update c-ares version to 1.16.1

2020-07-22 13:45:16 +08:00 · 2020-07-22 13:45:16 +08:00 · 47b6c16a88
commit 47b6c16a88
parent 27d311751d
7 changed files with 113 additions and 4 deletions
--- a/0000-Use-RPM-compiler-options.patch
+++ b/0000-Use-RPM-compiler-options.patch
--- a/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch
+++ b/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch
@ -0,0 +1,25 @@
+commit 1b98172b141fe874ad43e679e67506f9b2139043
+Author: lutianxiong <50396812+ltx2018@users.noreply.github.com>
+Date:   Fri May 22 20:02:21 2020 +0800
+
+    avoid read-heap-buffer-overflow (#332)
+    
+    Fix invalid read in ares_parse_soa_reply.c found during fuzzing
+    
+    Fixes Bug: #333
+    Fix By: lutianxiong (@ltx2018)
+
+diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
+index 2a2cac8..7cfaed2 100644
+--- a/ares_parse_soa_reply.c
+++ b/ares_parse_soa_reply.c
+@@ -69,6 +69,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
+   status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
+   if (status != ARES_SUCCESS)
+     goto failed_stat;
+
+  if (alen <= len + HFIXEDSZ + 1)
+    goto failed;
+   aptr += len;
+ 
+   qclass = DNS_QUESTION_TYPE(aptr);
--- a/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch
+++ b/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch
@ -0,0 +1,38 @@
+From 4c02944ef1cedb9460825d28b4e5c27988d04dba Mon Sep 17 00:00:00 2001
+From: Ivan Baidakou <the.dmol@yandex.by>
+Date: Tue, 12 May 2020 14:22:33 +0300
+Subject: [PATCH] Fix: sizeof(sizeof(addr.saX)) -> sizeof(addr.saX) in
+ readaddrinfo (#331)
+
+Looks like a sed-gone-wrong, a sizeof inside of a sizeof.
+
+Fix By: Ivan Baidakou (@basiliscos)
+---
+ ares__readaddrinfo.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ares__readaddrinfo.c b/ares__readaddrinfo.c
+index dd3abe2..89fea83 100644
+--- a/ares__readaddrinfo.c
+++ b/ares__readaddrinfo.c
+@@ -179,7 +179,7 @@ int ares__readaddrinfo(FILE *fp,
+                 }
+ 
+               node->ai_family = addr.sa.sa_family = AF_INET;
+-              node->ai_addrlen = sizeof(sizeof(addr.sa4));
+              node->ai_addrlen = sizeof(addr.sa4);
+               node->ai_addr = ares_malloc(sizeof(addr.sa4));
+               if (!node->ai_addr)
+                 {
+@@ -200,7 +200,7 @@ int ares__readaddrinfo(FILE *fp,
+                 }
+ 
+               node->ai_family = addr.sa.sa_family = AF_INET6;
+-              node->ai_addrlen = sizeof(sizeof(addr.sa6));
+              node->ai_addrlen = sizeof(addr.sa6);
+               node->ai_addr = ares_malloc(sizeof(addr.sa6));
+               if (!node->ai_addr)
+                 {
+-- 
+1.8.3.1
+
--- a/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch
+++ b/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch
@ -0,0 +1,38 @@
+From 6d6cd5daf63b812734343bd020677829b13db2ac Mon Sep 17 00:00:00 2001
+From: Fionn Fitzmaurice <1897918+fionn@users.noreply.github.com>
+Date: Fri, 3 Jul 2020 07:39:54 +0800
+Subject: [PATCH] Avoid buffer overflow in RC4 loop comparison (#336)
+
+The rc4 function iterates over a buffer of size buffer_len who's maximum
+value is INT_MAX with a counter of type short that is not guaranteed to
+have maximum size INT_MAX.
+
+In circumstances where short is narrower than int and where buffer_len
+is larger than the maximum value of a short, it may be possible to loop
+infinitely as counter will overflow and never be greater than or equal
+to buffer_len.
+
+The solution is to make the comparison be between types of equal width.
+This commit defines counter as an int.
+
+Fix By: Fionn Fitzmaurice (@fionn)
+---
+ ares_query.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ares_query.c b/ares_query.c
+index b38b8a6..5bbb2f5 100644
+--- a/ares_query.c
+++ b/ares_query.c
+@@ -45,7 +45,7 @@ static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
+   unsigned char y;
+   unsigned char* state;
+   unsigned char xorIndex;
+-  short counter;
+  int counter;
+ 
+   x = key->x;
+   y = key->y;
+-- 
+1.8.3.1
+
--- a/c-ares-1.15.0.tar.gz
+++ b/c-ares-1.15.0.tar.gz
--- a/c-ares-1.16.1.tar.gz
+++ b/c-ares-1.16.1.tar.gz
--- a/c-ares.spec
+++ b/c-ares.spec
@ -1,5 +1,5 @@
 Name:           c-ares
-Version:        1.15.0
+Version:        1.16.1
 Release:        1
 Summary:        A C library for asynchronous DNS requests

@ -9,7 +9,10 @@ Source0:        https://github.com/c-ares/c-ares/releases/tag/%{name}-%{version}

 BuildRequires:  gcc autoconf automake libtool
 # Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR
-Patch0:         0001-Use-RPM-compiler-options.patch
+Patch0000:     0000-Use-RPM-compiler-options.patch
+Patch0001:     0001-Fix-invalid-read-in-ares_parse_soa_reply.patch
+Patch0002:     0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch
+Patch0003:     0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch
 %description
 This is c-ares, an asynchronous resolver library. It is intended for applications
 which need to perform DNS queries without blocking, or need to perform multiple
@ -39,8 +42,7 @@ make %{?_smp_mflags}

 %files
 %doc CHANGES LICENSE.md
-%{_libdir}/libcares.so.2.3.0
-%{_libdir}/libcares.so.2
+%{_libdir}/*.so.*

 %files devel
 %{_libdir}/pkgconfig/*.pc
@ -53,5 +55,11 @@ make %{?_smp_mflags}
 %{_mandir}/man3/*

 %changelog
+* Wed Jul 22 2020 gaihuiying <gaihuiying1@huawei.com> - 1.16.1-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update c-ares version to 1.16.1
+
 * Mon Sep 09 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.15.0-1
 - Package Init