diff mbox series

[meta-oe,dunfell,1/5] Revert "c-ares: Add fix for CVE-2021-3672"

Message ID 20220812075136.31326-1-akash.hadke@kpit.com
State New
Headers show
Series [meta-oe,dunfell,1/5] Revert "c-ares: Add fix for CVE-2021-3672" | expand

Commit Message

Akash Hadke Aug. 12, 2022, 7:51 a.m. UTC
From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

This reverts commit b06724bc274f751004ade2ceeddfb8ec40d93f16.
Revert this CVE fix as we upgrade c-ares to 1.18.1

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
---
 ...-fix-formatting-and-handling-of-root.patch | 115 ------------------
 ...d_name-should-escape-more-characters.patch |  90 --------------
 .../recipes-support/c-ares/c-ares_1.16.1.bb   |   2 -
 3 files changed, 207 deletions(-)
 delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
 delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
deleted file mode 100644
index d1cb54aefb..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
+++ /dev/null
@@ -1,115 +0,0 @@ 
-From: bradh352 <brad@brad-house.com>
-Date: Fri, 11 Jun 2021 12:39:24 -0400
-Subject: [2/2] ares_expand_name(): fix formatting and handling of root name
- response
-Origin: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672
-
-Fixes issue introduced in prior commit with formatting and handling
-of parsing a root name response which should not be escaped.
-
-Fix By: Brad House
-CVE: CVE-2021-3672
-Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz]
-Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
----
- ares_expand_name.c | 62 ++++++++++++++++++++++++--------------
- 1 file changed, 40 insertions(+), 22 deletions(-)
-
-diff --git a/ares_expand_name.c b/ares_expand_name.c
-index f1c874a97cfc..eb9268c1ff0a 100644
---- a/ares_expand_name.c
-+++ b/ares_expand_name.c
-@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
-         }
-       else
-         {
--          len = *p;
-+          int name_len = *p;
-+          len = name_len;
-           p++;
-+
-           while (len--)
-             {
--              if (!isprint(*p)) {
--                /* Output as \DDD for consistency with RFC1035 5.1 */
--                *q++ = '\\';
--                *q++ = '0' + *p / 100;
--                *q++ = '0' + (*p % 100) / 10;
--                *q++ = '0' + (*p % 10);
--              } else if (is_reservedch(*p)) {
--                *q++ = '\\';
--                *q++ = *p;
--              } else {
--                *q++ = *p;
--              }
-+              /* Output as \DDD for consistency with RFC1035 5.1, except
-+               * for the special case of a root name response  */
-+              if (!isprint(*p) && !(name_len == 1 && *p == 0))
-+                {
-+
-+                  *q++ = '\\';
-+                  *q++ = '0' + *p / 100;
-+                  *q++ = '0' + (*p % 100) / 10;
-+                  *q++ = '0' + (*p % 10);
-+                }
-+              else if (is_reservedch(*p))
-+                {
-+                  *q++ = '\\';
-+                  *q++ = *p;
-+                }
-+              else
-+                {
-+                  *q++ = *p;
-+                }
-               p++;
-             }
-           *q++ = '.';
-         }
--    }
-+     }
-+
-   if (!indir)
-     *enclen = aresx_uztosl(p + 1U - encoded);
- 
-@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
-         }
-       else if (top == 0x00)
-         {
--          offset = *encoded;
-+          int name_len = *encoded;
-+          offset = name_len;
-           if (encoded + offset + 1 >= abuf + alen)
-             return -1;
-           encoded++;
-+
-           while (offset--)
-             {
--              if (!isprint(*encoded)) {
--                n += 4;
--              } else if (is_reservedch(*encoded)) {
--                n += 2;
--              } else {
--                n += 1;
--              }
-+              if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0))
-+                {
-+                  n += 4;
-+                }
-+              else if (is_reservedch(*encoded))
-+                {
-+                  n += 2;
-+                }
-+              else
-+                {
-+                  n += 1;
-+                }
-               encoded++;
-             }
-+
-           n++;
-         }
-       else
--- 
-2.32.0
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
deleted file mode 100644
index 3603ef1278..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
+++ /dev/null
@@ -1,90 +0,0 @@ 
-From: bradh352 <brad@brad-house.com>
-Date: Fri, 11 Jun 2021 11:27:45 -0400
-Subject: [1/2] ares_expand_name() should escape more characters
-Origin: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672
-
-RFC1035 5.1 specifies some reserved characters and escaping sequences
-that are allowed to be specified.  Expand the list of reserved characters
-and also escape non-printable characters using the \DDD format as
-specified in the RFC.
-
-Bug Reported By: philipp.jeitner@sit.fraunhofer.de
-Fix By: Brad House (@bradh352)
-CVE: CVE-2021-3672
-Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz]
-Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
----
- ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++---
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/ares_expand_name.c b/ares_expand_name.c
-index 407200ef5b4b..f1c874a97cfc 100644
---- a/ares_expand_name.c
-+++ b/ares_expand_name.c
-@@ -32,6 +32,26 @@
- static int name_length(const unsigned char *encoded, const unsigned char *abuf,
-                        int alen);
- 
-+/* Reserved characters for names that need to be escaped */
-+static int is_reservedch(int ch)
-+{
-+  switch (ch) {
-+    case '"':
-+    case '.':
-+    case ';':
-+    case '\\':
-+    case '(':
-+    case ')':
-+    case '@':
-+    case '$':
-+      return 1;
-+    default:
-+      break;
-+  }
-+
-+  return 0;
-+}
-+
- /* Expand an RFC1035-encoded domain name given by encoded.  The
-  * containing message is given by abuf and alen.  The result given by
-  * *s, which is set to a NUL-terminated allocated buffer.  *enclen is
-@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
-           p++;
-           while (len--)
-             {
--              if (*p == '.' || *p == '\\')
-+              if (!isprint(*p)) {
-+                /* Output as \DDD for consistency with RFC1035 5.1 */
-+                *q++ = '\\';
-+                *q++ = '0' + *p / 100;
-+                *q++ = '0' + (*p % 100) / 10;
-+                *q++ = '0' + (*p % 10);
-+              } else if (is_reservedch(*p)) {
-                 *q++ = '\\';
--              *q++ = *p;
-+                *q++ = *p;
-+              } else {
-+                *q++ = *p;
-+              }
-               p++;
-             }
-           *q++ = '.';
-@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
-           encoded++;
-           while (offset--)
-             {
--              n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
-+              if (!isprint(*encoded)) {
-+                n += 4;
-+              } else if (is_reservedch(*encoded)) {
-+                n += 2;
-+              } else {
-+                n += 1;
-+              }
-               encoded++;
-             }
-           n++;
--- 
-2.32.0
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
index 692a5f0d6e..0e118c88ff 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
@@ -11,8 +11,6 @@  SRC_URI = "\
     git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
     file://cmake-install-libcares.pc.patch \
     file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
-    file://ares_expand_name-should-escape-more-characters.patch \
-    file://ares_expand_name-fix-formatting-and-handling-of-root.patch \
 "
 SRCREV = "74a1426ba60e2cd7977e53a22ef839c87415066e"