adamm/c-ares
SHA256
1
0
Fork 0
forked from pool/c-ares
Code Pull Requests Activity

Accepting request 917731 from devel:libraries:c_c++

Browse Source 
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) 

- 5c995d5.patch: augment input validation on hostnames to allow _
  as part of DNS response (bsc#1190225)

OBS-URL: https://build.opensuse.org/request/show/917731
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=14
This commit is contained in:
Dominique Leuenberger 2021-09-13 14:24:22 +00:00 committed by Git OBS Bridge
commit 2572151cd5
7 changed files with 73 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
5c995d5.patch Normal file
View File

@ -0,0 +1,51 @@
From 5c995d50b05a2c374ae021012afa6f8f4cf2957e Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Wed, 8 Sep 2021 07:38:44 -0400
Subject: [PATCH] ares_expand_name should allow underscores (_) as SRV records
legitimately use them
c-ares 1.17.2 introduced response validation to prevent a security issue, however
it did not have (_) listed as a valid character for domain name responses which
caused issues when a CNAME referenced a SRV record which contained underscores.
While RFC2181 section 11 does explicitly state not to do validation, that applies
to servers not clients.
Fixes: #424
Fix By: Brad House (@bradh352)
---
src/lib/ares_expand_name.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c
index a62c982e..db262ab4 100644
--- a/src/lib/ares_expand_name.c
+++ b/src/lib/ares_expand_name.c
@@ -59,10 +59,16 @@ static int ares__isprint(int ch)
return 0;
}
-/* Character set allowed by hostnames */
+/* Character set allowed by hostnames. This is to include the normal
+ * domain name character set plus underscores which are used in SRV
+ * records. While RFC 2181 section 11 does state not to do validation,
+ * that applies to servers, not clients. Vulnerabilities have been
+ * reported when this validation is not performed. Security is more
+ * important than edge-case compatibility (which is probably invalid
+ * anyhow). */
static int is_hostnamech(int ch)
{
- /* [A-Za-z0-9-.]
+ /* [A-Za-z0-9-._]
* Don't use isalnum() as it is locale-specific
*/
if (ch >= 'A' && ch <= 'Z')
@@ -71,7 +77,7 @@ static int is_hostnamech(int ch)
return 1;
if (ch >= '0' && ch <= '9')
return 1;
- if (ch == '-' || ch == '.')
+ if (ch == '-' || ch == '.' || ch == '_')
return 1;
return 0;

4
_multibuild
View File

@ -1,4 +0,0 @@
<multibuild>
<package>main</package>
<package>tests</package>
</multibuild>

112
ares_dns.h
View File

@ -1,112 +0,0 @@
#ifndef HEADER_CARES_DNS_H
#define HEADER_CARES_DNS_H
/* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
*
* Permission to use, copy, modify, and distribute this
* software and its documentation for any purpose and without
* fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright
* notice and this permission notice appear in supporting
* documentation, and that the name of M.I.T. not be used in
* advertising or publicity pertaining to distribution of the
* software without specific, written prior permission.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is"
* without express or implied warranty.
*/
/*
* NOTE TO INTEGRATORS:
*
* This header is made public due to legacy projects relying on it.
* Please do not use the macros within this header, or include this
* header in your project as it may be removed in the future.
*/
/*
* Macro DNS__16BIT reads a network short (16 bit) given in network
* byte order, and returns its value as an unsigned short.
*/
#define DNS__16BIT(p) ((unsigned short)((unsigned int) 0xffff & \
(((unsigned int)((unsigned char)(p)[0]) << 8U) | \
((unsigned int)((unsigned char)(p)[1])))))
/*
* Macro DNS__32BIT reads a network long (32 bit) given in network
* byte order, and returns its value as an unsigned int.
*/
#define DNS__32BIT(p) ((unsigned int) \
(((unsigned int)((unsigned char)(p)[0]) << 24U) | \
((unsigned int)((unsigned char)(p)[1]) << 16U) | \
((unsigned int)((unsigned char)(p)[2]) << 8U) | \
((unsigned int)((unsigned char)(p)[3]))))
#define DNS__SET16BIT(p, v) (((p)[0] = (unsigned char)(((v) >> 8) & 0xff)), \
((p)[1] = (unsigned char)((v) & 0xff)))
#define DNS__SET32BIT(p, v) (((p)[0] = (unsigned char)(((v) >> 24) & 0xff)), \
((p)[1] = (unsigned char)(((v) >> 16) & 0xff)), \
((p)[2] = (unsigned char)(((v) >> 8) & 0xff)), \
((p)[3] = (unsigned char)((v) & 0xff)))
#if 0
/* we cannot use this approach on systems where we can't access 16/32 bit
data on un-aligned addresses */
#define DNS__16BIT(p) ntohs(*(unsigned short*)(p))
#define DNS__32BIT(p) ntohl(*(unsigned long*)(p))
#define DNS__SET16BIT(p, v) *(unsigned short*)(p) = htons(v)
#define DNS__SET32BIT(p, v) *(unsigned long*)(p) = htonl(v)
#endif
/* Macros for parsing a DNS header */
#define DNS_HEADER_QID(h) DNS__16BIT(h)
#define DNS_HEADER_QR(h) (((h)[2] >> 7) & 0x1)
#define DNS_HEADER_OPCODE(h) (((h)[2] >> 3) & 0xf)
#define DNS_HEADER_AA(h) (((h)[2] >> 2) & 0x1)
#define DNS_HEADER_TC(h) (((h)[2] >> 1) & 0x1)
#define DNS_HEADER_RD(h) ((h)[2] & 0x1)
#define DNS_HEADER_RA(h) (((h)[3] >> 7) & 0x1)
#define DNS_HEADER_Z(h) (((h)[3] >> 4) & 0x7)
#define DNS_HEADER_RCODE(h) ((h)[3] & 0xf)
#define DNS_HEADER_QDCOUNT(h) DNS__16BIT((h) + 4)
#define DNS_HEADER_ANCOUNT(h) DNS__16BIT((h) + 6)
#define DNS_HEADER_NSCOUNT(h) DNS__16BIT((h) + 8)
#define DNS_HEADER_ARCOUNT(h) DNS__16BIT((h) + 10)
/* Macros for constructing a DNS header */
#define DNS_HEADER_SET_QID(h, v) DNS__SET16BIT(h, v)
#define DNS_HEADER_SET_QR(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 7))
#define DNS_HEADER_SET_OPCODE(h, v) ((h)[2] |= (unsigned char)(((v) & 0xf) << 3))
#define DNS_HEADER_SET_AA(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 2))
#define DNS_HEADER_SET_TC(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 1))
#define DNS_HEADER_SET_RD(h, v) ((h)[2] |= (unsigned char)((v) & 0x1))
#define DNS_HEADER_SET_RA(h, v) ((h)[3] |= (unsigned char)(((v) & 0x1) << 7))
#define DNS_HEADER_SET_Z(h, v) ((h)[3] |= (unsigned char)(((v) & 0x7) << 4))
#define DNS_HEADER_SET_RCODE(h, v) ((h)[3] |= (unsigned char)((v) & 0xf))
#define DNS_HEADER_SET_QDCOUNT(h, v) DNS__SET16BIT((h) + 4, v)
#define DNS_HEADER_SET_ANCOUNT(h, v) DNS__SET16BIT((h) + 6, v)
#define DNS_HEADER_SET_NSCOUNT(h, v) DNS__SET16BIT((h) + 8, v)
#define DNS_HEADER_SET_ARCOUNT(h, v) DNS__SET16BIT((h) + 10, v)
/* Macros for parsing the fixed part of a DNS question */
#define DNS_QUESTION_TYPE(q) DNS__16BIT(q)
#define DNS_QUESTION_CLASS(q) DNS__16BIT((q) + 2)
/* Macros for constructing the fixed part of a DNS question */
#define DNS_QUESTION_SET_TYPE(q, v) DNS__SET16BIT(q, v)
#define DNS_QUESTION_SET_CLASS(q, v) DNS__SET16BIT((q) + 2, v)
/* Macros for parsing the fixed part of a DNS resource record */
#define DNS_RR_TYPE(r) DNS__16BIT(r)
#define DNS_RR_CLASS(r) DNS__16BIT((r) + 2)
#define DNS_RR_TTL(r) DNS__32BIT((r) + 4)
#define DNS_RR_LEN(r) DNS__16BIT((r) + 8)
/* Macros for constructing the fixed part of a DNS resource record */
#define DNS_RR_SET_TYPE(r, v) DNS__SET16BIT(r, v)
#define DNS_RR_SET_CLASS(r, v) DNS__SET16BIT((r) + 2, v)
#define DNS_RR_SET_TTL(r, v) DNS__SET32BIT((r) + 4, v)
#define DNS_RR_SET_LEN(r, v) DNS__SET16BIT((r) + 8, v)
#endif /* HEADER_CARES_DNS_H */

21
c-ares-config.cmake.in
View File

@ -1,21 +0,0 @@
@PACKAGE_INIT@
set_and_check(c-ares_INCLUDE_DIR "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@")
include("${CMAKE_CURRENT_LIST_DIR}/c-ares-config-version.cmake")
include("${CMAKE_CURRENT_LIST_DIR}/c-ares-targets.cmake")
set(c-ares_LIBRARY c-ares::cares)
if(@CARES_SHARED@)
add_library(c-ares::cares_shared INTERFACE IMPORTED)
set_target_properties(c-ares::cares_shared PROPERTIES INTERFACE_LINK_LIBRARIES "c-ares::cares")
set(c-ares_SHARED_LIBRARY c-ares::cares_shared)
elseif(@CARES_STATIC@)
add_library(c-ares::cares_static INTERFACE IMPORTED)
set_target_properties(c-ares::cares_static PROPERTIES INTERFACE_LINK_LIBRARIES "c-ares::cares")
endif()
if(@CARES_STATIC@)
set(c-ares_STATIC_LIBRARY c-ares::cares_static)
endif()

15
c-ares.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Thu Sep 9 12:15:01 UTC 2021 - Adam Majer <adam.majer@suse.de>
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
(c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
-------------------------------------------------------------------
Wed Sep 8 14:07:34 UTC 2021 - Adam Majer <adam.majer@suse.de>
- 5c995d5.patch: augment input validation on hostnames to allow _
as part of DNS response (bsc#1190225)
-------------------------------------------------------------------
Thu Aug 12 13:59:07 UTC 2021 - Adam Majer <adam.majer@suse.de>

53
c-ares.spec
View File

@ -16,23 +16,6 @@
#
%global flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "%{nil}"
ExclusiveArch: do_not_build
%define pname c-ares
%endif
%if "%{flavor}" == "tests"
%define pname c-ares-tests
%bcond_without tests
%endif
%if "%{flavor}" == "main"
%define pname c-ares
%bcond_with tests
%endif
%define sonum 2
%define libname libcares%{sonum}
@ -40,29 +23,24 @@ ExclusiveArch: do_not_build
%define cmake_build make -O VERBOSE=1 %{?_smp_mflags}
%endif
Name: %{pname}
Name: c-ares
Version: 1.17.2
Release: 0
Summary: Library for asynchronous name resolves
License: MIT
URL: https://c-ares.haxx.se/
Source0: http://c-ares.haxx.se/download/c-ares-%{version}.tar.gz
Source1: http://c-ares.haxx.se/download/c-ares-%{version}.tar.gz.asc
URL: https://c-ares.org/
Source0: https://c-ares.org/download/c-ares-%{version}.tar.gz
Source1: https://c-ares.org/download/c-ares-%{version}.tar.gz.asc
Source3: c-ares.keyring
Source4: baselibs.conf
### REMOVE when upstream fixes https://github.com/c-ares/c-ares/issues/373
Source5: libcares.pc.cmake
Source6: c-ares-config.cmake.in
Source7: ares_dns.h
Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: disable-live-tests.patch
Patch2: https://github.com/c-ares/c-ares/commit/5c995d5.patch
BuildRequires: cmake
BuildRequires: gcc-c++
%if %{with tests}
BuildRequires: pkg-config
# Needed for getservbyport_r function to work properly.
BuildRequires: netcfg
%endif
BuildRequires: pkg-config
%description
c-ares is a C library that performs DNS requests and name resolves
@ -106,35 +84,20 @@ by Greg Hudson at MIT.
This package provides the development libraries and headers needed
to build packages that depend on c-ares.
%prep
%autosetup -p1 -n c-ares-%{version}
cp %{S:5} %{S:6} .
cp %{S:7} include
%build
%cmake \
%if %{with tests}
-DCARES_BUILD_TESTS:BOOL=ON \
%endif
%{nil}
%cmake -DCARES_BUILD_TESTS:BOOL=ON
%cmake_build
%install
%if !%{with tests}
%cmake_install
%endif
%if %{with tests}
%check
pushd build
%cmake_build -C test
LD_LIBRARY_PATH=.%_libdir:./%_lib ./bin/arestest
%endif
%if !%{with tests}
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
@ -160,6 +123,4 @@ LD_LIBRARY_PATH=.%_libdir:./%_lib ./bin/arestest
%{_libdir}/pkgconfig/libcares.pc
%{_libdir}/cmake/c-ares/
%endif
%changelog

20
libcares.pc.cmake
View File

@ -1,20 +0,0 @@
#***************************************************************************
# Project ___ __ _ _ __ ___ ___
# / __|____ / _` | '__/ _ \/ __|
# | (_|_____| (_| | | | __/\__ \
# \___| \__,_|_| \___||___/
#
prefix=@CMAKE_INSTALL_PREFIX@
exec_prefix=${prefix}/@CMAKE_INSTALL_BINDIR@
libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
Name: c-ares
URL: https://c-ares.haxx.se/
Description: asynchronous DNS lookup library
Version: @CARES_VERSION@
Requires:
Requires.private:
Cflags: -I${includedir} @CPPFLAG_CARES_STATICLIB@
Libs: -L${libdir} -lcares
Libs.private: @CARES_PRIVATE_LIBS@