-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ares_parse_a_reply / ares_parse_aaaa_reply seem to have new behavior #371
Comments
Looks like this was an oversight in PR #257 |
mmomtchev
added a commit
to mmomtchev/node
that referenced
this issue
Nov 12, 2020
Due to a recent c-ares bug, Node was exposed to a security vulnerability due to reading beyond the end of the array of DNS responses when they were more than 256 c-ares team will fix this bug, but in the meantime, this will plug the security hole Fixes: https://github.com/nodejs/node/issues/36063 Refs: c-ares/c-ares#371 Refs: c-ares/c-ares@0d252eb
targos
pushed a commit
to nodejs/node
that referenced
this issue
Nov 16, 2020
Original commit message: If there are more ttls returned than the maximum provided by the requestor, then the *naddrttls response would be larger than the actual number of elements in the addrttls array. This bug could lead to invalid memory accesses in applications using c-ares. This behavior appeared to break with PR c-ares/c-ares#257 Fixes: c-ares/c-ares#371 Reported By: Momtchil Momtchev (@mmomtchev) Fix By: Brad House (@bradh352) Refs: https://github.com/nodejs/node/issues/36063 Signed-off-by: Michael Dawson <mdawson@devrus.com> CVE-ID: CVE-2020-8277 PR-URL: nodejs-private/node-private#231 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>
nxhack
added a commit
to nxhack/packages
that referenced
this issue
Nov 16, 2020
Fix CVE-2020-8277 : Denial of Service through DNS request c-ares/c-ares#371 c-ares/c-ares@0d252eb Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Is it possible make a release with CVE-2020-8277 fix? |
release prep is underway for c-ares 1.17.0. @bagder will be doing final sign-off. |
nxhack
added a commit
to nxhack/packages
that referenced
this issue
Nov 17, 2020
Update to 1.17.0 Fix CVE-2020-8277 : Denial of Service through DNS request c-ares/c-ares#371 c-ares/c-ares@0d252eb Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
nxhack
added a commit
to nxhack/packages
that referenced
this issue
Nov 17, 2020
Fix CVE-2020-8277 : Denial of Service through DNS request c-ares/c-ares#371 c-ares/c-ares@0d252eb Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
10 tasks
sergepetrenko
pushed a commit
to tarantool/c-ares
that referenced
this issue
Jul 29, 2022
If there are more ttls returned than the maximum provided by the requestor, then the *naddrttls response would be larger than the actual number of elements in the addrttls array. This bug could lead to invalid memory accesses in applications using c-ares. This behavior appeared to break with PR c-ares#257 Fixes: c-ares#371 Reported By: Momtchil Momtchev (@mmomtchev) Fix By: Brad House (@bradh352)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to the manual when calling
ares_parse_a_reply()
, the caller is to expect that no more thannaddrttls
will be written toaddrttls
andnaddrttls
will be set to the number of records written. However this is not what is happening - unless I have missed something very obvious -naddrttls
is set to the total number of records present. I have the feeling that this behavior is very recent?Can you confirm this? Is it a documentation problem and was the change of behavior intended?
The text was updated successfully, but these errors were encountered: