diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2023-07-18 08:22:21 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-07-22 07:49:35 -0400 |
commit | 3c62000f88c7a81646f7dfe8a8d9ac145a8b9af5 (patch) | |
tree | c5e53a6cd02fa8bbec08c920f2b4c930ce9fe700 | |
parent | b8b0b06821d4d4df0cce4f07fa31a8ca1dd38f46 (diff) | |
download | meta-openembedded-contrib-3c62000f88c7a81646f7dfe8a8d9ac145a8b9af5.tar.gz |
c-ares: CVE-2023-32067 0-byte UDP payload Denial of Service
Upstream-Status: Backport from https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch | 84 | ||||
-rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 1 |
2 files changed, 85 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch new file mode 100644 index 0000000000..63192d3c81 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch @@ -0,0 +1,84 @@ +From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001 +From: Brad House <brad@brad-house.com> +Date: Mon, 22 May 2023 06:51:49 -0400 +Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc + +Link: https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 + +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae] +CVE: CVE-2023-32067 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/lib/ares_process.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c +index bf0cde464..6cac0a99f 100644 +--- a/src/lib/ares_process.c ++++ b/src/lib/ares_process.c +@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + { + struct server_state *server; + int i; +- ares_ssize_t count; ++ ares_ssize_t read_len; + unsigned char buf[MAXENDSSZ + 1]; + #ifdef HAVE_RECVFROM + ares_socklen_t fromlen; +@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + /* To reduce event loop overhead, read and process as many + * packets as we can. */ + do { +- if (server->udp_socket == ARES_SOCKET_BAD) +- count = 0; +- +- else { +- if (server->addr.family == AF_INET) ++ if (server->udp_socket == ARES_SOCKET_BAD) { ++ read_len = -1; ++ } else { ++ if (server->addr.family == AF_INET) { + fromlen = sizeof(from.sa4); +- else ++ } else { + fromlen = sizeof(from.sa6); +- count = socket_recvfrom(channel, server->udp_socket, (void *)buf, +- sizeof(buf), 0, &from.sa, &fromlen); ++ } ++ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf, ++ sizeof(buf), 0, &from.sa, &fromlen); + } + +- if (count == -1 && try_again(SOCKERRNO)) ++ if (read_len == 0) { ++ /* UDP is connectionless, so result code of 0 is a 0-length UDP ++ * packet, and not an indication the connection is closed like on ++ * tcp */ + continue; +- else if (count <= 0) ++ } else if (read_len < 0) { ++ if (try_again(SOCKERRNO)) ++ continue; ++ + handle_error(channel, i, now); ++ + #ifdef HAVE_RECVFROM +- else if (!same_address(&from.sa, &server->addr)) ++ } else if (!same_address(&from.sa, &server->addr)) { + /* The address the response comes from does not match the address we + * sent the request to. Someone may be attempting to perform a cache + * poisoning attack. */ +- break; ++ continue; + #endif +- else +- process_answer(channel, buf, (int)count, i, 0, now); +- } while (count > 0); ++ ++ } else { ++ process_answer(channel, buf, (int)read_len, i, 0, now); ++ } ++ } while (read_len >= 0); + } + } + diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 152d913325..2aa7897608 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -9,6 +9,7 @@ SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ file://CVE-2022-4904.patch \ file://CVE-2023-31130.patch \ file://CVE-2023-31147.patch \ + file://CVE-2023-32067.patch \ " SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" |