Compare commits
No commits in common. "imports/c8/c-ares-1.13.0-6.el8_8.2" and "c8s" have entirely different histories.
imports/c8
...
c8s
|
|
@ -1,82 +0,0 @@
|
|||
From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
|
||||
From: Brad House <brad@brad-house.com>
|
||||
Date: Mon, 22 May 2023 06:51:49 -0400
|
||||
Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
|
||||
|
||||
---
|
||||
ares_process.c | 41 +++++++++++++++++++++++++----------------
|
||||
1 file changed, 25 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/ares_process.c b/ares_process.c
|
||||
index bf0cde4..6cac0a9 100644
|
||||
--- a/ares_process.c
|
||||
+++ b/ares_process.c
|
||||
@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
|
||||
{
|
||||
struct server_state *server;
|
||||
int i;
|
||||
- ares_ssize_t count;
|
||||
+ ares_ssize_t read_len;
|
||||
unsigned char buf[MAXENDSSZ + 1];
|
||||
#ifdef HAVE_RECVFROM
|
||||
ares_socklen_t fromlen;
|
||||
@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
|
||||
/* To reduce event loop overhead, read and process as many
|
||||
* packets as we can. */
|
||||
do {
|
||||
- if (server->udp_socket == ARES_SOCKET_BAD)
|
||||
- count = 0;
|
||||
-
|
||||
- else {
|
||||
- if (server->addr.family == AF_INET)
|
||||
+ if (server->udp_socket == ARES_SOCKET_BAD) {
|
||||
+ read_len = -1;
|
||||
+ } else {
|
||||
+ if (server->addr.family == AF_INET) {
|
||||
fromlen = sizeof(from.sa4);
|
||||
- else
|
||||
+ } else {
|
||||
fromlen = sizeof(from.sa6);
|
||||
- count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
|
||||
- sizeof(buf), 0, &from.sa, &fromlen);
|
||||
+ }
|
||||
+ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
|
||||
+ sizeof(buf), 0, &from.sa, &fromlen);
|
||||
}
|
||||
|
||||
- if (count == -1 && try_again(SOCKERRNO))
|
||||
+ if (read_len == 0) {
|
||||
+ /* UDP is connectionless, so result code of 0 is a 0-length UDP
|
||||
+ * packet, and not an indication the connection is closed like on
|
||||
+ * tcp */
|
||||
continue;
|
||||
- else if (count <= 0)
|
||||
+ } else if (read_len < 0) {
|
||||
+ if (try_again(SOCKERRNO))
|
||||
+ continue;
|
||||
+
|
||||
handle_error(channel, i, now);
|
||||
+
|
||||
#ifdef HAVE_RECVFROM
|
||||
- else if (!same_address(&from.sa, &server->addr))
|
||||
+ } else if (!same_address(&from.sa, &server->addr)) {
|
||||
/* The address the response comes from does not match the address we
|
||||
* sent the request to. Someone may be attempting to perform a cache
|
||||
* poisoning attack. */
|
||||
- break;
|
||||
+ continue;
|
||||
#endif
|
||||
- else
|
||||
- process_answer(channel, buf, (int)count, i, 0, now);
|
||||
- } while (count > 0);
|
||||
+
|
||||
+ } else {
|
||||
+ process_answer(channel, buf, (int)read_len, i, 0, now);
|
||||
+ }
|
||||
+ } while (read_len >= 0);
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.38.1
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A library that performs asynchronous DNS operations
|
||||
Name: c-ares
|
||||
Version: 1.13.0
|
||||
Release: 6%{?dist}.2
|
||||
Release: 6%{?dist}
|
||||
License: MIT
|
||||
Group: System Environment/Libraries
|
||||
URL: http://c-ares.haxx.se/
|
||||
|
|
@ -10,7 +10,6 @@ Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz
|
|||
Source1: LICENSE
|
||||
Patch0: 0001-Use-RPM-compiler-options.patch
|
||||
Patch1: 0002-fix-CVE-2021-3672.patch
|
||||
Patch2: 0003-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
|
|
@ -37,7 +36,6 @@ compile applications or shared objects that use c-ares.
|
|||
%setup -q
|
||||
%patch0 -p1 -b .optflags
|
||||
%patch1 -p1 -b .dns
|
||||
%patch2 -p1 -b .udp
|
||||
|
||||
cp %{SOURCE1} .
|
||||
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
|
||||
|
|
@ -76,9 +74,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man3/ares_*
|
||||
|
||||
%changelog
|
||||
* Wed May 31 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-6.1
|
||||
- Resolves: rhbz#2209516 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.8.0.z]
|
||||
|
||||
* Fri Oct 15 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-6
|
||||
- Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8]
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue