2023-10-19 16:49:23 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libcares: update to 1.20.1.
Version 1.20.1 (8 Oct 2023)
GitHub (8 Oct 2023)
- [Daniel Stenberg brought this change]
ares-test: silence warning (#564)
warning: comparison of integer expressions of different signedness
Fix By: Daniel Stenberg (@bagder)
Brad House (8 Oct 2023)
- fix README.md
GitHub (8 Oct 2023)
- [Brad House brought this change]
1.20.1 release (#563)
- [Brad House brought this change]
fix reference to freed memory (#562)
Issue #561 shows free'd memory could be accessed in some error conditions.
Fixes Issue #561
Fix By: Brad House (@bradh352)
Brad House (8 Oct 2023)
- reported build/test systems may timeout on intensive tests. reduce test case \
to still be relevant but to reduce false positive errors
GitHub (8 Oct 2023)
- [Gregor Jasny brought this change]
Regression: Fix typo in fuzzcheck target name (#559)
This seems to be a vim'esque typo introduced with c1b00c41.
Fix By: Gregor Jasny (@gjasny)
Version 1.20.0 (6 Oct 2023)
Brad House (6 Oct 2023)
- fix slist search off by 1
GitHub (6 Oct 2023)
- [Brad House brought this change]
1.20.0 release prep (#557)
- [Brad House brought this change]
ares__buf should return standard error codes. more helpers implemented. (#558)
The purpose of this PR is to hopefully make the private API of this set of \
routines less likely to need to be changed in a future release. While this is \
not a public API, it could become harder in the future to change usage as it \
becomes more widely used within c-ares.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Update from 1989 MIT license text to modern MIT license text (#556)
ares (and thus c-ares) was originally licensed under the 1989 MIT license text:
\
https://fedoraproject.org/wiki/Licensing:MIT#Old_Style_(no_advertising_without_permission)
This change updates the license to the modern MIT license as recognized here:
https://opensource.org/license/mit/
care has been taken to ensure correct attributions remain for the authors \
contained within the copyright headers, and all authors with attributions in the \
headers have been contacted for approval regarding the change. Any authors \
which were not able to be contacted, the original copyright maintains, luckily \
that exists in only a single file `ares_parse_caa_reply.c` at this time.
Please see PR #556 for the documented approvals by each contributor.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Test Harness: use ares_timeout() to calculate the value to pass to select() \
these days. (#555)
The test framework was using 100ms timeout passed to select(), and not using \
ares_timeout() to calculate the actual recommended value based on the queries in \
queue. Using ares_timeout() tests the functionality of ares_timeout() itself and \
will provide more responsive results.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Fix for TCP back to back queries (#552)
As per #266, TCP queries are basically broken. If we get a partial reply, \
things just don't work, but unlike UDP, TCP may get fragmented and we need to \
properly handle that.
I've started creating a basic parser/buffer framework for c-ares for memory \
safety reasons, but it also helps for things like this where we shouldn't be \
manually tracking positions and fetching only a couple of bytes at a time from a \
socket. This parser/buffer will be expanded and used more in the future.
This also resolves #206 by allowing NULL to be specified for some socket \
callbacks so they will auto-route to the built-in c-ares functions.
Fixes: #206, #266
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
remove acountry from built tools as nerd.dk is gone (#554)
The acountry utility required a third party DNSBL service from nerd.dk in \
order to operate. That service has been offline for about a year and there is no \
other comparable service offering. We are keeping the code in the repository as \
an example, but no longer building it.
Fixes: #537
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Don't requeue any queries for getaddrinfo() during destruction. (#553)
During ares_destroy(), any outstanding queries are terminated, however \
ares_getaddrinfo() had an ordering issue with status codes which in some \
circumstances could lead to a new query being enqueued rather than honoring the \
termination.
Fixes #532
Fix By: @Chilledheart and Brad House (@bradh352)
- [Brad House brought this change]
ares_getaddrinfo(): Fail faster on AF_UNSPEC if we've already received one \
address class (#551)
As per #541, when using AF_UNSPEC with ares_getaddrinfo() (and in turn with \
ares_gethostbynam()) if we receive a successful response for one address class, \
we should not allow the other address class to continue on with retries, just \
return the address class we have.
This will limit the overall query time to whatever timeout remains for the \
pending query for the other address class, it will not, however, terminate the \
other query as it may still prove to be successful (possibly coming in less than \
a millisecond later) and we'd want that result still. It just turns off \
additional error processing to get the result back quicker.
Fixes Bug: #541
Fix By: Brad House (@bradh352)
- [Sam Morris brought this change]
Avoid producing an ill-formed result when qualifying a name with the root \
domain (#546)
This prevents the result of qualifying "name" with "." \
being "name.." which is ill-formed.
Fixes Bug: #545
Fix By: Sam Morris (@yrro)
- [Brad House brought this change]
Configuration option to limit number of UDP queries per ephemeral port (#549)
Add a new ARES_OPT_UDP_MAX_QUERIES option with udp_max_queries parameter that \
can be passed to ares_init_options(). This value defaults to 0 (unlimited) to \
maintain existing compatibility, any positive number will cause new UDP \
ephemeral ports to be created once the threshold is reached, we'll call these \
'connections' even though its technically wrong for UDP.
Implementation Details:
* Each server entry in a channel now has a linked-list of connections/ports \
for udp and tcp. The first connection in the list is the one most likely to be \
eligible to accept new queries.
* Queries are now tracked by connection rather than by server.
* Every time a query is detached from a connection, the connection that it was \
attached to will be checked to see if it needs to be cleaned up.
* Insertion, lookup, and searching for connections has been implemented as \
O(1) complexity so the number of connections will not impact performance.
* Remove is_broken from the server, it appears it would be set and immediately \
unset, so must have been invalidated via a prior patch. A future patch should \
probably track consecutive server errors and de-prioritize such servers. The \
code right now will always try servers in the order of configuration, so a bad \
server in the list will always be tried and may rely on timeout logic to try the \
next.
* Various other cleanups to remove code duplication and for clarification.
Fixes Bug: #444
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
its not 1991 anymore, lower default timeout and retry count (#542)
A lot of time has passed since the original timeouts and retry counts were \
chosen. We have on and off issues reported due to this. Even on geostationary \
satellite links, latency is worst case around 1.5s. This PR changes the \
per-server timeout to 2s and the retry count lowered from 4 to 3.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Modernization: Implement base data-structures and replace usage (#540)
c-ares currently lacks modern data structures that can make coding easier and \
more efficient. This PR implements a new linked list, skip list (sorted linked \
list), and hashtable implementation that are easy to use and hard to misuse. \
Though these implementations use more memory allocations than the prior \
implementation, the ability to more rapidly iterate on the codebase is a bigger \
win than any marginal performance difference (which is unlikely to be visible, \
modern systems are much more powerful than when c-ares was initially created).
The data structure implementation favors readability and audit-ability over \
performance, however using the algorithmically correct data type for the purpose \
should offset any perceived losses.
The primary motivation for this PR is to facilitate future implementation for \
Issues #444, #135, #458, and possibly #301
A couple additional notes:
The ares_timeout() function is now O(1) complexity instead of O(n) due to the \
use of a skiplist.
Some obscure bugs were uncovered which were actually being incorrectly \
validated in the test cases. These have been addressed in this PR but are not \
explicitly discussed.
Fixed some dead code warnings in ares_rand for systems that don't need rc4
Fix By: Brad House (@bradh352)
- [Jérôme Duval brought this change]
fix missing prefix for CMake generated libcares.pc (#530)
'pkg-config grpc --cflags' complains with:
Variable 'prefix' not defined in libcares.pc
Fix By: Jérôme Duval (@korli)
bradh352 (11 Jul 2023)
- windows get_DNS_Windows port fix for ipv6
- windows get_DNS_Windows port is in network byte order
- backoff to debian 11 due to coverage check failure
- extend on PR #534, windows should also honor a port
GitHub (11 Jul 2023)
- [Brad House brought this change]
Support configuration of DNS server ports (#534)
As per https://man.openbsd.org/OpenBSD-5.1/resolv.conf.5 we should
support bracketed syntax for resolv.conf entries to contain an optional
port number.
We also need to utilize this format for configuration of MacOS
DNS servers as seen when using the Viscosity OpenVPN client, where
it starts a private DNS server listening on localhost on a non-standard
port.
Fix By: Brad House (@bradh352)
Daniel Stenberg (9 Jun 2023)
- provide SPDX identifiers and a REUSE CI job to verify
All files have their licence and copyright information clearly
identifiable. If not in the file header, they are set separately in
.reuse/dep5.
All used license texts are provided in LICENSES/
GitHub (30 May 2023)
- [Alexey A Tikhonov brought this change]
Remove unreachable code as reported by Coverity (#527)
Coverity reported some code as unreachable. A manual inspection confirmed the \
reports.
Fix By: Alexey A Tikhonov (@alexey-tikhonov)
- [Ben Noordhuis brought this change]
rand: add support for getrandom() (#526)
glibc provides arc4random_buf() but musl does not and /dev/urandom is
not always available.
- [Tim Wojtulewicz brought this change]
Replace uses of sprintf with snprintf (#525)
sprintf isn't safe even if you think you are using it right. Switch to snprintf().
Fix By: Tim Wojtulewicz (@timwoj)
bradh352 (23 May 2023)
- update version and release procedure
GitHub (22 May 2023)
- [Douglas R. Reno brought this change]
INSTALL.md: Add Watcom instructions and update Windows documentation URLs (#524)
This commit adds instructions on how to use the WATCOM compiler to build \
c-ares. This was just tested on c-ares-1.19.1 and works well.
While going through the links for the C Runtime documentation for Windows \
systems, I discovered that all three of the KB articles that were linked are now \
nonexistent. This commit replaces KB94248 with the current replacement available \
on Microsoft's website, which also makes the other two KB articles obsolete.
Fix By: Douglas R. Reno (@renodr)
|
2023-05-22 15:00:41 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libcares: update to 1.19.1.
Security bugfix release.
|
2023-01-24 19:36:36 by Thomas Klausner | Files touched by this commit (103) |
Log message:
*: convert to cmake/build.mk
|
2021-11-01 10:57:53 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libcares: update to 1.18.1.
c-ares version 1.18.1 - Oct 27 2021
Bug fixes:
ares_getaddrinfo() would return ai_addrlen of 16 for ipv6
adddresses rather than the sizeof(struct sockaddr_in6)
c-ares version 1.18.0 - Oct 25 2021
Changes:
Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
Provide ares_nameser.h as a public interface as needed by NodeJS
Update URLs from c-ares.haxx.se to c-ares.org
During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain in
the search.
Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo()
as they followed very similar code paths and ares_gethostbyaddr()
has some more desirable features such as priority sorting and
parallel queries for AF_UNSPEC.
ares_getaddrinfo() now contains a name element in the address
info structure as the last element. This is not an API or ABI
break due to the structure always being internally allocated
and it being the last element.
ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly
identical, those now use the same helper functions for parsing
rather than having their own code.
RFC6761 Section 6.3 says "localhost" lookups need to be special
cased to return loopback addresses, and not forward queries to
recursive dns servers. On Windows this now returns all loopback
addresses, on other systems it returns 127.0.0.1 or ::1 always,
and will never forward a request for "localhost" to outside
DNS servers.
Haiki: port
Bug fixes:
add build to .gitignore
z/OS minor update, add missing semicolon in ares_init.c
Fix building when latest ax_code_coverage.m4 is imported
Work around autotools 'error: too many loops' and other newer
autotools import related bugs.
MinGW cross builds need advapi32 link as lower case
Cygwin build fix due to containing both socket.h and winsock2.h
ares_expand_name should allow underscores (_) as SRV records
legitimately use them
Allow '/' as a valid character for a returned name for CNAME
in-addr.arpa delegation
ares_getaddrinfo() was not honoring HOSTALIASES
ares_getaddrinfo() had some test cases disabled due to a bug
in the test framework itself which has now been resolved
|
2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|
2021-08-10 09:27:23 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libcares: update to 1.17.2.
c-ares version 1.17.2
This is a security and bugfix release. It addresses a few security related
issues along with various bugfixes mostly related to portability.
Security:
o NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
systems where malloc(0) returns NULL. This would cause a crash. [8]
o When building c-ares with CMake, the RANDOM_FILE would not be set and
therefore downgrade to the less secure random number generator [12]
o If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause
a crash [13]
o Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response [14]
o Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
prevent spoofing [16], [17]
o Perform validation on hostnames to prevent possible XSS due to applications
not performing valiation themselves [18]
Changes:
o Use non-blocking /dev/urandom for random data to prevent early startup
performance issues [5]
o z/OS port [6]
o ares_malloc(0) is now defined behavior (returns NULL) rather than
system-specific to catch edge cases [7]
Bug fixes:
o Fuzz testing files were not distributed with official archives [1]
o Building tests should not force building of static libraries except on
Windows [2]
o Windows builds of the tools would fail if built as static due to a missing
CARES_STATICLIB definition [3]
o Relative headers must use double quotes to prevent pulling in a system
library [4]
o Fix OpenBSD building by implementing portability updates for including
arpa/nameser.h [9]
o Fix building out-of-tree for autotools [10]
o Make install on MacOS/iOS with CMake was missing the bundle destination so
libraries weren't actually installed [11]
o Fix retrieving DNS server configuration on MacOS and iOS if the configuration
did not include search domains [15]
o ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
instead of ares_strdup() [19]
|
2020-11-23 16:47:19 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libcares: update to 1.17.1.
Version 1.17.1 (19 Nov 2020)
GitHub (19 Nov 2020)
- [Brad House brought this change]
Travis: add iOS target built with CMake (#378)
Issue #377 suggested that CMake builds for iOS with c-ares were broken. This \
PR adds an automatic Travis build for iOS CMake.
Fix By: Brad House (@bradh352)
bradh352 (18 Nov 2020)
- fix build
GitHub (18 Nov 2020)
- [Fabrice Fontaine brought this change]
External projects were using non-public header ares_dns.h, make public again (#376)
It appears some outside projects were relying on macros in ares_dns.h, even \
though it doesn't appear that header was ever meant to be public. That said, we \
don't want to break external integrators so we should distribute this header \
again.
Fix By: Fabrice Fontaine (@ffontaine)
bradh352 (17 Nov 2020)
- note that so versioning has moved to configure.ac
- note about 1.17.1
- fix sed gone wrong
GitHub (17 Nov 2020)
- [Daniel Stenberg brought this change]
autotools cleanup (#372)
* remove: install-sh mkinstalldirs
They're generated when needed, no need to store in it.
* buildconf: remove custom logic with autoreconf
Fix By: Daniel Stenberg (@bagder)
bradh352 (17 Nov 2020)
- attempt to fix 1.17.0 release distribution issues
Version 1.17.0 (16 Nov 2020)
bradh352 (16 Nov 2020)
- 1.17.0 release prep
- ares_getaddrinfo(): duplicate hints ai_socktype and ai_protocol into output
ai_socktype and ai_protocol were ignored from the hints input. They are now
duplicated into the output as expected. Currently no sanity checks on
proper values are taking place.
Fixes: #317
Fix By: Brad House (@bradh352)
- ares_parse_{a,aaaa}_reply could return larger *naddrttls than passed in
If there are more ttls returned than the maximum provided by the requestor, then
the *naddrttls response would be larger than the actual number of elements in
the addrttls array.
This bug could lead to invalid memory accesses in applications using c-ares.
This behavior appeared to break with PR #257
Fixes: #371
Reported By: Momtchil Momtchev (@mmomtchev)
Fix By: Brad House (@bradh352)
GitHub (5 Nov 2020)
- [Dustin Lundquist brought this change]
docs: ares_set_local_ip4() uses host byte order (#368)
Properly document brain-dead behavior of ares_set_local_ip4() using host byte \
order instead of expected network byte order.
Fix By: Dustin Lundquist <d.lundquist@tempered.io>
- [Łukasz Marszał brought this change]
empty hquery->name could lead to invalid memory access (#367)
If hquery->name is empty (=="\0"), \
&hquery->name[strlen(hquery->name)-1] would point to \
"random" place in memory. This is causing some of my address sanitizer \
tests to fail.
Fix By: Łukasz Marszał (@lmarszal)
bradh352 (28 Sep 2020)
- Fix OSSFuzz reported issue in CAA reply parsing
OSS-Fuzz is reporting a use-of-uninitialized-value:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26012
Reported By: David Drysdale (@daviddrysdale)
GitHub (26 Sep 2020)
- [David Hotham brought this change]
fuzz CAA parsing (#363)
Add fuzz support for CAA parsing
Fix By: David Hotham (@dimbleby)
- [Daniela Sonnenschein brought this change]
Allow parsing of CAA Resource Record (#360)
CAA (Certification Authority Authorization) was introduced in RFC 6844.
This has been obsoleted by RFC 8659. This commit added the possibility
to query CAA resource records with adig and adds a parser for CAA
records, that can be used in conjunction with ares_query(3).
Closes Bug: #292
Fix By: Daniela Sonnenschein (@lxdicted)
Daniel Stenberg (17 Sep 2020)
- docs: remove the html and pdf make targets
They're rarely used in our daily work flow and mostly just add friction,
Closes #362
bradh352 (14 Sep 2020)
- ares_process needs to always include nameser.h as it has compat
- Define T_OPT if system doesn't provide it
GitHub (12 Sep 2020)
- [Gisle Vanem brought this change]
Change the mailman links (#358)
Links when wrapping become misleading. Insert newline to prevent wrapping.
Fix By: Gisle Vanem (@gvanem)
- [Gisle Vanem brought this change]
[adig] Update man-page for the '-x' option (#357)
Fix By: Gisle Vanem (@gvanem)
- [Gisle Vanem brought this change]
[adig] add '-x' option. (#356)
Added a 'dig-style' '-x' option. Also support '-xx' for a
IPv6 bit-string PTR query.
Fix By: Gisle Vanem (@gvanem)
bradh352 (12 Sep 2020)
- fix indentation
- ns_t_opt -> T_OPT
GitHub (12 Sep 2020)
- [Gisle Vanem brought this change]
Fixes for Watt-32 on djgpp + Windows (#355)
No longer any relation to libcurl since \
'<libcurl-root>/packages/DOS/common.dj' is dropped.
This Makefile.dj has been tested on Win-10 only (using the Windows hosted \
djgpp cross compiler).
Fix By: Gisle Vanem (@gvanem)
- [Gisle Vanem brought this change]
Fixes for Watt-32 on Windows and MSDOS (#354)
Move the prototype to 'ares_private.h'.
Fix By: Gisle Vanem (@gvanem)
bradh352 (11 Sep 2020)
- update path for include
- remove stale information
- remove stale information
Brad House (9 Sep 2020)
- silence compiler warnings
- Remove stale msvc files from makefile
GitHub (9 Sep 2020)
- [Brad House brought this change]
Reorganize source tree (#349)
Originally started by Daniel Stenberg (@bagder) with #123, this patch \
reorganizes the c-ares source tree to have a more modern layout. It also fixes \
out of tree builds for autotools, and automatically builds the tests if tests \
are enabled. All tests are passing which tests each of the supported build \
systems (autotools, cmake, nmake, mingw gmake). There may be some edge cases \
that will have to be caught later on for things I'm not aware of.
Fix By: Brad House (@bradh352)
Brad House (1 Sep 2020)
- remove CURLDEBUG as per #82
GitHub (1 Sep 2020)
- [Erik Lax brought this change]
Detect remote DNS server does not support EDNS as per RFC 6891 (#244)
EDNS retry should be based on FORMERR returned without an OPT RR record as per \
https://tools.ietf.org/html/rfc6891#section-7 rather than just treating any \
unexpected error condition as a reason to disable EDNS on the channel.
Fix By: Erik Lax (@eriklax)
Brad House (27 Aug 2020)
- Fix for #345, don't use 'true' use 1
GitHub (27 Aug 2020)
- [Seraphime Kirkovski brought this change]
ares_gethostbyname: Fix AF_UNSPEC support when using an ip address (#204)
fake_hostent() was not supporting AF_UNSPEC, so when an ip address was \
specified when using AF_UNSPEC it would attempt to do a DNS lookup rather than \
returning a fake hostent using the ip address.
Fix By: Seraphime Kirkovski (@Seraphime)
- [apenn-msft brought this change]
Tests should use dynamic system-assigned ports rather than static port (#346)
The c-ares test suite was hardcoded to use port 5300 (and possibly 5301, 5302) \
for the test suite. Especially in containers, there may be no guarantee these \
ports are available and cause tests to fail when they could otherwise succeed. \
Instead, request the system to assign a port to use dynamically. This is now \
the default. To override, the test suite still takes the "-p \
<port>" option as it always has and will honor that.
Fix By: Anthony Penniston (@apenn-msft)
Brad House (25 Aug 2020)
- Unset members of the addr struct contain garbage values (#343)
When generating the ares_sockaddr data by getaddrinfo() it was only filling
in certain members while leaving others uninitialized. This left garbage
data if a user tried to use the unset values. memset() the ares_sockaddr
to 0 prior to filling in the values to prevent this.
Reported By: @SmorkalovG
Fix By: Brad House (@bradh352)
GitHub (24 Aug 2020)
- [Jonathan Maye-Hobbs brought this change]
FQDN with trailing period should be queried first with larger ndot value (#345)
If a query is performed for dynamodb.us-east-1.amazonaws.com. with ndots=5, it \
was attempting to search the search domains rather than just attempting the FQDN \
that was passed it. This patch now at least attempts the FQDN first.
We may need to determine if we should abort any further searching, however as \
is probably intended.
Fix by: Jonathan Maye-Hobbs (@wheelpharoah)
- [Gisle Vanem brought this change]
Update acountry.c country code list (#341)
Updated country_list[]:
* 2-letter ISO-3166 country-codes.
* Add, rename some names + codes in accordance with latest table at \
https://en.wikipedia.org/wiki/ISO_3166-1.
Fix By: Gisle Vanem (@gvanem)
- [Bulat Gaifullin brought this change]
Test case should honor flag HAVE_WRITEV rather than WIN32 (#344)
Test cases where not honoring the HAVE_WRITEV flag but instead using WIN32 to \
determine if WRITEV was available or not. This patch fixes that.
Fix By: Bulat Gaifullin (@bgaifullin)
Brad House (18 Jul 2020)
- Ensure c89 support
A couple of for loops in Mac-specific code were using integer declarations
inside a for loop. Move the declaration to the top of the preceding
code block to retain c89 compliance.
Reported By: Jeffrey Walton
GitHub (2 Jul 2020)
- [Fionn Fitzmaurice brought this change]
Avoid buffer overflow in RC4 loop comparison (#336)
The rc4 function iterates over a buffer of size buffer_len who's maximum
value is INT_MAX with a counter of type short that is not guaranteed to
have maximum size INT_MAX.
In circumstances where short is narrower than int and where buffer_len
is larger than the maximum value of a short, it may be possible to loop
infinitely as counter will overflow and never be greater than or equal
to buffer_len.
The solution is to make the comparison be between types of equal width.
This commit defines counter as an int.
Fix By: Fionn Fitzmaurice (@fionn)
- [anonymoushelpishere brought this change]
Updated help information for adig, acountry, and ahost. (#334)
Provide more descriptive help information for various utilities.
Fix By: @anonymoushelpishere
- [lutianxiong brought this change]
avoid read-heap-buffer-overflow (#332)
Fix invalid read in ares_parse_soa_reply.c found during fuzzing
Fixes Bug: #333
Fix By: lutianxiong (@ltx2018)
- [Ivan Baidakou brought this change]
Fix: sizeof(sizeof(addr.saX)) -> sizeof(addr.saX) in readaddrinfo (#331)
Looks like a sed-gone-wrong, a sizeof inside of a sizeof.
Fix By: Ivan Baidakou (@basiliscos)
|
2020-06-01 21:11:37 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
libcares: updated to 1.16.1
c-ares version 1.16.1
Security:
* Prevent possible use-after-free and double-free in ares_getaddrinfo() if \
ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by \
Jann Horn at Google Project Zero.
Changes:
* Allow TXT records on CHAOS qclass. Used for retriving things like \
version.bind, version.server, authoris.bind, hostname.bind, and id.server.
Bug fixes:
* Fix Windows Unicode incompatibilities with ares_getaddrinfo()
* Silence false cast-align compiler warnings due to valid casts of struct \
sockaddr to struct sockaddr_in and struct sockaddr_in6.
* MacOS should use libresolv for retrieving DNS servers, like iOS
* CMake build system should populate the INCLUDE_DIRECTORIES property of \
installed targets
* Correct macros in use for the ares_getaddrinfo.3 man page
|
2020-03-13 10:49:41 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
libcares: updated to 1.16.0
c-ares version 1.16.0:
Changes:
Introduction of ares_getaddrinfo() API which provides similar output (including \
proper sorting as per RFC 6724) to the system native API, but utilizes different \
data structures in order to provide additional information such as TTLs and all \
aliases. Please reference the respective man pages for usage details.
Parse SOA records from ns_t_any response
CMake: Provide c-ares version in package export file
CMake: Add CPACK functionality for DEB and RPM
CMake: Generate PDB files during build
CMake: Support manpage installation
Bug fixes:
Fix bad expectation in IPv6 localhost test.
AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to prevent \
complaints about CPPFLAGS in CFLAGS.
Fix .onion handling
Command line usage was out of date for adig and ahost.
Typos in manpages
If ares_getenv is defined, it must return a value on all platforms
If /etc/resolv.conf has invalid lookup values, use the defaults.
Tests: Separate live tests from SetServers* tests as only live tests should \
require internet access.
ares_gethostbyname() should return ENODATA if no valid A or AAAA record is \
found, but a CNAME was found.
CMake: Rework library function checking to prevent unintended linking with \
system libraries that aren't needed.
Due to use of inet_addr() it was not possible to return 255.255.255.255 from \
ares_gethostbyname().
CMake: Fix building of tests on Windows
|