Merge pull request from GHSA-54xr-f67r-4pc4

* CARES_RANDOM_FILE should always default to /dev/urandom During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately detected, therefore we should always set it to /dev/urandom and allow the entity requesting compilation override the value. The code does appropriately fall back if CARES_RANDOM_FILE cannot be opened. * use set not option
c-ares · Apr 30, 2023 · c493022 · c493022
1 parent f95ca36
commit c493022
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 15 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent)
 OPTION (CARES_BUILD_TESTS "Build and run tests"                                                  OFF)
 OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF)
 OPTION (CARES_BUILD_TOOLS "Build tools"                                                          ON)
+SET    (CARES_RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom")
+
 
 # Tests require static to be enabled on Windows to be able to access otherwise hidden symbols
 IF (CARES_BUILD_TESTS AND (NOT CARES_STATIC) AND WIN32)
@@ -402,10 +404,6 @@ SET (CMAKE_REQUIRED_DEFINITIONS)
 SET (CMAKE_REQUIRED_LIBRARIES)
 
 
-find_file(CARES_RANDOM_FILE urandom /dev)
-mark_as_advanced(CARES_RANDOM_FILE)
-
-
 ################################################################################
 # recv, recvfrom, send, getnameinfo, gethostname
 # ARGUMENTS AND RETURN VALUES

diff --git a/configure.ac b/configure.ac
@@ -896,17 +896,7 @@ AC_ARG_WITH(random,
 AS_HELP_STRING([--with-random=FILE],
                [read randomness from FILE (default=/dev/urandom)]),
     [ CARES_RANDOM_FILE="$withval" ],
-    [
-        dnl Check for random device.  If we're cross compiling, we can't
-        dnl check, and it's better to assume it doesn't exist than it is
-        dnl to fail on AC_CHECK_FILE or later.
-        if test "$cross_compiling" = "no"; then
-          AC_CHECK_FILE("/dev/urandom", [ CARES_RANDOM_FILE="/dev/urandom"] )
-        else
-          AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none])
-        fi
-
-    ]
+    [ CARES_RANDOM_FILE="/dev/urandom" ]
 )
 if test -n "$CARES_RANDOM_FILE" && test X"$CARES_RANDOM_FILE" != Xno ; then
         AC_SUBST(CARES_RANDOM_FILE)