File CVE-2023-32067.patch of Package libcares2

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-32067.patch of Package libcares2

ported from

commit b9b8413cfdb70a3f99e1573333b23052d57ec1ae
Author: Brad House <brad@brad-house.com>
Date:   Mon May 22 06:51:49 2023 -0400

Merge pull request from GHSA-9g78-jv2r-p7vc

Index: c-ares-1.9.1/ares_process.c
===================================================================
--- c-ares-1.9.1.orig/ares_process.c
+++ c-ares-1.9.1/ares_process.c
@@ -429,7 +429,7 @@ static void read_udp_packets(ares_channe
 {
   struct server_state *server;
   int i;
-  ssize_t count;
+  ssize_t read_len;
   unsigned char buf[PACKETSZ + 1];
 #ifdef HAVE_RECVFROM
   ares_socklen_t fromlen;
@@ -473,29 +473,41 @@ static void read_udp_packets(ares_channe
        * packets as we can. */
       do {
 #ifdef HAVE_RECVFROM
-        if (server->addr.family == AF_INET)
-          fromlen = sizeof(from.sa4);
-        else
-          fromlen = sizeof(from.sa6);
-        count = (ssize_t)recvfrom(server->udp_socket, (void *)buf, sizeof(buf),
-                                  0, &from.sa, &fromlen);
+        if (server->udp_socket == ARES_SOCKET_BAD) {
+          read_len = -1;
+        } else {
+          if (server->addr.family == AF_INET) {
+            fromlen = sizeof(from.sa4);
+          } else {
+            fromlen = sizeof(from.sa6);
+          }
+          read_len = recvfrom(server->udp_socket, (void *)buf,
+                              sizeof(buf), 0, &from.sa, &fromlen);
 #else
-        count = sread(server->udp_socket, buf, sizeof(buf));
+        read_len = sread(server->udp_socket, buf, sizeof(buf));
 #endif
-        if (count == -1 && try_again(SOCKERRNO))
+        }
+
+        if (read_len == 0) {
+          /* UDP is connectionless, so result code of 0 is a 0-length UDP
+           * packet, and not an indication the connection is closed like on
+           * tcp */
           continue;
-        else if (count <= 0)
+        } else if (read_len < 0) {
+          if (try_again(SOCKERRNO))
+            continue;
           handle_error(channel, i, now);
 #ifdef HAVE_RECVFROM
-        else if (!same_address(&from.sa, &server->addr))
+        } else if (!same_address(&from.sa, &server->addr)) {
           /* The address the response comes from does not match
            * the address we sent the request to. Someone may be
            * attempting to perform a cache poisoning attack. */
-          break;
+          continue;
 #endif
-        else
-          process_answer(channel, buf, (int)count, i, 0, now);
-       } while (count > 0);
+        } else {
+          process_answer(channel, buf, (int)read_len, i, 0, now);
+        }
+      } while (read_len > 0);
     }
 }

Places

File CVE-2023-32067.patch of Package libcares2

Places