Name: c-ares
Version: 1.13.0
Release: 11%{?dist}
Version: 1.19.1
Release: 1%{?dist}
License: MIT
Group: System Environment/Libraries
URL: http://c-ares.haxx.se/
Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz
URL: http://c-ares.org/
Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz
# The license can be obtained at http://c-ares.haxx.se/license.html
Source1: LICENSE
Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: 0002-fix-CVE-2021-3672.patch
Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch
Patch6: 0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gcc
%if %{use_cmake}
BuildRequires: cmake
%else
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
%endif
BuildRequires: make
%description
c-ares is a C library that performs DNS requests and name resolves
asynchronously. c-ares is a fork of the library named 'ares', written
c-ares is a C library that performs DNS requests and name resolves
asynchronously. c-ares is a fork of the library named 'ares', written
by Greg Hudson at MIT.
%package devel
Summary: Development files for c-ares
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains the header files and libraries needed to
compile applications or shared objects that use c-ares.
%prep
%setup -q
%patch0 -p1 -b .optflags
%patch1 -p1 -b .dns
%patch2 -p1 -b .sortlist
%patch3 -p1 -b .udp
%patch4 -p1 -b .buffer
%patch5 -p1 -b .underwrite
%patch6 -p1 -b .bounds
%autosetup -p1
cp %{SOURCE1} .
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
%build
# autoreconf -if
# %%configure --enable-shared --disable-static \
# --disable-dependency-tracking
%if %{use_cmake}
%{cmake} -DCMAKE_INSTALL_LIBDIR:PATH="%{_libdir}" -DCARES_BUILD_TOOLS:BOOL=OFF
%cmake_build
%else
autoreconf -if
%configure --enable-shared --disable-static \
--disable-dependency-tracking
%{__make} %{?_smp_mflags}
%endif
%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install
%if %{use_cmake}
%cmake_install
%else
%make_install
rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%ldconfig_scriptlets
%files
%defattr(-, root, root)
%doc README.cares CHANGES NEWS LICENSE
%license LICENSE
%doc README.cares CHANGES NEWS
%{_libdir}/*.so.*
%files devel
%defattr(-, root, root, 0755)
%{_includedir}/ares.h
%{_includedir}/ares_build.h
%{_includedir}/ares_dns.h
%{_includedir}/ares_nameser.h
%{_includedir}/ares_rules.h
%{_includedir}/ares_version.h
%{_libdir}/*.so
%if %{use_cmake}
%{_libdir}/cmake/c-ares/
%endif
%{_libdir}/pkgconfig/libcares.pc
%{_mandir}/man3/ares_*
%changelog
* Tue Mar 12 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-11
- Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]
* Fri May 26 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-1
- Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9]
- Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9]
- Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9]
- Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0]
- Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3
* Wed Oct 4 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-10
- Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8]
* Fri May 12 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-6
- Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9]
* Fri Sep 8 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-9
- Resolves: rhbz#2235805 - read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8]
* Fri Nov 26 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5
- Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9]
* Mon May 29 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-8
- Resolves: rhbz#2209517 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.9.0]
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.1-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri May 12 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-7
- Resolves: rhbz#2170867 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-8]
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Oct 15 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-6
- Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8]
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Aug 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-5
- Drop an unused patch
* Fri Nov 20 2020 Tom Callaway <spot@fedoraproject.org> - 1.17.1-1
- update to 1.17.1
* Tue Nov 17 2020 Tom Callaway <spot@fedoraproject.org> - 1.17.0-1
- update to 1.17.0
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.16.1-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Mon May 11 2020 Tom Callaway <spot@fedoraproject.org> - 1.16.1-1
- update to 1.16.1
* Fri Mar 13 2020 Tom Callaway <spot@fedoraproject.org> - 1.16.0-1
- update to 1.16.0
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Mar 12 2019 Tom Callaway <spot@fedoraproject.org> - 1.15.0-3
- use cmake to build so we get cmake helpers (bz1687844)
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-1
- Update to the latest upstream
* Mon Sep 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-1
- Update to the latest upstream
- Resolves: rhbz#1624499 - RFE: New c-ares release 1.14.0 available
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

7
gating.yaml
View File

@ -1,7 +0,0 @@
# recipients: sssd-qe
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier0.revdep}

1
sources
View File

@ -1 +0,0 @@
SHA512 (c-ares-1.13.0.tar.gz) = 4a7942e754673f5b8d55a7471e31b0f390e8324b14c12077580c956147fad4d165c7fe8a3190199b1add95c710ceeb1a7957706d4f0d6299d39c5dddc719bd9d