diff options
Diffstat (limited to 'meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch')
-rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch new file mode 100644 index 0000000000..3603ef1278 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch @@ -0,0 +1,90 @@ +From: bradh352 <brad@brad-house.com> +Date: Fri, 11 Jun 2021 11:27:45 -0400 +Subject: [1/2] ares_expand_name() should escape more characters +Origin: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672 + +RFC1035 5.1 specifies some reserved characters and escaping sequences +that are allowed to be specified. Expand the list of reserved characters +and also escape non-printable characters using the \DDD format as +specified in the RFC. + +Bug Reported By: philipp.jeitner@sit.fraunhofer.de +Fix By: Brad House (@bradh352) +CVE: CVE-2021-3672 +Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz] +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +--- + ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++--- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/ares_expand_name.c b/ares_expand_name.c +index 407200ef5b4b..f1c874a97cfc 100644 +--- a/ares_expand_name.c ++++ b/ares_expand_name.c +@@ -32,6 +32,26 @@ + static int name_length(const unsigned char *encoded, const unsigned char *abuf, + int alen); + ++/* Reserved characters for names that need to be escaped */ ++static int is_reservedch(int ch) ++{ ++ switch (ch) { ++ case '"': ++ case '.': ++ case ';': ++ case '\\': ++ case '(': ++ case ')': ++ case '@': ++ case '$': ++ return 1; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ + /* Expand an RFC1035-encoded domain name given by encoded. The + * containing message is given by abuf and alen. The result given by + * *s, which is set to a NUL-terminated allocated buffer. *enclen is +@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + p++; + while (len--) + { +- if (*p == '.' || *p == '\\') ++ if (!isprint(*p)) { ++ /* Output as \DDD for consistency with RFC1035 5.1 */ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } else if (is_reservedch(*p)) { + *q++ = '\\'; +- *q++ = *p; ++ *q++ = *p; ++ } else { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; +@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + encoded++; + while (offset--) + { +- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1; ++ if (!isprint(*encoded)) { ++ n += 4; ++ } else if (is_reservedch(*encoded)) { ++ n += 2; ++ } else { ++ n += 1; ++ } + encoded++; + } + n++; +-- +2.32.0 + |