packages/c-ares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!61 update c-ares to 1.19.1

Browse Source 
From: @xinghe_1 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
This commit is contained in:
openeuler-ci-bot 2023-07-26 09:21:20 +00:00 committed by Gitee
commit e8d8163766
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
14 changed files with 10 additions and 1782 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

324
backport-001-CVE-2023-31130.patch
View File

@ -1,324 +0,0 @@
From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Mon, 22 May 2023 06:51:34 -0400
Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v
* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
* Always use our own IP conversion functions now, do not delegate to OS
so we can have consistency in testing and fuzzing.
* Removed bogus test cases that never should have passed.
* Add new test case for crash bug found.
Fix By: Brad House (@bradh352)
---
src/lib/inet_net_pton.c | 155 ++++++++++++++++++++-----------------
test/ares-test-internal.cc | 7 +-
2 files changed, 86 insertions(+), 76 deletions(-)
diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
index 840de50..fc50425 100644
--- a/src/lib/inet_net_pton.c
+++ b/src/lib/inet_net_pton.c
@@ -1,19 +1,20 @@
/*
- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
* Copyright (c) 1996,1999 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
*/
#include "ares_setup.h"
@@ -35,9 +36,6 @@
const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
-
-#ifndef HAVE_INET_NET_PTON
-
/*
* static int
* inet_net_pton_ipv4(src, dst, size)
@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,
* Paul Vixie (ISC), June 1996
*/
static int
-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
{
static const char xdigits[] = "0123456789abcdef";
static const char digits[] = "0123456789";
@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp)
}
static int
-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+ares_inet_pton6(const char *src, unsigned char *dst)
{
static const char xdigits_l[] = "0123456789abcdef",
- xdigits_u[] = "0123456789ABCDEF";
+ xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
- int ch, saw_xdigit;
+ int ch, saw_xdigit, count_xdigit;
unsigned int val;
- int digits;
- int bits;
- size_t bytes;
- int words;
- int ipv4;
memset((tp = tmp), '\0', NS_IN6ADDRSZ);
endp = tp + NS_IN6ADDRSZ;
@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
if (*++src != ':')
goto enoent;
curtok = src;
- saw_xdigit = 0;
+ saw_xdigit = count_xdigit = 0;
val = 0;
- digits = 0;
- bits = -1;
- ipv4 = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
pch = strchr((xdigits = xdigits_u), ch);
if (pch != NULL) {
+ if (count_xdigit >= 4)
+ goto enoent;
val <<= 4;
- val |= aresx_sztoui(pch - xdigits);
- if (++digits > 4)
+ val |= (pch - xdigits);
+ if (val > 0xffff)
goto enoent;
saw_xdigit = 1;
+ count_xdigit++;
continue;
}
if (ch == ':') {
@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
goto enoent;
colonp = tp;
continue;
- } else if (*src == '\0')
+ } else if (*src == '\0') {
goto enoent;
+ }
if (tp + NS_INT16SZ > endp)
- return (0);
- *tp++ = (unsigned char)((val >> 8) & 0xff);
- *tp++ = (unsigned char)(val & 0xff);
+ goto enoent;
+ *tp++ = (unsigned char) (val >> 8) & 0xff;
+ *tp++ = (unsigned char) val & 0xff;
saw_xdigit = 0;
- digits = 0;
+ count_xdigit = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
- getv4(curtok, tp, &bits) > 0) {
- tp += NS_INADDRSZ;
+ ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
+ tp += INADDRSZ;
saw_xdigit = 0;
- ipv4 = 1;
+ count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
- if (ch == '/' && getbits(src, &bits) > 0)
- break;
goto enoent;
}
if (saw_xdigit) {
if (tp + NS_INT16SZ > endp)
goto enoent;
- *tp++ = (unsigned char)((val >> 8) & 0xff);
- *tp++ = (unsigned char)(val & 0xff);
+ *tp++ = (unsigned char) (val >> 8) & 0xff;
+ *tp++ = (unsigned char) val & 0xff;
}
- if (bits == -1)
- bits = 128;
-
- words = (bits + 15) / 16;
- if (words < 2)
- words = 2;
- if (ipv4)
- words = 8;
- endp = tmp + 2 * words;
-
if (colonp != NULL) {
/*
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
- const ares_ssize_t n = tp - colonp;
- ares_ssize_t i;
+ const int n = tp - colonp;
+ int i;
if (tp == endp)
goto enoent;
for (i = 1; i <= n; i++) {
- *(endp - i) = *(colonp + n - i);
- *(colonp + n - i) = 0;
+ endp[- i] = colonp[n - i];
+ colonp[n - i] = 0;
}
tp = endp;
}
if (tp != endp)
goto enoent;
- bytes = (bits + 7) / 8;
- if (bytes > size)
- goto emsgsize;
- memcpy(dst, tmp, bytes);
- return (bits);
+ memcpy(dst, tmp, NS_IN6ADDRSZ);
+ return (1);
- enoent:
+enoent:
SET_ERRNO(ENOENT);
return (-1);
- emsgsize:
+emsgsize:
SET_ERRNO(EMSGSIZE);
return (-1);
}
+static int
+ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+{
+ struct ares_in6_addr in6;
+ int ret;
+ int bits;
+ size_t bytes;
+ char buf[INET6_ADDRSTRLEN + sizeof("/128")];
+ char *sep;
+ const char *errstr;
+
+ if (strlen(src) >= sizeof buf) {
+ SET_ERRNO(EMSGSIZE);
+ return (-1);
+ }
+ strncpy(buf, src, sizeof buf);
+
+ sep = strchr(buf, '/');
+ if (sep != NULL)
+ *sep++ = '\0';
+
+ ret = ares_inet_pton6(buf, (unsigned char *)&in6);
+ if (ret != 1)
+ return (-1);
+
+ if (sep == NULL)
+ bits = 128;
+ else {
+ if (!getbits(sep, &bits)) {
+ SET_ERRNO(ENOENT);
+ return (-1);
+ }
+ }
+
+ bytes = (bits + 7) / 8;
+ if (bytes > size) {
+ SET_ERRNO(EMSGSIZE);
+ return (-1);
+ }
+ memcpy(dst, &in6, bytes);
+ return (bits);
+}
+
/*
* int
* inet_net_pton(af, src, dst, size)
@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
{
switch (af) {
case AF_INET:
- return (inet_net_pton_ipv4(src, dst, size));
+ return (ares_inet_net_pton_ipv4(src, dst, size));
case AF_INET6:
- return (inet_net_pton_ipv6(src, dst, size));
+ return (ares_inet_net_pton_ipv6(src, dst, size));
default:
SET_ERRNO(EAFNOSUPPORT);
return (-1);
}
}
-#endif /* HAVE_INET_NET_PTON */
-
-#ifndef HAVE_INET_PTON
int ares_inet_pton(int af, const char *src, void *dst)
{
int result;
@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst)
return 0;
return (result > -1 ? 1 : -1);
}
-#else /* HAVE_INET_PTON */
-int ares_inet_pton(int af, const char *src, void *dst)
-{
- /* just relay this to the underlying function */
- return inet_pton(af, src, dst);
-}
-
-#endif
diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc
index 1cb7e42..40cc82b 100644
--- a/test/ares-test-internal.cc
+++ b/test/ares-test-internal.cc
@@ -123,6 +123,7 @@ TEST_F(LibraryTest, InetPtoN) {
EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6)));
EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6)));
EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+ EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6)));
// Various malformed versions
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4)));
@@ -160,11 +161,9 @@ TEST_F(LibraryTest, InetPtoN) {
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6)));
- // TODO(drysdale): check whether the next two tests should give -1.
- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
+ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
+ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6)));
- EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6)));
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6)));
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6)));
EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6)));
--
2.27.0

712
backport-001-CVE-2023-31147.patch
View File

@ -1,712 +0,0 @@
From 823df3b989e59465d17b0a2eb1239a5fc048b4e5 Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Mon, 22 May 2023 06:51:06 -0400
Subject: [PATCH] Merge pull request from GHSA-8r8p-23f3-64c2
* segment random number generation into own file
* abstract random code to make it more modular so we can have multiple backends
* rand: add support for arc4random_buf() and also direct CARES_RANDOM_FILE reading
* autotools: fix detection of arc4random_buf
* rework initial rc4 seed for PRNG as last fallback
* rc4: more proper implementation, simplified for clarity
* clarifications
Conflict:NA
Reference:https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5
---
CMakeLists.txt | 2 +
configure.ac | 1 +
m4/cares-functions.m4 | 85 +++++++++++
src/lib/Makefile.inc | 1 +
src/lib/ares_config.h.cmake | 3 +
src/lib/ares_destroy.c | 3 +
src/lib/ares_init.c | 89 ++----------
src/lib/ares_private.h | 19 ++-
src/lib/ares_query.c | 36 +----
src/lib/ares_rand.c | 274 ++++++++++++++++++++++++++++++++++++
10 files changed, 387 insertions(+), 126 deletions(-)
create mode 100644 src/lib/ares_rand.c
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3987d0ab7..e2290af10 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -393,6 +393,8 @@ CHECK_SYMBOL_EXISTS (strncasecmp "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCAS
CHECK_SYMBOL_EXISTS (strncmpi "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCMPI)
CHECK_SYMBOL_EXISTS (strnicmp "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNICMP)
CHECK_SYMBOL_EXISTS (writev "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_WRITEV)
+CHECK_SYMBOL_EXISTS (arc4random_buf "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_ARC4RANDOM_BUF)
+
# On Android, the system headers may define __system_property_get(), but excluded
# from libc. We need to perform a link test instead of a header/symbol test.
diff --git a/configure.ac b/configure.ac
index 7884cbb26..54e79d6e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -683,6 +683,7 @@ CARES_CHECK_FUNC_STRNCASECMP
CARES_CHECK_FUNC_STRNCMPI
CARES_CHECK_FUNC_STRNICMP
CARES_CHECK_FUNC_WRITEV
+CARES_CHECK_FUNC_ARC4RANDOM_BUF
dnl check for AF_INET6
diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4
index 0f3992c7f..d4f4f994c 100644
--- a/m4/cares-functions.m4
+++ b/m4/cares-functions.m4
@@ -3753,3 +3753,88 @@ AC_DEFUN([CARES_CHECK_FUNC_WRITEV], [
ac_cv_func_writev="no"
fi
])
+
+dnl CARES_CHECK_FUNC_ARC4RANDOM_BUF
+dnl -------------------------------------------------
+dnl Verify if arc4random_buf is available, prototyped, and
+dnl can be compiled. If all of these are true, and
+dnl usage has not been previously disallowed with
+dnl shell variable cares_disallow_arc4random_buf, then
+dnl HAVE_ARC4RANDOM_BUF will be defined.
+
+AC_DEFUN([CARES_CHECK_FUNC_ARC4RANDOM_BUF], [
+ AC_REQUIRE([CARES_INCLUDES_STDLIB])dnl
+ #
+ tst_links_arc4random_buf="unknown"
+ tst_proto_arc4random_buf="unknown"
+ tst_compi_arc4random_buf="unknown"
+ tst_allow_arc4random_buf="unknown"
+ #
+ AC_MSG_CHECKING([if arc4random_buf can be linked])
+ AC_LINK_IFELSE([
+ AC_LANG_FUNC_LINK_TRY([arc4random_buf])
+ ],[
+ AC_MSG_RESULT([yes])
+ tst_links_arc4random_buf="yes"
+ ],[
+ AC_MSG_RESULT([no])
+ tst_links_arc4random_buf="no"
+ ])
+ #
+ if test "$tst_links_arc4random_buf" = "yes"; then
+ AC_MSG_CHECKING([if arc4random_buf is prototyped])
+ AC_EGREP_CPP([arc4random_buf],[
+ $cares_includes_stdlib
+ ],[
+ AC_MSG_RESULT([yes])
+ tst_proto_arc4random_buf="yes"
+ ],[
+ AC_MSG_RESULT([no])
+ tst_proto_arc4random_buf="no"
+ ])
+ fi
+ #
+ if test "$tst_proto_arc4random_buf" = "yes"; then
+ AC_MSG_CHECKING([if arc4random_buf is compilable])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+ $cares_includes_stdlib
+ ]],[[
+ arc4random_buf(NULL, 0);
+ return 1;
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ tst_compi_arc4random_buf="yes"
+ ],[
+ AC_MSG_RESULT([no])
+ tst_compi_arc4random_buf="no"
+ ])
+ fi
+ #
+ if test "$tst_compi_arc4random_buf" = "yes"; then
+ AC_MSG_CHECKING([if arc4random_buf usage allowed])
+ if test "x$cares_disallow_arc4random_buf" != "xyes"; then
+ AC_MSG_RESULT([yes])
+ tst_allow_arc4random_buf="yes"
+ else
+ AC_MSG_RESULT([no])
+ tst_allow_arc4random_buf="no"
+ fi
+ fi
+ #
+ AC_MSG_CHECKING([if arc4random_buf might be used])
+ if test "$tst_links_arc4random_buf" = "yes" &&
+ test "$tst_proto_arc4random_buf" = "yes" &&
+ test "$tst_compi_arc4random_buf" = "yes" &&
+ test "$tst_allow_arc4random_buf" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED(HAVE_ARC4RANDOM_BUF, 1,
+ [Define to 1 if you have the arc4random_buf function.])
+ ac_cv_func_arc4random_buf="yes"
+ else
+ AC_MSG_RESULT([no])
+ ac_cv_func_arc4random_buf="no"
+ fi
+])
+
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 140378d67..49bbe6016 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -45,6 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c \
ares_platform.c \
ares_process.c \
ares_query.c \
+ ares_rand.c \
ares_search.c \
ares_send.c \
ares_strcasecmp.c \
diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake
index fddb78535..798820a3a 100644
--- a/src/lib/ares_config.h.cmake
+++ b/src/lib/ares_config.h.cmake
@@ -346,6 +346,9 @@
/* Define to 1 if you need the memory.h header file even with stdlib.h */
#cmakedefine NEED_MEMORY_H
+/* Define if have arc4random_buf() */
+#cmakedefine HAVE_ARC4RANDOM_BUF
+
/* a suitable file/device to read random data from */
#cmakedefine CARES_RANDOM_FILE "@CARES_RANDOM_FILE@"
diff --git a/src/lib/ares_destroy.c b/src/lib/ares_destroy.c
index 7ec2bde5a..62c899f82 100644
--- a/src/lib/ares_destroy.c
+++ b/src/lib/ares_destroy.c
@@ -95,6 +95,9 @@ void ares_destroy(ares_channel channel)
if (channel->resolvconf_path)
ares_free(channel->resolvconf_path);
+ if (channel->rand_state)
+ ares__destroy_rand_state(channel->rand_state);
+
ares_free(channel);
}
diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
index c7ca7af1b..0519f43e5 100644
--- a/src/lib/ares_init.c
+++ b/src/lib/ares_init.c
@@ -87,7 +76,6 @@ static int config_nameserver(struct server_state **servers, int *nservers,
static int set_search(ares_channel channel, const char *str);
static int set_options(ares_channel channel, const char *str);
static const char *try_option(const char *p, const char *q, const char *opt);
-static int init_id_key(rc4_key* key,int key_data_len);
static int config_sortlist(struct apattern **sortlist, int *nsort,
const char *str);
@@ -165,6 +153,7 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
channel->sock_funcs = NULL;
channel->sock_func_cb_data = NULL;
channel->resolvconf_path = NULL;
+ channel->rand_state = NULL;
channel->last_server = 0;
channel->last_timeout_processed = (time_t)now.tv_sec;
@@ -218,9 +207,13 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
/* Generate random key */
if (status == ARES_SUCCESS) {
- status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN);
+ channel->rand_state = ares__init_rand_state();
+ if (channel->rand_state == NULL) {
+ status = ARES_ENOMEM;
+ }
+
if (status == ARES_SUCCESS)
- channel->next_id = ares__generate_new_id(&channel->id_key);
+ channel->next_id = ares__generate_new_id(channel->rand_state);
else
DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n",
ares_strerror(status)));
@@ -242,6 +235,8 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
ares_free(channel->lookups);
if(channel->resolvconf_path)
ares_free(channel->resolvconf_path);
+ if (channel->rand_state)
+ ares__destroy_rand_state(channel->rand_state);
ares_free(channel);
return status;
}
@@ -2182,76 +2177,6 @@ static int sortlist_alloc(struct apattern **sortlist, int *nsort,
return 1;
}
-/* initialize an rc4 key. If possible a cryptographically secure random key
- is generated using a suitable function (for example win32's RtlGenRandom as
- described in
- http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
- otherwise the code defaults to cross-platform albeit less secure mechanism
- using rand
-*/
-static void randomize_key(unsigned char* key,int key_data_len)
-{
- int randomized = 0;
- int counter=0;
-#ifdef WIN32
- BOOLEAN res;
- if (ares_fpSystemFunction036)
- {
- res = (*ares_fpSystemFunction036) (key, key_data_len);
- if (res)
- randomized = 1;
- }
-#else /* !WIN32 */
-#ifdef CARES_RANDOM_FILE
- FILE *f = fopen(CARES_RANDOM_FILE, "rb");
- if(f) {
- setvbuf(f, NULL, _IONBF, 0);
- counter = aresx_uztosi(fread(key, 1, key_data_len, f));
- fclose(f);
- }
-#endif
-#endif /* WIN32 */
-
- if (!randomized) {
- for (;counter<key_data_len;counter++)
- key[counter]=(unsigned char)(rand() % 256); /* LCOV_EXCL_LINE */
- }
-}
-
-static int init_id_key(rc4_key* key,int key_data_len)
-{
- unsigned char index1;
- unsigned char index2;
- unsigned char* state;
- short counter;
- unsigned char *key_data_ptr = 0;
-
- key_data_ptr = ares_malloc(key_data_len);
- if (!key_data_ptr)
- return ARES_ENOMEM;
- memset(key_data_ptr, 0, key_data_len);
-
- state = &key->state[0];
- for(counter = 0; counter < 256; counter++)
- /* unnecessary AND but it keeps some compilers happier */
- state[counter] = (unsigned char)(counter & 0xff);
- randomize_key(key->state,key_data_len);
- key->x = 0;
- key->y = 0;
- index1 = 0;
- index2 = 0;
- for(counter = 0; counter < 256; counter++)
- {
- index2 = (unsigned char)((key_data_ptr[index1] + state[counter] +
- index2) % 256);
- ARES_SWAP_BYTE(&state[counter], &state[index2]);
-
- index1 = (unsigned char)((index1 + 1) % key_data_len);
- }
- ares_free(key_data_ptr);
- return ARES_SUCCESS;
-}
-
void ares_set_local_ip4(ares_channel channel, unsigned int local_ip)
{
channel->local_ip4 = local_ip;
diff --git a/src/lib/ares_private.h b/src/lib/ares_private.h
index 53043a651..b6eab8a7d 100644
--- a/src/lib/ares_private.h
+++ b/src/lib/ares_private.h
@@ -101,8 +101,6 @@ W32_FUNC const char *_w32_GetHostsFile (void);
#endif
-#define ARES_ID_KEY_LEN 31
-
#include "ares_ipv6.h"
#include "ares_llist.h"
@@ -262,12 +260,8 @@ struct apattern {
unsigned short type;
};
-typedef struct rc4_key
-{
- unsigned char state[256];
- unsigned char x;
- unsigned char y;
-} rc4_key;
+struct ares_rand_state;
+typedef struct ares_rand_state ares_rand_state;
struct ares_channeldata {
/* Configuration data */
@@ -302,8 +296,8 @@ struct ares_channeldata {
/* ID to use for next query */
unsigned short next_id;
- /* key to use when generating new ids */
- rc4_key id_key;
+ /* random state to use when generating new ids */
+ ares_rand_state *rand_state;
/* Generation number to use for the next TCP socket open/close */
int tcp_connection_generation;
@@ -362,7 +356,10 @@ void ares__close_sockets(ares_channel channel, struct server_state *server);
int ares__get_hostent(FILE *fp, int family, struct hostent **host);
int ares__read_line(FILE *fp, char **buf, size_t *bufsize);
void ares__free_query(struct query *query);
-unsigned short ares__generate_new_id(rc4_key* key);
+
+ares_rand_state *ares__init_rand_state(void);
+void ares__destroy_rand_state(ares_rand_state *state);
+unsigned short ares__generate_new_id(ares_rand_state *state);
struct timeval ares__tvnow(void);
int ares__expand_name_validated(const unsigned char *encoded,
const unsigned char *abuf,
diff --git a/src/lib/ares_query.c b/src/lib/ares_query.c
index 508274db3..42323bec5 100644
--- a/src/lib/ares_query.c
+++ b/src/lib/ares_query.c
@@ -33,32 +33,6 @@ struct qquery {
static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
-static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
-{
- unsigned char x;
- unsigned char y;
- unsigned char* state;
- unsigned char xorIndex;
- int counter;
-
- x = key->x;
- y = key->y;
-
- state = &key->state[0];
- for(counter = 0; counter < buffer_len; counter ++)
- {
- x = (unsigned char)((x + 1) % 256);
- y = (unsigned char)((state[x] + y) % 256);
- ARES_SWAP_BYTE(&state[x], &state[y]);
-
- xorIndex = (unsigned char)((state[x] + state[y]) % 256);
-
- buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]);
- }
- key->x = x;
- key->y = y;
-}
-
static struct query* find_query_by_id(ares_channel channel, unsigned short id)
{
unsigned short qid;
@@ -78,7 +52,6 @@ static struct query* find_query_by_id(ares_channel channel, unsigned short id)
return NULL;
}
-
/* a unique query id is generated using an rc4 key. Since the id may already
be used by a running query (as infrequent as it may be), a lookup is
performed per id generation. In practice this search should happen only
@@ -89,19 +62,12 @@ static unsigned short generate_unique_id(ares_channel channel)
unsigned short id;
do {
- id = ares__generate_new_id(&channel->id_key);
+ id = ares__generate_new_id(channel->rand_state);
} while (find_query_by_id(channel, id));
return (unsigned short)id;
}
-unsigned short ares__generate_new_id(rc4_key* key)
-{
- unsigned short r=0;
- rc4(key, (unsigned char *)&r, sizeof(r));
- return r;
-}
-
void ares_query(ares_channel channel, const char *name, int dnsclass,
int type, ares_callback callback, void *arg)
{
diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c
new file mode 100644
index 000000000..a564bc236
--- /dev/null
+++ b/src/lib/ares_rand.c
@@ -0,0 +1,274 @@
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2007-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_private.h"
+#include "ares_nowarn.h"
+#include <stdlib.h>
+
+typedef enum {
+ ARES_RAND_OS = 1, /* OS-provided such as RtlGenRandom or arc4random */
+ ARES_RAND_FILE = 2, /* OS file-backed random number generator */
+ ARES_RAND_RC4 = 3 /* Internal RC4 based PRNG */
+} ares_rand_backend;
+
+typedef struct ares_rand_rc4
+{
+ unsigned char S[256];
+ size_t i;
+ size_t j;
+} ares_rand_rc4;
+
+struct ares_rand_state
+{
+ ares_rand_backend type;
+ union {
+ FILE *rand_file;
+ ares_rand_rc4 rc4;
+ } state;
+};
+
+
+/* Define RtlGenRandom = SystemFunction036. This is in advapi32.dll. There is
+ * no need to dynamically load this, other software used widely does not.
+ * http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
+ * https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom
+ */
+#ifdef _WIN32
+BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength);
+# ifndef RtlGenRandom
+# define RtlGenRandom(a,b) SystemFunction036(a,b)
+# endif
+#endif
+
+
+#define ARES_RC4_KEY_LEN 32 /* 256 bits */
+
+static unsigned int ares_u32_from_ptr(void *addr)
+{
+ if (sizeof(void *) == 8) {
+ return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF));
+ }
+ return (unsigned int)((size_t)addr & 0xFFFFFFFF);
+}
+
+
+/* initialize an rc4 key as the last possible fallback. */
+static void ares_rc4_generate_key(ares_rand_rc4 *rc4_state, unsigned char *key, size_t key_len)
+{
+ size_t i;
+ size_t len = 0;
+ unsigned int data;
+ struct timeval tv;
+
+ if (key_len != ARES_RC4_KEY_LEN)
+ return;
+
+ /* Randomness is hard to come by. Maybe the system randomizes heap and stack addresses.
+ * Maybe the current timestamp give us some randomness.
+ * Use rc4_state (heap), &i (stack), and ares__tvnow()
+ */
+ data = ares_u32_from_ptr(rc4_state);
+ memcpy(key + len, &data, sizeof(data));
+ len += sizeof(data);
+
+ data = ares_u32_from_ptr(&i);
+ memcpy(key + len, &data, sizeof(data));
+ len += sizeof(data);
+
+ tv = ares__tvnow();
+ data = (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF);
+ memcpy(key + len, &data, sizeof(data));
+ len += sizeof(data);
+
+ srand(ares_u32_from_ptr(rc4_state) | ares_u32_from_ptr(&i) | (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF));
+
+ for (i=len; i<key_len; i++) {
+ key[i]=(unsigned char)(rand() % 256); /* LCOV_EXCL_LINE */
+ }
+}
+
+
+static void ares_rc4_init(ares_rand_rc4 *rc4_state)
+{
+ unsigned char key[ARES_RC4_KEY_LEN];
+ size_t i;
+ size_t j;
+
+ ares_rc4_generate_key(rc4_state, key, sizeof(key));
+
+ for (i = 0; i < sizeof(rc4_state->S); i++) {
+ rc4_state->S[i] = i & 0xFF;
+ }
+
+ for(i = 0, j = 0; i < 256; i++) {
+ j = (j + rc4_state->S[i] + key[i % sizeof(key)]) % 256;
+ ARES_SWAP_BYTE(&rc4_state->S[i], &rc4_state->S[j]);
+ }
+
+ rc4_state->i = 0;
+ rc4_state->j = 0;
+}
+
+/* Just outputs the key schedule, no need to XOR with any data since we have none */
+static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len)
+{
+ unsigned char *S = rc4_state->S;
+ size_t i = rc4_state->i;
+ size_t j = rc4_state->j;
+ size_t cnt;
+
+ for (cnt=0; cnt<len; cnt++) {
+ i = (i + 1) % 256;
+ j = (j + S[i]) % 256;
+
+ ARES_SWAP_BYTE(&S[i], &S[j]);
+ buf[cnt] = S[(S[i] + S[j]) % 256];
+ }
+
+ rc4_state->i = i;
+ rc4_state->j = j;
+}
+
+
+static int ares__init_rand_engine(ares_rand_state *state)
+{
+ memset(state, 0, sizeof(*state));
+
+#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32)
+ state->type = ARES_RAND_OS;
+ return 1;
+#elif defined(CARES_RANDOM_FILE)
+ state->type = ARES_RAND_FILE;
+ state->state.rand_file = fopen(CARES_RANDOM_FILE, "rb");
+ if (state->state.rand_file) {
+ setvbuf(state->state.rand_file, NULL, _IONBF, 0);
+ return 1;
+ }
+ /* Fall-Thru on failure to RC4 */
+#endif
+
+ state->type = ARES_RAND_RC4;
+ ares_rc4_init(&state->state.rc4);
+
+ /* Currently cannot fail */
+ return 1;
+}
+
+
+ares_rand_state *ares__init_rand_state()
+{
+ ares_rand_state *state = NULL;
+
+ state = ares_malloc(sizeof(*state));
+ if (!state)
+ return NULL;
+
+ if (!ares__init_rand_engine(state)) {
+ ares_free(state);
+ return NULL;
+ }
+
+ return state;
+}
+
+
+static void ares__clear_rand_state(ares_rand_state *state)
+{
+ if (!state)
+ return;
+
+ switch (state->type) {
+ case ARES_RAND_OS:
+ break;
+ case ARES_RAND_FILE:
+ fclose(state->state.rand_file);
+ break;
+ case ARES_RAND_RC4:
+ break;
+ }
+}
+
+
+static void ares__reinit_rand(ares_rand_state *state)
+{
+ ares__clear_rand_state(state);
+ ares__init_rand_engine(state);
+}
+
+
+void ares__destroy_rand_state(ares_rand_state *state)
+{
+ if (!state)
+ return;
+
+ ares__clear_rand_state(state);
+ ares_free(state);
+}
+
+
+static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t len)
+{
+
+ while (1) {
+ size_t rv;
+ size_t bytes_read = 0;
+
+ switch (state->type) {
+ case ARES_RAND_OS:
+#ifdef _WIN32
+ RtlGenRandom(buf, len);
+ return;
+#elif defined(HAVE_ARC4RANDOM_BUF)
+ arc4random_buf(buf, len);
+ return;
+#else
+ /* Shouldn't be possible to be here */
+ break;
+#endif
+
+ case ARES_RAND_FILE:
+ while (1) {
+ size_t rv = fread(buf + bytes_read, 1, len - bytes_read, state->state.rand_file);
+ if (rv == 0)
+ break; /* critical error, will reinit rand state */
+
+ bytes_read += rv;
+ if (bytes_read == len)
+ return;
+ }
+ break;
+
+ case ARES_RAND_RC4:
+ ares_rc4_prng(&state->state.rc4, buf, len);
+ return;
+ }
+
+ /* If we didn't return before we got here, that means we had a critical rand
+ * failure and need to reinitialized */
+ ares__reinit_rand(state);
+ }
+}
+
+unsigned short ares__generate_new_id(ares_rand_state *state)
+{
+ unsigned short r=0;
+
+ ares__rand_bytes(state, (unsigned char *)&r, sizeof(r));
+ return r;
+}
+

277
backport-002-CVE-2023-31124_CVE-2023-31147.patch
View File

@ -1,277 +0,0 @@
From 69950390b2d8063b6540dc75941a30ea56d11918 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Thu, 25 May 2023 21:31:33 +0200
Subject: [PATCH] rand: add support for getrandom() (#526)
glibc provides arc4random_buf() but musl does not and /dev/urandom is
not always available.
Conflict: NA
Reference: https://github.com/c-ares/c-ares/commit/69950390b2d8063b6540dc75941a30ea56d11918
---
CMakeLists.txt | 6 +++
configure.ac | 1 +
include/ares_build.h.cmake | 5 ++
m4/cares-functions.m4 | 102 ++++++++++++++++++++++++++++++++++++
src/lib/ares_config.h.cmake | 3 ++
src/lib/ares_rand.c | 17 +++++-
src/lib/setup_once.h | 4 ++
7 files changed, 137 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e2290af10..0a403880a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -164,6 +164,7 @@ CARES_FUNCTION_IN_LIBRARY (clock_gettime rt HAVE_LIBRT)
# Look for necessary includes
CHECK_INCLUDE_FILES (sys/types.h HAVE_SYS_TYPES_H)
+CHECK_INCLUDE_FILES (sys/random.h HAVE_SYS_RANDOM_H)
CHECK_INCLUDE_FILES (sys/socket.h HAVE_SYS_SOCKET_H)
CHECK_INCLUDE_FILES (sys/sockio.h HAVE_SYS_SOCKIO_H)
CHECK_INCLUDE_FILES (arpa/inet.h HAVE_ARPA_INET_H)
@@ -281,6 +282,7 @@ CARES_EXTRAINCLUDE_IFSET (HAVE_STDLIB_H stdlib.h)
CARES_EXTRAINCLUDE_IFSET (HAVE_STRING_H string.h)
CARES_EXTRAINCLUDE_IFSET (HAVE_STRINGS_H strings.h)
CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_IOCTL_H sys/ioctl.h)
+CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_RANDOM_H sys/random.h)
CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_SELECT_H sys/select.h)
CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_SOCKET_H sys/socket.h)
CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_SOCKIO_H sys/sockio.h)
@@ -365,6 +367,7 @@ CHECK_SYMBOL_EXISTS (gethostbyaddr "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETHOST
CHECK_SYMBOL_EXISTS (gethostbyname "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETHOSTBYNAME)
CHECK_SYMBOL_EXISTS (gethostname "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETHOSTNAME)
CHECK_SYMBOL_EXISTS (getnameinfo "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETNAMEINFO)
+CHECK_SYMBOL_EXISTS (getrandom "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETRANDOM)
CHECK_SYMBOL_EXISTS (getservbyport_r "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETSERVBYPORT_R)
CHECK_SYMBOL_EXISTS (getservbyname_r "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETSERVBYNAME_R)
CHECK_SYMBOL_EXISTS (gettimeofday "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETTIMEOFDAY)
@@ -562,6 +565,9 @@ ENDIF ()
IF (HAVE_SYS_TYPES_H)
SET (CARES_HAVE_SYS_TYPES_H 1)
ENDIF ()
+IF (HAVE_SYS_RANDOM_H)
+ SET (CARES_HAVE_SYS_RANDOM_H 1)
+ENDIF()
IF (HAVE_SYS_SOCKET_H)
SET (CARES_HAVE_SYS_SOCKET_H 1)
ENDIF()
diff --git a/configure.ac b/configure.ac
index 54e79d6e2..2d65eb73c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -666,6 +666,7 @@ CARES_CHECK_FUNC_GETENV
CARES_CHECK_FUNC_GETHOSTBYADDR
CARES_CHECK_FUNC_GETHOSTBYNAME
CARES_CHECK_FUNC_GETHOSTNAME
+CARES_CHECK_FUNC_GETRANDOM
CARES_CHECK_FUNC_GETSERVBYPORT_R
CARES_CHECK_FUNC_INET_NET_PTON
CARES_CHECK_FUNC_INET_NTOP
diff --git a/include/ares_build.h.cmake b/include/ares_build.h.cmake
index e847f17ea..6bad69a21 100644
--- a/include/ares_build.h.cmake
+++ b/include/ares_build.h.cmake
@@ -8,6 +8,7 @@
* files. We need to include some dependent headers that may be system specific
* for C-Ares */
#cmakedefine CARES_HAVE_SYS_TYPES_H
+#cmakedefine CARES_HAVE_SYS_RANDOM_H
#cmakedefine CARES_HAVE_SYS_SOCKET_H
#cmakedefine CARES_HAVE_WINDOWS_H
#cmakedefine CARES_HAVE_WS2TCPIP_H
@@ -20,6 +21,10 @@
# include <sys/types.h>
#endif
+#ifdef CARES_HAVE_SYS_RANDOM_H
+# include <sys/random.h>
+#endif
+
#ifdef CARES_HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4
index d4f4f994c..ce8d2f908 100644
--- a/m4/cares-functions.m4
+++ b/m4/cares-functions.m4
@@ -186,6 +186,24 @@ cares_includes_stropts="\
])
+dnl CARES_INCLUDES_SYS_RANDOM
+dnl -------------------------------------------------
+dnl Set up variable with list of headers that must be
+dnl included when sys/random.h is to be included.
+
+AC_DEFUN([CARES_INCLUDES_SYS_RANDOM], [
+cares_includes_sys_random="\
+/* includes start */
+#ifdef HAVE_SYS_RANDOM_H
+# include <sys/random.h>
+#endif
+/* includes end */"
+ AC_CHECK_HEADERS(
+ sys/random.h,
+ [], [], [$cares_includes_sys_random])
+])
+
+
dnl CARES_INCLUDES_SYS_SOCKET
dnl -------------------------------------------------
dnl Set up variable with list of headers that must be
@@ -1520,6 +1538,90 @@ AC_DEFUN([CARES_CHECK_FUNC_GETHOSTNAME], [
fi
])
+dnl CARES_CHECK_FUNC_GETRANDOM
+dnl -------------------------------------------------
+dnl Verify if getrandom is available, prototyped, and
+dnl can be compiled. If all of these are true, and
+dnl usage has not been previously disallowed with
+dnl shell variable cares_disallow_getrandom, then
+dnl HAVE_GETRANDOM will be defined.
+
+AC_DEFUN([CARES_CHECK_FUNC_GETRANDOM], [
+ AC_REQUIRE([CARES_INCLUDES_SYS_RANDOM])dnl
+ #
+ tst_links_getrandom="unknown"
+ tst_proto_getrandom="unknown"
+ tst_compi_getrandom="unknown"
+ tst_allow_getrandom="unknown"
+ #
+ AC_MSG_CHECKING([if getrandom can be linked])
+ AC_LINK_IFELSE([
+ AC_LANG_FUNC_LINK_TRY([getrandom])
+ ],[
+ AC_MSG_RESULT([yes])
+ tst_links_getrandom="yes"
+ ],[
+ AC_MSG_RESULT([no])
+ tst_links_getrandom="no"
+ ])
+ #
+ if test "$tst_links_getrandom" = "yes"; then
+ AC_MSG_CHECKING([if getrandom is prototyped])
+ AC_EGREP_CPP([getrandom],[
+ $cares_includes_sys_random
+ ],[
+ AC_MSG_RESULT([yes])
+ tst_proto_getrandom="yes"
+ ],[
+ AC_MSG_RESULT([no])
+ tst_proto_getrandom="no"
+ ])
+ fi
+ #
+ if test "$tst_proto_getrandom" = "yes"; then
+ AC_MSG_CHECKING([if getrandom is compilable])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+ $cares_includes_sys_random
+ ]],[[
+ if(0 != getrandom(0, 0, 0))
+ return 1;
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ tst_compi_getrandom="yes"
+ ],[
+ AC_MSG_RESULT([no])
+ tst_compi_getrandom="no"
+ ])
+ fi
+ #
+ if test "$tst_compi_getrandom" = "yes"; then
+ AC_MSG_CHECKING([if getrandom usage allowed])
+ if test "x$cares_disallow_getrandom" != "xyes"; then
+ AC_MSG_RESULT([yes])
+ tst_allow_getrandom="yes"
+ else
+ AC_MSG_RESULT([no])
+ tst_allow_getrandom="no"
+ fi
+ fi
+ #
+ AC_MSG_CHECKING([if getrandom might be used])
+ if test "$tst_links_getrandom" = "yes" &&
+ test "$tst_proto_getrandom" = "yes" &&
+ test "$tst_compi_getrandom" = "yes" &&
+ test "$tst_allow_getrandom" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED(HAVE_GETRANDOM, 1,
+ [Define to 1 if you have the getrandom function.])
+ ac_cv_func_getrandom="yes"
+ else
+ AC_MSG_RESULT([no])
+ ac_cv_func_getrandom="no"
+ fi
+])
+
dnl CARES_CHECK_FUNC_GETSERVBYPORT_R
dnl -------------------------------------------------
diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake
index 798820a3a..db0dfe768 100644
--- a/src/lib/ares_config.h.cmake
+++ b/src/lib/ares_config.h.cmake
@@ -123,6 +123,9 @@
/* Define to 1 if you have the getnameinfo function. */
#cmakedefine HAVE_GETNAMEINFO
+/* Define to 1 if you have the getrandom function. */
+#cmakedefine HAVE_GETRANDOM
+
/* Define to 1 if you have the getservbyport_r function. */
#cmakedefine HAVE_GETSERVBYPORT_R
diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c
index 766c1e6ea..f07d419d4 100644
--- a/src/lib/ares_rand.c
+++ b/src/lib/ares_rand.c
@@ -155,7 +155,7 @@ static int ares__init_rand_engine(ares_rand_state *state)
{
memset(state, 0, sizeof(*state));
-#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32)
+#if defined(HAVE_ARC4RANDOM_BUF) || defined(HAVE_GETRANDOM) || defined(_WIN32)
state->type = ARES_RAND_OS;
return 1;
#elif defined(CARES_RANDOM_FILE)
@@ -241,6 +241,21 @@ static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t
#elif defined(HAVE_ARC4RANDOM_BUF)
arc4random_buf(buf, len);
return;
+#elif defined(HAVE_GETRANDOM)
+ while (1) {
+ size_t n = len - bytes_read;
+ /* getrandom() on Linux always succeeds and is never
+ * interrupted by a signal when requesting <= 256 bytes.
+ */
+ ssize_t rv = getrandom(buf + bytes_read, n > 256 ? 256 : n, 0);
+ if (rv <= 0)
+ continue; /* Just retry. */
+
+ bytes_read += rv;
+ if (bytes_read == len)
+ return;
+ }
+ break;
#else
/* Shouldn't be possible to be here */
break;
diff --git a/src/lib/setup_once.h b/src/lib/setup_once.h
index a8cfe6bec..4b0f9cec2 100644
--- a/src/lib/setup_once.h
+++ b/src/lib/setup_once.h
@@ -91,6 +91,10 @@
# endif
#endif
+#ifdef HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
+
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif

27
backport-002-CVE-2023-31130.patch
View File

@ -1,27 +0,0 @@
From 424012216c40c8498015b942353e9bb7267e929b Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Mon, 22 May 2023 06:57:23 -0400
Subject: [PATCH] windows build fix
---
src/lib/inet_net_pton.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
index fc50425..d94a5f4 100644
--- a/src/lib/inet_net_pton.c
+++ b/src/lib/inet_net_pton.c
@@ -314,8 +314,8 @@ ares_inet_pton6(const char *src, unsigned char *dst)
continue;
}
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
- ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
- tp += INADDRSZ;
+ ares_inet_net_pton_ipv4(curtok, tp, NS_INADDRSZ) > 0) {
+ tp += NS_INADDRSZ;
saw_xdigit = 0;
count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
--
2.27.0

111
backport-003-CVE-2023-31130.patch
View File

@ -1,111 +0,0 @@
From fb79ae7bede940f0fef538472ff8a726df780f8f Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Mon, 22 May 2023 07:09:40 -0400
Subject: [PATCH] minor CI issues fixes for imported inet_net_pton
---
src/lib/inet_net_pton.c | 53 ++---------------------------------------
1 file changed, 2 insertions(+), 51 deletions(-)
diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
index d94a5f4..7130f0f 100644
--- a/src/lib/inet_net_pton.c
+++ b/src/lib/inet_net_pton.c
@@ -214,49 +214,6 @@ getbits(const char *src, int *bitsp)
return (1);
}
-static int
-getv4(const char *src, unsigned char *dst, int *bitsp)
-{
- static const char digits[] = "0123456789";
- unsigned char *odst = dst;
- int n;
- unsigned int val;
- char ch;
-
- val = 0;
- n = 0;
- while ((ch = *src++) != '\0') {
- const char *pch;
-
- pch = strchr(digits, ch);
- if (pch != NULL) {
- if (n++ != 0 && val == 0) /* no leading zeros */
- return (0);
- val *= 10;
- val += aresx_sztoui(pch - digits);
- if (val > 255) /* range */
- return (0);
- continue;
- }
- if (ch == '.' || ch == '/') {
- if (dst - odst > 3) /* too many octets? */
- return (0);
- *dst++ = (unsigned char)val;
- if (ch == '/')
- return (getbits(src, bitsp));
- val = 0;
- n = 0;
- continue;
- }
- return (0);
- }
- if (n == 0)
- return (0);
- if (dst - odst > 3) /* too many octets? */
- return (0);
- *dst = (unsigned char)val;
- return 1;
-}
static int
ares_inet_pton6(const char *src, unsigned char *dst)
@@ -287,7 +244,7 @@ ares_inet_pton6(const char *src, unsigned char *dst)
if (count_xdigit >= 4)
goto enoent;
val <<= 4;
- val |= (pch - xdigits);
+ val |= (unsigned int)(pch - xdigits);
if (val > 0xffff)
goto enoent;
saw_xdigit = 1;
@@ -317,7 +274,6 @@ ares_inet_pton6(const char *src, unsigned char *dst)
ares_inet_net_pton_ipv4(curtok, tp, NS_INADDRSZ) > 0) {
tp += NS_INADDRSZ;
saw_xdigit = 0;
- count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
goto enoent;
@@ -333,7 +289,7 @@ ares_inet_pton6(const char *src, unsigned char *dst)
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
- const int n = tp - colonp;
+ const int n = (int)(tp - colonp);
int i;
if (tp == endp)
@@ -353,10 +309,6 @@ ares_inet_pton6(const char *src, unsigned char *dst)
enoent:
SET_ERRNO(ENOENT);
return (-1);
-
-emsgsize:
- SET_ERRNO(EMSGSIZE);
- return (-1);
}
static int
@@ -368,7 +320,6 @@ ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
size_t bytes;
char buf[INET6_ADDRSTRLEN + sizeof("/128")];
char *sep;
- const char *errstr;
if (strlen(src) >= sizeof buf) {
SET_ERRNO(EMSGSIZE);
--
2.27.0

32
backport-003-CVE-2023-31147.patch
View File

@ -1,32 +0,0 @@
From 00f47ed830fc22775ffdc2bc2a691372684fae4f Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Mon, 22 May 2023 07:02:59 -0400
Subject: [PATCH] ares_rand static analysis fixes from CI
Conflict: NA
Reference: https://github.com/c-ares/c-ares/commit/00f47ed830fc22775ffdc2bc2a691372684fae4f
---
src/lib/ares_rand.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c
index a564bc23..a55a90bf 100644
--- a/src/lib/ares_rand.c
+++ b/src/lib/ares_rand.c
@@ -125,7 +125,7 @@ static void ares_rc4_init(ares_rand_rc4 *rc4_state)
}
/* Just outputs the key schedule, no need to XOR with any data since we have none */
-static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len)
+static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, size_t len)
{
unsigned char *S = rc4_state->S;
size_t i = rc4_state->i;
@@ -225,7 +225,6 @@ static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t
{
while (1) {
- size_t rv;
size_t bytes_read = 0;
switch (state->type) {

33
backport-004-CVE-2023-31147.patch
View File

@ -1,33 +0,0 @@
From 7da53555c284e896baabdaef441e883bf5245f11 Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Mon, 22 May 2023 07:37:38 -0400
Subject: [PATCH] windows MSVC compiler fix on 32bit
Conflict: NA
Reference: https://github.com/c-ares/c-ares/commit/7da53555c284e896baabdaef441e883bf5245f11
---
src/lib/ares_rand.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c
index a55a90bf..766c1e6e 100644
--- a/src/lib/ares_rand.c
+++ b/src/lib/ares_rand.c
@@ -58,10 +58,16 @@ BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength);
#define ARES_RC4_KEY_LEN 32 /* 256 bits */
+#ifdef _MSC_VER
+typedef unsigned __int64 cares_u64;
+#else
+typedef unsigned long long cares_u64;
+#endif
+
static unsigned int ares_u32_from_ptr(void *addr)
{
if (sizeof(void *) == 8) {
- return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF));
+ return (unsigned int)((((cares_u64)addr >> 32) & 0xFFFFFFFF) | ((cares_u64)addr & 0xFFFFFFFF));
}
return (unsigned int)((size_t)addr & 0xFFFFFFFF);
}

36
backport-005-CVE-2023-31147.patch
View File

@ -1,36 +0,0 @@
From 6360e96b5cf8e5980c887ce58ef727e53d77243a Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Mon, 22 May 2023 08:01:38 -0400
Subject: [PATCH] Makefile.inc Windows requires tabs not spaces for nmake
Conflict: NA
Reference: https://github.com/c-ares/c-ares/commit/6360e96b5cf8e5980c887ce58ef727e53d77243a
---
src/lib/Makefile.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 49bbe60..02d8d58 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -45,7 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c \
ares_platform.c \
ares_process.c \
ares_query.c \
- ares_rand.c \
+ ares_rand.c \
ares_search.c \
ares_send.c \
ares_strcasecmp.c \
@@ -60,7 +60,7 @@ CSOURCES = ares__addrinfo2hostent.c \
inet_ntop.c \
windows_port.c
-HHEADERS = ares_android.h \
+HHEADERS = ares_android.h \
ares_data.h \
ares_getenv.h \
ares_inet_net_pton.h \
--
2.33.0

71
backport-CVE-2023-31124.patch
View File

@ -1,71 +0,0 @@
From c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Sun, 30 Apr 2023 14:53:34 -0400
Subject: [PATCH] Merge pull request from GHSA-54xr-f67r-4pc4
* CARES_RANDOM_FILE should always default to /dev/urandom
During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately
detected, therefore we should always set it to /dev/urandom and allow the
entity requesting compilation override the value. The code does appropriately
fall back if CARES_RANDOM_FILE cannot be opened.
* use set not option
Conflict: NA
Reference: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d
---
CMakeLists.txt | 6 ++----
configure.ac | 12 +-----------
2 files changed, 3 insertions(+), 15 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7a29fef..0ec8d41 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent)
OPTION (CARES_BUILD_TESTS "Build and run tests" OFF)
OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF)
OPTION (CARES_BUILD_TOOLS "Build tools" ON)
+SET (CARES_RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom")
+
# Tests require static to be enabled on Windows to be able to access otherwise hidden symbols
IF (CARES_BUILD_TESTS AND (NOT CARES_STATIC) AND WIN32)
@@ -402,10 +404,6 @@ SET (CMAKE_REQUIRED_DEFINITIONS)
SET (CMAKE_REQUIRED_LIBRARIES)
-find_file(CARES_RANDOM_FILE urandom /dev)
-mark_as_advanced(CARES_RANDOM_FILE)
-
-
################################################################################
# recv, recvfrom, send, getnameinfo, gethostname
# ARGUMENTS AND RETURN VALUES
diff --git a/configure.ac b/configure.ac
index 56a570b..f8ebd07 100644
--- a/configure.ac
+++ b/configure.ac
@@ -896,17 +896,7 @@ AC_ARG_WITH(random,
AS_HELP_STRING([--with-random=FILE],
[read randomness from FILE (default=/dev/urandom)]),
[ CARES_RANDOM_FILE="$withval" ],
- [
- dnl Check for random device. If we're cross compiling, we can't
- dnl check, and it's better to assume it doesn't exist than it is
- dnl to fail on AC_CHECK_FILE or later.
- if test "$cross_compiling" = "no"; then
- AC_CHECK_FILE("/dev/urandom", [ CARES_RANDOM_FILE="/dev/urandom"] )
- else
- AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none])
- fi
-
- ]
+ [ CARES_RANDOM_FILE="/dev/urandom" ]
)
if test -n "$CARES_RANDOM_FILE" && test X"$CARES_RANDOM_FILE" != Xno ; then
AC_SUBST(CARES_RANDOM_FILE)
--
2.33.0

82
backport-CVE-2023-32067.patch
View File

@ -1,82 +0,0 @@
From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Mon, 22 May 2023 06:51:49 -0400
Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
---
src/lib/ares_process.c | 41 +++++++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 16 deletions(-)
diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
index bf0cde4..6cac0a9 100644
--- a/src/lib/ares_process.c
+++ b/src/lib/ares_process.c
@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
{
struct server_state *server;
int i;
- ares_ssize_t count;
+ ares_ssize_t read_len;
unsigned char buf[MAXENDSSZ + 1];
#ifdef HAVE_RECVFROM
ares_socklen_t fromlen;
@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
/* To reduce event loop overhead, read and process as many
* packets as we can. */
do {
- if (server->udp_socket == ARES_SOCKET_BAD)
- count = 0;
-
- else {
- if (server->addr.family == AF_INET)
+ if (server->udp_socket == ARES_SOCKET_BAD) {
+ read_len = -1;
+ } else {
+ if (server->addr.family == AF_INET) {
fromlen = sizeof(from.sa4);
- else
+ } else {
fromlen = sizeof(from.sa6);
- count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
- sizeof(buf), 0, &from.sa, &fromlen);
+ }
+ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+ sizeof(buf), 0, &from.sa, &fromlen);
}
- if (count == -1 && try_again(SOCKERRNO))
+ if (read_len == 0) {
+ /* UDP is connectionless, so result code of 0 is a 0-length UDP
+ * packet, and not an indication the connection is closed like on
+ * tcp */
continue;
- else if (count <= 0)
+ } else if (read_len < 0) {
+ if (try_again(SOCKERRNO))
+ continue;
+
handle_error(channel, i, now);
+
#ifdef HAVE_RECVFROM
- else if (!same_address(&from.sa, &server->addr))
+ } else if (!same_address(&from.sa, &server->addr)) {
/* The address the response comes from does not match the address we
* sent the request to. Someone may be attempting to perform a cache
* poisoning attack. */
- break;
+ continue;
#endif
- else
- process_answer(channel, buf, (int)count, i, 0, now);
- } while (count > 0);
+
+ } else {
+ process_answer(channel, buf, (int)read_len, i, 0, now);
+ }
+ } while (read_len >= 0);
}
}
--
2.27.0

62
backport-add-str-len-check-in-config_sortlist-to-avoid-stack-overflow.patch
View File

@ -1,62 +0,0 @@
From ac596026e77244481fd68736ae7f15855803a08a Mon Sep 17 00:00:00 2001
From: hopper-vul <hopper.vul@gmail.com>
Date: Tue, 13 Dec 2022 19:54:21 +0800
Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow
In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
the input str and initialize a sortlist configuration.
However, ares_set_sortlist has not any checks about the validity of the input str.
It is very easy to create an arbitrary length stack overflow with the unchecked
`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
statements in the config_sortlist call, which could potentially cause severe
security impact in practical programs.
This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
potential stack overflows.
fixes #496
Signed-off-by: hopper-vul <hopper.vul@gmail.com>
---
src/lib/ares_init.c | 4 ++++
test/ares-test-init.cc | 2 ++
2 files changed, 6 insertions(+)
diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
index de5d86c..d5858f6 100644
--- a/src/lib/ares_init.c
+++ b/src/lib/ares_init.c
@@ -2243,6 +2243,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
q = str;
while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
q++;
+ if (q-str >= 16)
+ return ARES_EBADSTR;
memcpy(ipbuf, str, q-str);
ipbuf[q-str] = '\0';
/* Find the prefix */
@@ -2251,6 +2253,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
const char *str2 = q+1;
while (*q && *q != ';' && !ISSPACE(*q))
q++;
+ if (q-str >= 32)
+ return ARES_EBADSTR;
memcpy(ipbufpfx, str, q-str);
ipbufpfx[q-str] = '\0';
str = str2;
diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc
index ff6c6c6..c3cb948 100644
--- a/test/ares-test-init.cc
+++ b/test/ares-test-init.cc
@@ -270,6 +270,8 @@ TEST_F(DefaultChannelTest, SetAddresses) {
TEST_F(DefaultChannelTest, SetSortlistFailures) {
EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
+ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
+ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
}
--
2.33.0

BIN
c-ares-1.18.1.tar.gz
View File

Binary file not shown.

BIN
c-ares-1.19.1.tar.gz Normal file
View File

Binary file not shown.

25
c-ares.spec
View File

@ -1,27 +1,16 @@
Name: c-ares
Version: 1.18.1
Release: 6
Version: 1.19.1
Release: 1
Summary: A C library for asynchronous DNS requests
License: MIT
URL: https://github.com/c-ares/c-ares
Source0: https://github.com/c-ares/c-ares/releases/download/cares-1_18_1/%{name}-%{version}.tar.gz
URL: https://c-ares.org/
Source0: https://c-ares.org/download/%{name}-%{version}.tar.gz
BuildRequires: gcc autoconf automake libtool g++
# Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR
Patch0: 0000-Use-RPM-compiler-options.patch
Patch1: backport-disable-live-tests.patch
Patch2: backport-add-str-len-check-in-config_sortlist-to-avoid-stack-overflow.patch
Patch3: backport-CVE-2023-32067.patch
Patch4: backport-001-CVE-2023-31130.patch
Patch5: backport-002-CVE-2023-31130.patch
Patch6: backport-003-CVE-2023-31130.patch
Patch7: backport-001-CVE-2023-31147.patch
Patch8: backport-002-CVE-2023-31124_CVE-2023-31147.patch
Patch9: backport-003-CVE-2023-31147.patch
Patch10: backport-004-CVE-2023-31147.patch
Patch11: backport-005-CVE-2023-31147.patch
Patch12: backport-CVE-2023-31124.patch
%description
This is c-ares, an asynchronous resolver library. It is intended for applications
@ -71,6 +60,12 @@ cd ../
%{_mandir}/man3/*
%changelog
* Tue Jul 25 2023 xinghe <xinghe2@h-partners.com> - 1.19.1-1
- Type:requirements
- ID:NA
- SUG:NA
- DESC:update c-ares to 1.19.1
* Thu Jun 01 2023 xinghe <xinghe2@h-partners.com> - 1.18.1-6
- Type:CVE
- CVE:CVE-2023-31124 CVE-2023-31147