Subject: Re: [PATCH] Security: Validate response address, possibly related to CVE-2008-1447

Re: [PATCH] Security: Validate response address, possibly related to CVE-2008-1447

From: Brad House <brad_at_mainstreetsoftworks.com>
Date: Tue, 26 Aug 2008 16:27:12 -0400

>>>> Verify if what I've just committed is actually what you intended.
>>>>
>>> I just reviewed the patch you committed:
>>> http://cool.haxx.se/cvs.cgi/curl/ares/ares_process.c.diff?r1=1.65&r2=1.66
>>>
>>>
>>> It's effect on systems which _do_ support recvfrom() is what I intended,
>>> but it doesn't do anything for systems which do not support recvfrom().
>>
>> Updated now:
>> http://cool.haxx.se/cvs.cgi/curl/ares/ares_process.c.diff?r1=1.65&r2=1.67
>
> Yep, that's good, you also need to fix setup_once.h, as of right now, if
> recvfrom() is not found, it won't compile because of this segment:
>
> ===================
> #if defined(HAVE_RECVFROM)
> /*
> * Currently recvfrom is only used on udp sockets.
> */
> #if !defined(RECVFROM_TYPE_ARG1) || \
> !defined(RECVFROM_TYPE_ARG2) || \
> !defined(RECVFROM_TYPE_ARG3) || \
> !defined(RECVFROM_TYPE_ARG4) || \
> !defined(RECVFROM_TYPE_ARG5) || \
> !defined(RECVFROM_TYPE_ARG6) || \
> !defined(RECVFROM_TYPE_RETV)
> /* */
> Error Missing_definition_of_return_and_arguments_types_of_recvfrom
> /* */
> #else
> #define sreadfrom(s,b,bl,f,fl) (ssize_t)recvfrom((RECVFROM_TYPE_ARG1)
> (s), \
> (RECVFROM_TYPE_ARG2
> *)(b), \
> (RECVFROM_TYPE_ARG3)
> (bl), \
> (RECVFROM_TYPE_ARG4)
> (0), \
> (RECVFROM_TYPE_ARG5
> *)(f), \
> (RECVFROM_TYPE_ARG6
> *)(fl))
> #endif
> #else /* HAVE_RECVFROM */
> #ifndef sreadfrom
> /* */
> Error Missing_definition_of_macro_sreadfrom
> /* */
> #endif
> #endif /* HAVE_RECVFROM */
> ====================
>
> The compiler will balk on the 'Error
> Missing_definition_of_macro_sreadfrom' ...
> which obviously would make the change to ares_process.c moot ...

By the way, if it wasn't clear, I'm suggesting that entire block
from setup_once.h be removed as you've changed my original patch
such that sreadfrom() is never used. Also, the RECVFROM_TYPE_ARG*
values are never being used, so either the ares_process.c should
use them for casting, _or_ the determination of the RECFROM_TYPE_ARG*
values in acinclude.m4 should go away (as that check can take a
_long_ time, especially if it's not being used).

-Brad
Received on 2008-08-26