aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2017-08-14 14:12:00 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2017-08-14 14:12:00 +0000
commit3537381bc9959feb8f2f0d5f41f1f1851c2a228e (patch)
treee0fa0cb6924b0d3912494f65b847d911941441f2
parent95ec06e8ff528eb0f8225fe2db60c11035f1a1f5 (diff)
downloadaports-3537381bc9959feb8f2f0d5f41f1f1851c2a228e.tar.gz
aports-3537381bc9959feb8f2f0d5f41f1f1851c2a228e.tar.bz2
aports-3537381bc9959feb8f2f0d5f41f1f1851c2a228e.tar.xz
main/c-ares: fix for CVE-2017-1000381. Fixes #7529
-rw-r--r--main/c-ares/APKBUILD16
-rw-r--r--main/c-ares/CVE-2017-1000381.patch37
2 files changed, 48 insertions, 5 deletions
diff --git a/main/c-ares/APKBUILD b/main/c-ares/APKBUILD
index 1bb4aa6182..f6c3b85b89 100644
--- a/main/c-ares/APKBUILD
+++ b/main/c-ares/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=c-ares
pkgver=1.12.0
-pkgrel=0
+pkgrel=1
pkgdesc="An asynchronously DNS/names resolver library"
url="http://c-ares.haxx.se/"
arch="all"
@@ -10,9 +10,12 @@ license="MIT"
depends=""
makedepends=""
subpackages="$pkgname-doc $pkgname-dev"
-source="http://c-ares.haxx.se/download/$pkgname-$pkgver.tar.gz"
+source="http://c-ares.haxx.se/download/$pkgname-$pkgver.tar.gz
+ CVE-2017-1000381.patch"
# secfixes:
+# 1.12.0-r1:
+# - CVE-2017-1000381
# 1.12.0-r0:
# - CVE-2016-5180
@@ -39,6 +42,9 @@ package() {
make -j1 DESTDIR="$pkgdir" install || return 1
}
-md5sums="2ca44be1715cd2c5666a165d35788424 c-ares-1.12.0.tar.gz"
-sha256sums="8692f9403cdcdf936130e045c84021665118ee9bfea905d1a76f04d4e6f365fb c-ares-1.12.0.tar.gz"
-sha512sums="3da0fadb04eccab49b4e6eff3f087a392dd76238d47e74e2ede723883468da688e41f679ee8ca38613fc4f80d3bd7c29e69d3d6c711f988a02fd5d21a3ee1dc6 c-ares-1.12.0.tar.gz"
+md5sums="2ca44be1715cd2c5666a165d35788424 c-ares-1.12.0.tar.gz
+46ffb05c09add980685cb665caf8efdc CVE-2017-1000381.patch"
+sha256sums="8692f9403cdcdf936130e045c84021665118ee9bfea905d1a76f04d4e6f365fb c-ares-1.12.0.tar.gz
+ec0bf3f598a55fe5d9550383cbf248dcb1596040e5893a90a0f74d4a52c80ada CVE-2017-1000381.patch"
+sha512sums="3da0fadb04eccab49b4e6eff3f087a392dd76238d47e74e2ede723883468da688e41f679ee8ca38613fc4f80d3bd7c29e69d3d6c711f988a02fd5d21a3ee1dc6 c-ares-1.12.0.tar.gz
+532071c7d752d6956f3944f8f707d616e3458424b1bf971b305e81ec6bebeec1e84934fd17528ce6fc376b88e97c90443c39c95f95a12ac3e027dc1fa386de01 CVE-2017-1000381.patch"
diff --git a/main/c-ares/CVE-2017-1000381.patch b/main/c-ares/CVE-2017-1000381.patch
new file mode 100644
index 0000000000..dadd132d8d
--- /dev/null
+++ b/main/c-ares/CVE-2017-1000381.patch
@@ -0,0 +1,37 @@
+From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001
+From: David Drysdale <drysdale@google.com>
+Date: Mon, 22 May 2017 10:54:10 +0100
+Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
+
+Check that there is enough data for the required elements
+of an NAPTR record (2 int16, 3 bytes for string lengths)
+before processing a record.
+---
+ ares_parse_naptr_reply.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/ares_parse_naptr_reply.c b/ares_parse_naptr_reply.c
+index 11634df9847c..717d35577811 100644
+--- a/ares_parse_naptr_reply.c
++++ b/ares_parse_naptr_reply.c
+@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
+ status = ARES_EBADRESP;
+ break;
+ }
++ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
++ if (rr_len < 7)
++ {
++ status = ARES_EBADRESP;
++ break;
++ }
+
+ /* Check if we are really looking at a NAPTR record */
+ if (rr_class == C_IN && rr_type == T_NAPTR)
+@@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
+
+ return ARES_SUCCESS;
+ }
+-
+--
+2.13.0.303.g4ebf302169-goog
+