diff options
author | Armin Kuster <akuster808@gmail.vom> | 2022-09-11 13:49:16 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2022-09-11 13:49:52 -0400 |
commit | 87841f0c186d11852023f6d8aa065363b97c6692 (patch) | |
tree | bff9a1c3df537b1dc6e16aa588fc6eb8f88ddcbd /meta-oe | |
parent | a33dca52979052c574bb505c211b89a8f490665e (diff) | |
download | meta-openembedded-87841f0c186d11852023f6d8aa065363b97c6692.tar.gz |
Revert "c-ares: Add fix for CVE-2021-3672"
This reverts commit b06724bc274f751004ade2ceeddfb8ec40d93f16.
Revert this CVE fix as we upgrade c-ares to 1.18.1
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.vom>
Diffstat (limited to 'meta-oe')
3 files changed, 0 insertions, 207 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch deleted file mode 100644 index d1cb54aefb..0000000000 --- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch +++ /dev/null @@ -1,115 +0,0 @@ -From: bradh352 <brad@brad-house.com> -Date: Fri, 11 Jun 2021 12:39:24 -0400 -Subject: [2/2] ares_expand_name(): fix formatting and handling of root name - response -Origin: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672 - -Fixes issue introduced in prior commit with formatting and handling -of parsing a root name response which should not be escaped. - -Fix By: Brad House -CVE: CVE-2021-3672 -Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz] -Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> ---- - ares_expand_name.c | 62 ++++++++++++++++++++++++-------------- - 1 file changed, 40 insertions(+), 22 deletions(-) - -diff --git a/ares_expand_name.c b/ares_expand_name.c -index f1c874a97cfc..eb9268c1ff0a 100644 ---- a/ares_expand_name.c -+++ b/ares_expand_name.c -@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, - } - else - { -- len = *p; -+ int name_len = *p; -+ len = name_len; - p++; -+ - while (len--) - { -- if (!isprint(*p)) { -- /* Output as \DDD for consistency with RFC1035 5.1 */ -- *q++ = '\\'; -- *q++ = '0' + *p / 100; -- *q++ = '0' + (*p % 100) / 10; -- *q++ = '0' + (*p % 10); -- } else if (is_reservedch(*p)) { -- *q++ = '\\'; -- *q++ = *p; -- } else { -- *q++ = *p; -- } -+ /* Output as \DDD for consistency with RFC1035 5.1, except -+ * for the special case of a root name response */ -+ if (!isprint(*p) && !(name_len == 1 && *p == 0)) -+ { -+ -+ *q++ = '\\'; -+ *q++ = '0' + *p / 100; -+ *q++ = '0' + (*p % 100) / 10; -+ *q++ = '0' + (*p % 10); -+ } -+ else if (is_reservedch(*p)) -+ { -+ *q++ = '\\'; -+ *q++ = *p; -+ } -+ else -+ { -+ *q++ = *p; -+ } - p++; - } - *q++ = '.'; - } -- } -+ } -+ - if (!indir) - *enclen = aresx_uztosl(p + 1U - encoded); - -@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, - } - else if (top == 0x00) - { -- offset = *encoded; -+ int name_len = *encoded; -+ offset = name_len; - if (encoded + offset + 1 >= abuf + alen) - return -1; - encoded++; -+ - while (offset--) - { -- if (!isprint(*encoded)) { -- n += 4; -- } else if (is_reservedch(*encoded)) { -- n += 2; -- } else { -- n += 1; -- } -+ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0)) -+ { -+ n += 4; -+ } -+ else if (is_reservedch(*encoded)) -+ { -+ n += 2; -+ } -+ else -+ { -+ n += 1; -+ } - encoded++; - } -+ - n++; - } - else --- -2.32.0 - diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch deleted file mode 100644 index 3603ef1278..0000000000 --- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch +++ /dev/null @@ -1,90 +0,0 @@ -From: bradh352 <brad@brad-house.com> -Date: Fri, 11 Jun 2021 11:27:45 -0400 -Subject: [1/2] ares_expand_name() should escape more characters -Origin: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672 - -RFC1035 5.1 specifies some reserved characters and escaping sequences -that are allowed to be specified. Expand the list of reserved characters -and also escape non-printable characters using the \DDD format as -specified in the RFC. - -Bug Reported By: philipp.jeitner@sit.fraunhofer.de -Fix By: Brad House (@bradh352) -CVE: CVE-2021-3672 -Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz] -Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> ---- - ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++--- - 1 file changed, 38 insertions(+), 3 deletions(-) - -diff --git a/ares_expand_name.c b/ares_expand_name.c -index 407200ef5b4b..f1c874a97cfc 100644 ---- a/ares_expand_name.c -+++ b/ares_expand_name.c -@@ -32,6 +32,26 @@ - static int name_length(const unsigned char *encoded, const unsigned char *abuf, - int alen); - -+/* Reserved characters for names that need to be escaped */ -+static int is_reservedch(int ch) -+{ -+ switch (ch) { -+ case '"': -+ case '.': -+ case ';': -+ case '\\': -+ case '(': -+ case ')': -+ case '@': -+ case '$': -+ return 1; -+ default: -+ break; -+ } -+ -+ return 0; -+} -+ - /* Expand an RFC1035-encoded domain name given by encoded. The - * containing message is given by abuf and alen. The result given by - * *s, which is set to a NUL-terminated allocated buffer. *enclen is -@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, - p++; - while (len--) - { -- if (*p == '.' || *p == '\\') -+ if (!isprint(*p)) { -+ /* Output as \DDD for consistency with RFC1035 5.1 */ -+ *q++ = '\\'; -+ *q++ = '0' + *p / 100; -+ *q++ = '0' + (*p % 100) / 10; -+ *q++ = '0' + (*p % 10); -+ } else if (is_reservedch(*p)) { - *q++ = '\\'; -- *q++ = *p; -+ *q++ = *p; -+ } else { -+ *q++ = *p; -+ } - p++; - } - *q++ = '.'; -@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, - encoded++; - while (offset--) - { -- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1; -+ if (!isprint(*encoded)) { -+ n += 4; -+ } else if (is_reservedch(*encoded)) { -+ n += 2; -+ } else { -+ n += 1; -+ } - encoded++; - } - n++; --- -2.32.0 - diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb index 692a5f0d6e..0e118c88ff 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb @@ -11,8 +11,6 @@ SRC_URI = "\ git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ file://cmake-install-libcares.pc.patch \ file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \ - file://ares_expand_name-should-escape-more-characters.patch \ - file://ares_expand_name-fix-formatting-and-handling-of-root.patch \ " SRCREV = "74a1426ba60e2cd7977e53a22ef839c87415066e" |