Subject: Re: ANNOUNCE: c-ares 1.7.5

Re: ANNOUNCE: c-ares 1.7.5

From: Denis Bilenko <denis.bilenko_at_gmail.com>
Date: Wed, 24 Aug 2011 21:03:56 +0700

Thanks for release!

> o Use correct sizeof in ares_getnameinfo()

This does not seem the case though, the sizeof is still not correct. I
have a test case in gevent (gevent.org) which demonstrates that
ares_getnameinfo produces random results with c-ares 1.7.5. Applying
the patch below fixes it.

It's rather obvious bug though, and you don't need a test case to
understand it.

Just take a look at the definition of nameinfo_query
https://github.com/bagder/c-ares/blob/master/ares_getnameinfo.c#L67
and then at this memcpy invocation:
https://github.com/bagder/c-ares/blob/master/ares_getnameinfo.c#L190

You'll notice that memcpy does not copy enough bytes, causing
ares_getnameinfo return arbitrary memory contents as a result.

I've made a pull request about this some time ago:
https://github.com/bagder/c-ares/pull/4

Please take a look.

On Wed, Aug 17, 2011 at 3:57 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> Hi friends,
>
> I'm happy to say that c-ares 1.7.5 has been uploaded and can be found at
> http://c-ares.haxx.se/ as usual.
>
> The RELEASE-NOTES this time looks like the following:
>
> c-ares version 1.7.5
>
> Fixed:
>
>  o detection of semicolon comments in resolv.conf
>  o avoid using system's inet_net_pton affected by the WLB-2008080064
> advisory
>  o replacement ares_inet_net_pton affected by the WLB-2008080064 advisory
>  o replacement ares_inet_ntop affected by potential out of bounds write
>  o added install target to Makefile.msvc
>  o only fall back to AF_INET searches when looking for AF_UNSPEC addresses
>  o fixed ares_parse_*_reply memory leaks
>  o Use correct sizeof in ares_getnameinfo()
>  o IPv6-on-windows: find DNS servers correctly
>  o man pages: docs for the c-ares utility programs
>  o getservbyport replacement for Win CE
>  o config_sortlist: (win32) missing else
>  o advance_tcp_send_queue: avoid NULL ptr dereference
>  o configure: fix a bashism
>  o ares_expand_name: Fix encoded length for indirect root
>
> Thanks go to these friendly people for their efforts and contributions:
>
>  Yang Tse, Jakub Hrozek, Gisle Vanem, Tom Hughes, David Stuart, Dima Tisnek,
>  Peter Pentchev, Stefan Buhler
>
> Have fun!
>
> --
>
>  / daniel.haxx.se
>
Received on 2011-08-24