Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libcares2.29101
CVE-2023-32067.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-32067.patch of Package libcares2.29101
ported from commit b9b8413cfdb70a3f99e1573333b23052d57ec1ae Author: Brad House <brad@brad-house.com> Date: Mon May 22 06:51:49 2023 -0400 Merge pull request from GHSA-9g78-jv2r-p7vc Index: c-ares-1.9.1/ares_process.c =================================================================== --- c-ares-1.9.1.orig/ares_process.c +++ c-ares-1.9.1/ares_process.c @@ -429,7 +429,7 @@ static void read_udp_packets(ares_channe { struct server_state *server; int i; - ssize_t count; + ssize_t read_len; unsigned char buf[PACKETSZ + 1]; #ifdef HAVE_RECVFROM ares_socklen_t fromlen; @@ -473,29 +473,41 @@ static void read_udp_packets(ares_channe * packets as we can. */ do { #ifdef HAVE_RECVFROM - if (server->addr.family == AF_INET) - fromlen = sizeof(from.sa4); - else - fromlen = sizeof(from.sa6); - count = (ssize_t)recvfrom(server->udp_socket, (void *)buf, sizeof(buf), - 0, &from.sa, &fromlen); + if (server->udp_socket == ARES_SOCKET_BAD) { + read_len = -1; + } else { + if (server->addr.family == AF_INET) { + fromlen = sizeof(from.sa4); + } else { + fromlen = sizeof(from.sa6); + } + read_len = recvfrom(server->udp_socket, (void *)buf, + sizeof(buf), 0, &from.sa, &fromlen); #else - count = sread(server->udp_socket, buf, sizeof(buf)); + read_len = sread(server->udp_socket, buf, sizeof(buf)); #endif - if (count == -1 && try_again(SOCKERRNO)) + } + + if (read_len == 0) { + /* UDP is connectionless, so result code of 0 is a 0-length UDP + * packet, and not an indication the connection is closed like on + * tcp */ continue; - else if (count <= 0) + } else if (read_len < 0) { + if (try_again(SOCKERRNO)) + continue; handle_error(channel, i, now); #ifdef HAVE_RECVFROM - else if (!same_address(&from.sa, &server->addr)) + } else if (!same_address(&from.sa, &server->addr)) { /* The address the response comes from does not match * the address we sent the request to. Someone may be * attempting to perform a cache poisoning attack. */ - break; + continue; #endif - else - process_answer(channel, buf, (int)count, i, 0, now); - } while (count > 0); + } else { + process_answer(channel, buf, (int)read_len, i, 0, now); + } + } while (read_len > 0); } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor