Re: UPDATE: net/libcares

Tue, 12 Sep 2017 09:50:31 -0700 

On Tue, Sep 12 2017, Ingo Feinerer <feine...@logic.at> wrote:
> Hi,
>
> an update for net/libcares which fixes CVE-2017-1000381
> (https://c-ares.haxx.se/adv_20170620.html).
>
> Changelog: https://c-ares.haxx.se/changelog.html
>
> - patch-ares_h is no longer necessary
> - bump minor for libcares shared library due to
>   ares_set_socket_functions addition
>
> OK?

Looks good to me, ok jca@

Here's a diff from upstream
(https://c-ares.haxx.se/CVE-2017-1000381.patch) for -stable.  ok?


Index: Makefile
===================================================================
RCS file: /d/cvs/ports/net/libcares/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile    12 Oct 2016 06:09:34 -0000      1.18
+++ Makefile    12 Sep 2017 16:39:36 -0000
@@ -3,6 +3,7 @@
 COMMENT=       asynchronous resolver library
 
 V=             1.12.0
+REVISION=      0
 DISTNAME=      c-ares-${V}
 PKGNAME=       libcares-${V}
 CATEGORIES=    net devel
Index: patches/patch-ares_parse_naptr_reply_c
===================================================================
RCS file: patches/patch-ares_parse_naptr_reply_c
diff -N patches/patch-ares_parse_naptr_reply_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-ares_parse_naptr_reply_c      12 Sep 2017 16:44:50 -0000
@@ -0,0 +1,34 @@
+$OpenBSD$
+
+Fix for CVE-2017-1000381
+
+From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001
+From: David Drysdale <drysd...@google.com>
+Date: Mon, 22 May 2017 10:54:10 +0100
+Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
+
+Check that there is enough data for the required elements
+of an NAPTR record (2 int16, 3 bytes for string lengths)
+before processing a record.
+
+Index: ares_parse_naptr_reply.c
+--- ares_parse_naptr_reply.c.orig
++++ ares_parse_naptr_reply.c
+@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int
+           status = ARES_EBADRESP;
+           break;
+         }
++      /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
++      if (rr_len < 7)
++        {
++          status = ARES_EBADRESP;
++          break;
++        }
+ 
+       /* Check if we are really looking at a NAPTR record */
+       if (rr_class == C_IN && rr_type == T_NAPTR)
+@@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int
+ 
+   return ARES_SUCCESS;
+ }
+-


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply via email to