File CVE-2017-1000381.patch of Package libcares2
From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Mon, 22 May 2017 10:54:10 +0100
Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
Check that there is enough data for the required elements
of an NAPTR record (2 int16, 3 bytes for string lengths)
before processing a record.
---
ares_parse_naptr_reply.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Index: c-ares-1.9.1/ares_parse_naptr_reply.c
===================================================================
--- c-ares-1.9.1.orig/ares_parse_naptr_reply.c
+++ c-ares-1.9.1/ares_parse_naptr_reply.c
@@ -158,6 +158,12 @@ ares_parse_naptr_reply (const unsigned c
if (status != ARES_SUCCESS)
break;
}
+ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
+ if (rr_len < 7)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Don't lose memory in the next iteration */
free (rr_name);
@@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned c
return ARES_SUCCESS;
}
-