Re: UPDATE: net/libcares

Tue, 12 Sep 2017 10:50:16 -0700 

On Tue, Sep 12, 2017 at 06:45:15PM +0200, Jeremie Courreges-Anglas wrote:
> On Tue, Sep 12 2017, Ingo Feinerer <[email protected]> wrote:
> > an update for net/libcares which fixes CVE-2017-1000381
> > (https://c-ares.haxx.se/adv_20170620.html).
> >
> > Changelog: https://c-ares.haxx.se/changelog.html
> >
> > - patch-ares_h is no longer necessary
> > - bump minor for libcares shared library due to
> >   ares_set_socket_functions addition
> >
> > OK?
> 
> Looks good to me, ok jca@
> 
> Here's a diff from upstream
> (https://c-ares.haxx.se/CVE-2017-1000381.patch) for -stable.  ok?

OK feinerer@

> Index: Makefile
> ===================================================================
> RCS file: /d/cvs/ports/net/libcares/Makefile,v
> retrieving revision 1.18
> diff -u -p -r1.18 Makefile
> --- Makefile  12 Oct 2016 06:09:34 -0000      1.18
> +++ Makefile  12 Sep 2017 16:39:36 -0000
> @@ -3,6 +3,7 @@
>  COMMENT=     asynchronous resolver library
>  
>  V=           1.12.0
> +REVISION=    0
>  DISTNAME=    c-ares-${V}
>  PKGNAME=     libcares-${V}
>  CATEGORIES=  net devel
> Index: patches/patch-ares_parse_naptr_reply_c
> ===================================================================
> RCS file: patches/patch-ares_parse_naptr_reply_c
> diff -N patches/patch-ares_parse_naptr_reply_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-ares_parse_naptr_reply_c    12 Sep 2017 16:44:50 -0000
> @@ -0,0 +1,34 @@
> +$OpenBSD$
> +
> +Fix for CVE-2017-1000381
> +
> +From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001
> +From: David Drysdale <[email protected]>
> +Date: Mon, 22 May 2017 10:54:10 +0100
> +Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
> +
> +Check that there is enough data for the required elements
> +of an NAPTR record (2 int16, 3 bytes for string lengths)
> +before processing a record.
> +
> +Index: ares_parse_naptr_reply.c
> +--- ares_parse_naptr_reply.c.orig
> ++++ ares_parse_naptr_reply.c
> +@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int
> +           status = ARES_EBADRESP;
> +           break;
> +         }
> ++      /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
> ++      if (rr_len < 7)
> ++        {
> ++          status = ARES_EBADRESP;
> ++          break;
> ++        }
> + 
> +       /* Check if we are really looking at a NAPTR record */
> +       if (rr_class == C_IN && rr_type == T_NAPTR)
> +@@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int
> + 
> +   return ARES_SUCCESS;
> + }
> +-

Reply via email to