c-ares/SOURCES/0005-avoid-read-heap-buffer-overflow-332.patch

From 65f83b8bf15a128524ef5fe26e1f1e219ee9b872 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 1 Sep 2023 20:00:12 +0200
Subject: [PATCH] avoid read-heap-buffer-overflow (#332)

Fix invalid read in ares_parse_soa_reply.c found during fuzzing

Fixes Bug: #333
Fix By: lutianxiong (@ltx2018)
---
 ares_parse_soa_reply.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
index 35af0a7..5924bbc 100644
--- a/ares_parse_soa_reply.c
+++ b/ares_parse_soa_reply.c
@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
   status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
   if (status != ARES_SUCCESS)
     goto failed_stat;
+
+  if (alen <= len + HFIXEDSZ + 1)
+    goto failed;
   aptr += len;
 
   /* skip qtype & qclass */
-- 
2.38.1