Overview

File CVE-2022-4904.patch of Package libcares2.32783

Index: c-ares-1.9.1/ares_init.c
===================================================================
--- c-ares-1.9.1.orig/ares_init.c
+++ c-ares-1.9.1/ares_init.c
@@ -1610,6 +1610,8 @@ static int config_sortlist(struct apatte
       q = str;
       while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
         q++;
+      if (q-str >= 16)
+        return ARES_EBADSTR;
       memcpy(ipbuf, str, q-str);
       ipbuf[q-str] = '\0';
       /* Find the prefix */
@@ -1618,6 +1620,8 @@ static int config_sortlist(struct apatte
           const char *str2 = q+1;
           while (*q && *q != ';' && !ISSPACE(*q))
             q++;
+          if (q-str >= 32)
+            return ARES_EBADSTR;
           memcpy(ipbufpfx, str, q-str);
           ipbufpfx[q-str] = '\0';
           str = str2;
openSUSE Build Service is sponsored by
Places