On Tue, Sep 12 2017, Ingo Feinerer <feine...@logic.at> wrote: > Hi, > > an update for net/libcares which fixes CVE-2017-1000381 > (https://c-ares.haxx.se/adv_20170620.html). > > Changelog: https://c-ares.haxx.se/changelog.html > > - patch-ares_h is no longer necessary > - bump minor for libcares shared library due to > ares_set_socket_functions addition > > OK?
Looks good to me, ok jca@ Here's a diff from upstream (https://c-ares.haxx.se/CVE-2017-1000381.patch) for -stable. ok? Index: Makefile =================================================================== RCS file: /d/cvs/ports/net/libcares/Makefile,v retrieving revision 1.18 diff -u -p -r1.18 Makefile --- Makefile 12 Oct 2016 06:09:34 -0000 1.18 +++ Makefile 12 Sep 2017 16:39:36 -0000 @@ -3,6 +3,7 @@ COMMENT= asynchronous resolver library V= 1.12.0 +REVISION= 0 DISTNAME= c-ares-${V} PKGNAME= libcares-${V} CATEGORIES= net devel Index: patches/patch-ares_parse_naptr_reply_c =================================================================== RCS file: patches/patch-ares_parse_naptr_reply_c diff -N patches/patch-ares_parse_naptr_reply_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-ares_parse_naptr_reply_c 12 Sep 2017 16:44:50 -0000 @@ -0,0 +1,34 @@ +$OpenBSD$ + +Fix for CVE-2017-1000381 + +From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001 +From: David Drysdale <drysd...@google.com> +Date: Mon, 22 May 2017 10:54:10 +0100 +Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data + +Check that there is enough data for the required elements +of an NAPTR record (2 int16, 3 bytes for string lengths) +before processing a record. + +Index: ares_parse_naptr_reply.c +--- ares_parse_naptr_reply.c.orig ++++ ares_parse_naptr_reply.c +@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int + status = ARES_EBADRESP; + break; + } ++ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */ ++ if (rr_len < 7) ++ { ++ status = ARES_EBADRESP; ++ break; ++ } + + /* Check if we are really looking at a NAPTR record */ + if (rr_class == C_IN && rr_type == T_NAPTR) +@@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int + + return ARES_SUCCESS; + } +- -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE