File 0041-RESOLV-handle-fail-of-ares_parse_-_reply-properly.patch of Package sssd.23770
From 12ef932eac285b4ff6bfd8bc8bcdd4470a2bc222 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 8 Jan 2021 20:05:03 +0100
Subject: [PATCH] RESOLV: handle fail of ares_parse_*_reply() properly
With modern versions of c-ares ares_parse_*_reply() functions don't touch
`hostent **host` in case of fail.
This means it's unreliable to check for (hostent != NULL) without previous
initialization.
To be on a safe side it's better to check for return code as well.
Resolves: https://github.com/SSSD/sssd/issues/5451
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit d207eaafc77b92ce43a5ea28cb857af9eedefaa5)
---
src/resolv/async_resolv.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index ba6fabf28..40553037d 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -935,7 +935,7 @@ static int
resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state,
int status, unsigned char *abuf, int alen)
{
- struct hostent *hostent;
+ struct hostent *hostent = NULL;
int naddrttls;
errno_t ret;
void *addr = NULL;
@@ -975,7 +975,7 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state,
goto fail;
}
- if (hostent != NULL) {
+ if ((hostent != NULL) && (status == ARES_SUCCESS)) {
state->rhostent = resolv_copy_hostent_ares(state, hostent,
state->family,
addr, naddrttls);
@@ -992,6 +992,10 @@ resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state,
talloc_zfree(state->rhostent);
return ENOENT;
}
+ } else if (status != ARES_SUCCESS) {
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to parse reply: %d\n", status);
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE, "NULL parse result!\n");
}
talloc_free(addr);
--
2.33.0
