c-ares: CVE-2023-31130 fix Buffer Underwrite

Upstream-Status: Backport from https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-06-13 11:03:30 +0530
committer: Armin Kuster <akuster808@gmail.com> 2023-06-23 06:58:18 -0400
commit: 1b4564b6d9e0bd07d82babe14597165a18ac3e8a (patch)
tree: dccd5754cd84714801fd773a4e7ba3a8f6a2635e
parent: a0a0abb5409d40f019d6b927808d0443d08c0a51 (diff)
download: meta-openembedded-1b4564b6d9e0bd07d82babe14597165a18ac3e8a.tar.gz
2 files changed, 330 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
new file mode 100644
index 0000000000..603d2687d5
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
@@ -0,0 +1,329 @@
+From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:34 -0400
+Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v
+* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
+* Always use our own IP conversion functions now, do not delegate to OS
+  so we can have consistency in testing and fuzzing.
+* Removed bogus test cases that never should have passed.
+* Add new test case for crash bug found.
+Fix By: Brad House (@bradh352)
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2]
+CVE: CVE-2023-31130
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/lib/inet_net_pton.c    | 155 ++++++++++++++++++++-----------------
+ test/ares-test-internal.cc |   7 +-
+ 2 files changed, 86 insertions(+), 76 deletions(-)
+diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
+index 840de506..fc50425b 100644
+--- a/src/lib/inet_net_pton.c
+++ b/src/lib/inet_net_pton.c
+@@ -1,19 +1,20 @@
+ 
+ /*
+- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
+  * Copyright (c) 1996,1999 by Internet Software Consortium.
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+  * copyright notice and this permission notice appear in all copies.
+  *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+  */
+ 
+ #include "ares_setup.h"
+@@ -35,9 +36,6 @@
+ 
+ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
+ 
+-
+-#ifndef HAVE_INET_NET_PTON
+-
+ /*
+  * static int
+  * inet_net_pton_ipv4(src, dst, size)
+@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+  *      Paul Vixie (ISC), June 1996
+  */
+ static int
+-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+ {
+   static const char xdigits[] = "0123456789abcdef";
+   static const char digits[] = "0123456789";
+@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp)
+ }
+ 
+ static int
+-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+ares_inet_pton6(const char *src, unsigned char *dst)
+ {
+   static const char xdigits_l[] = "0123456789abcdef",
+-    xdigits_u[] = "0123456789ABCDEF";
+        xdigits_u[] = "0123456789ABCDEF";
+   unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
+   const char *xdigits, *curtok;
+-  int ch, saw_xdigit;
+  int ch, saw_xdigit, count_xdigit;
+   unsigned int val;
+-  int digits;
+-  int bits;
+-  size_t bytes;
+-  int words;
+-  int ipv4;
+ 
+   memset((tp = tmp), '\0', NS_IN6ADDRSZ);
+   endp = tp + NS_IN6ADDRSZ;
+@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+     if (*++src != ':')
+       goto enoent;
+   curtok = src;
+-  saw_xdigit = 0;
+  saw_xdigit = count_xdigit = 0;
+   val = 0;
+-  digits = 0;
+-  bits = -1;
+-  ipv4 = 0;
+   while ((ch = *src++) != '\0') {
+     const char *pch;
+ 
+     if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+       pch = strchr((xdigits = xdigits_u), ch);
+     if (pch != NULL) {
+      if (count_xdigit >= 4)
+        goto enoent;
+       val <<= 4;
+-      val |= aresx_sztoui(pch - xdigits);
+-      if (++digits > 4)
+      val |= (pch - xdigits);
+      if (val > 0xffff)
+         goto enoent;
+       saw_xdigit = 1;
+      count_xdigit++;
+       continue;
+     }
+     if (ch == ':') {
+@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+           goto enoent;
+         colonp = tp;
+         continue;
+-      } else if (*src == '\0')
+      } else if (*src == '\0') {
+         goto enoent;
+      }
+       if (tp + NS_INT16SZ > endp)
+-        return (0);
+-      *tp++ = (unsigned char)((val >> 8) & 0xff);
+-      *tp++ = (unsigned char)(val & 0xff);
+        goto enoent;
+      *tp++ = (unsigned char) (val >> 8) & 0xff;
+      *tp++ = (unsigned char) val & 0xff;
+       saw_xdigit = 0;
+-      digits = 0;
+      count_xdigit = 0;
+       val = 0;
+       continue;
+     }
+     if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
+-        getv4(curtok, tp, &bits) > 0) {
+-      tp += NS_INADDRSZ;
+        ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
+      tp += INADDRSZ;
+       saw_xdigit = 0;
+-      ipv4 = 1;
+      count_xdigit = 0;
+       break;  /* '\0' was seen by inet_pton4(). */
+     }
+-    if (ch == '/' && getbits(src, &bits) > 0)
+-      break;
+     goto enoent;
+   }
+   if (saw_xdigit) {
+     if (tp + NS_INT16SZ > endp)
+       goto enoent;
+-    *tp++ = (unsigned char)((val >> 8) & 0xff);
+-    *tp++ = (unsigned char)(val & 0xff);
+    *tp++ = (unsigned char) (val >> 8) & 0xff;
+    *tp++ = (unsigned char) val & 0xff;
+   }
+-  if (bits == -1)
+-    bits = 128;
+-
+-  words = (bits + 15) / 16;
+-  if (words < 2)
+-    words = 2;
+-  if (ipv4)
+-    words = 8;
+-  endp =  tmp + 2 * words;
+-
+   if (colonp != NULL) {
+     /*
+      * Since some memmove()'s erroneously fail to handle
+      * overlapping regions, we'll do the shift by hand.
+      */
+-    const ares_ssize_t n = tp - colonp;
+-    ares_ssize_t i;
+    const int n = tp - colonp;
+    int i;
+ 
+     if (tp == endp)
+       goto enoent;
+     for (i = 1; i <= n; i++) {
+-      *(endp - i) = *(colonp + n - i);
+-      *(colonp + n - i) = 0;
+      endp[- i] = colonp[n - i];
+      colonp[n - i] = 0;
+     }
+     tp = endp;
+   }
+   if (tp != endp)
+     goto enoent;
+ 
+-  bytes = (bits + 7) / 8;
+-  if (bytes > size)
+-    goto emsgsize;
+-  memcpy(dst, tmp, bytes);
+-  return (bits);
+  memcpy(dst, tmp, NS_IN6ADDRSZ);
+  return (1);
+ 
+-  enoent:
+enoent:
+   SET_ERRNO(ENOENT);
+   return (-1);
+ 
+-  emsgsize:
+emsgsize:
+   SET_ERRNO(EMSGSIZE);
+   return (-1);
+ }
+ 
+static int
+ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+{
+  struct ares_in6_addr in6;
+  int                  ret;
+  int                  bits;
+  size_t               bytes;
+  char                 buf[INET6_ADDRSTRLEN + sizeof("/128")];
+  char                *sep;
+  const char          *errstr;
+
+  if (strlen(src) >= sizeof buf) {
+    SET_ERRNO(EMSGSIZE);
+    return (-1);
+  }
+  strncpy(buf, src, sizeof buf);
+
+  sep = strchr(buf, '/');
+  if (sep != NULL)
+    *sep++ = '\0';
+
+  ret = ares_inet_pton6(buf, (unsigned char *)&in6);
+  if (ret != 1)
+    return (-1);
+
+  if (sep == NULL)
+    bits = 128;
+  else {
+    if (!getbits(sep, &bits)) {
+      SET_ERRNO(ENOENT);
+      return (-1);
+    }
+  }
+
+  bytes = (bits + 7) / 8;
+  if (bytes > size) {
+    SET_ERRNO(EMSGSIZE);
+    return (-1);
+  }
+  memcpy(dst, &in6, bytes);
+  return (bits);
+}
+
+ /*
+  * int
+  * inet_net_pton(af, src, dst, size)
+@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
+ {
+   switch (af) {
+   case AF_INET:
+-    return (inet_net_pton_ipv4(src, dst, size));
+    return (ares_inet_net_pton_ipv4(src, dst, size));
+   case AF_INET6:
+-    return (inet_net_pton_ipv6(src, dst, size));
+    return (ares_inet_net_pton_ipv6(src, dst, size));
+   default:
+     SET_ERRNO(EAFNOSUPPORT);
+     return (-1);
+   }
+ }
+ 
+-#endif /* HAVE_INET_NET_PTON */
+-
+-#ifndef HAVE_INET_PTON
+ int ares_inet_pton(int af, const char *src, void *dst)
+ {
+   int result;
+@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst)
+     return 0;
+   return (result > -1 ? 1 : -1);
+ }
+-#else /* HAVE_INET_PTON */
+-int ares_inet_pton(int af, const char *src, void *dst)
+-{
+-  /* just relay this to the underlying function */
+-  return inet_pton(af, src, dst);
+-}
+-
+-#endif
+diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc
+index 96d4edec..161f0a5c 100644
+--- a/test/ares-test-internal.cc
+++ b/test/ares-test-internal.cc
+@@ -81,6 +81,7 @@ TEST_F(LibraryTest, InetPtoN) {
+   EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6)));
+   EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6)));
+   EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+  EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6)));
+ 
+   // Various malformed versions
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4)));
+@@ -118,11 +119,9 @@ TEST_F(LibraryTest, InetPtoN) {
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6)));
+-  // TODO(drysdale): check whether the next two tests should give -1.
+-  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
+-  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6)));
+-  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6)));
+-- 
+2.25.1
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 6a367e69e1..004de9bd69 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
 SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
           file://CVE-2022-4904.patch \
+           file://CVE-2023-31130.patch \
          "
 SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-06-13 11:03:30 +0530
committer	Armin Kuster <akuster808@gmail.com>	2023-06-23 06:58:18 -0400
commit	1b4564b6d9e0bd07d82babe14597165a18ac3e8a (patch)
tree	dccd5754cd84714801fd773a4e7ba3a8f6a2635e
parent	a0a0abb5409d40f019d6b927808d0443d08c0a51 (diff)
download	meta-openembedded-1b4564b6d9e0bd07d82babe14597165a18ac3e8a.tar.gz

diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch new file mode 100644 index 0000000000..603d2687d5 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
@@ -0,0 +1,329 @@
		1	From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001
		2	From: Brad House <brad@brad-house.com>
		3	Date: Mon, 22 May 2023 06:51:34 -0400
		4	Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v
		5
		6	* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
		7	* Always use our own IP conversion functions now, do not delegate to OS
		8	so we can have consistency in testing and fuzzing.
		9	* Removed bogus test cases that never should have passed.
		10	* Add new test case for crash bug found.
		11
		12	Fix By: Brad House (@bradh352)
		13
		14	Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2]
		15	CVE: CVE-2023-31130
		16
		17	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		18	---
		19	src/lib/inet_net_pton.c \| 155 ++++++++++++++++++++-----------------
		20	test/ares-test-internal.cc \| 7 +-
		21	2 files changed, 86 insertions(+), 76 deletions(-)
		22
		23	diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
		24	index 840de506..fc50425b 100644
		25	--- a/src/lib/inet_net_pton.c
		26	+++ b/src/lib/inet_net_pton.c
		27	@@ -1,19 +1,20 @@
		28
		29	/*
		30	- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
		31	+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
		32	* Copyright (c) 1996,1999 by Internet Software Consortium.
		33	*
		34	* Permission to use, copy, modify, and distribute this software for any
		35	* purpose with or without fee is hereby granted, provided that the above
		36	* copyright notice and this permission notice appear in all copies.
		37	*
		38	- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
		39	- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		40	- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
		41	- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		42	- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		43	- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
		44	- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		45	+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
		46	+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
		47	+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
		48	+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
		49	+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
		50	+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
		51	+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
		52	+ * SOFTWARE.
		53	*/
		54
		55	#include "ares_setup.h"
		56	@@ -35,9 +36,6 @@
		57
		58	const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
		59
		60	-
		61	-#ifndef HAVE_INET_NET_PTON
		62	-
		63	/*
		64	* static int
		65	* inet_net_pton_ipv4(src, dst, size)
		66	@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,
		67	* Paul Vixie (ISC), June 1996
		68	*/
		69	static int
		70	-inet_net_pton_ipv4(const char src, unsigned char dst, size_t size)
		71	+ares_inet_net_pton_ipv4(const char src, unsigned char dst, size_t size)
		72	{
		73	static const char xdigits[] = "0123456789abcdef";
		74	static const char digits[] = "0123456789";
		75	@@ -261,19 +259,14 @@ getv4(const char src, unsigned char dst, int *bitsp)
		76	}
		77
		78	static int
		79	-inet_net_pton_ipv6(const char src, unsigned char dst, size_t size)
		80	+ares_inet_pton6(const char src, unsigned char dst)
		81	{
		82	static const char xdigits_l[] = "0123456789abcdef",
		83	- xdigits_u[] = "0123456789ABCDEF";
		84	+ xdigits_u[] = "0123456789ABCDEF";
		85	unsigned char tmp[NS_IN6ADDRSZ], tp, endp, *colonp;
		86	const char xdigits, curtok;
		87	- int ch, saw_xdigit;
		88	+ int ch, saw_xdigit, count_xdigit;
		89	unsigned int val;
		90	- int digits;
		91	- int bits;
		92	- size_t bytes;
		93	- int words;
		94	- int ipv4;
		95
		96	memset((tp = tmp), '\0', NS_IN6ADDRSZ);
		97	endp = tp + NS_IN6ADDRSZ;
		98	@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char src, unsigned char dst, size_t size)
		99	if (*++src != ':')
		100	goto enoent;
		101	curtok = src;
		102	- saw_xdigit = 0;
		103	+ saw_xdigit = count_xdigit = 0;
		104	val = 0;
		105	- digits = 0;
		106	- bits = -1;
		107	- ipv4 = 0;
		108	while ((ch = *src++) != '\0') {
		109	const char *pch;
		110
		111	if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
		112	pch = strchr((xdigits = xdigits_u), ch);
		113	if (pch != NULL) {
		114	+ if (count_xdigit >= 4)
		115	+ goto enoent;
		116	val <<= 4;
		117	- val \|= aresx_sztoui(pch - xdigits);
		118	- if (++digits > 4)
		119	+ val \|= (pch - xdigits);
		120	+ if (val > 0xffff)
		121	goto enoent;
		122	saw_xdigit = 1;
		123	+ count_xdigit++;
		124	continue;
		125	}
		126	if (ch == ':') {
		127	@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char src, unsigned char dst, size_t size)
		128	goto enoent;
		129	colonp = tp;
		130	continue;
		131	- } else if (*src == '\0')
		132	+ } else if (*src == '\0') {
		133	goto enoent;
		134	+ }
		135	if (tp + NS_INT16SZ > endp)
		136	- return (0);
		137	- *tp++ = (unsigned char)((val >> 8) & 0xff);
		138	- *tp++ = (unsigned char)(val & 0xff);
		139	+ goto enoent;
		140	+ *tp++ = (unsigned char) (val >> 8) & 0xff;
		141	+ *tp++ = (unsigned char) val & 0xff;
		142	saw_xdigit = 0;
		143	- digits = 0;
		144	+ count_xdigit = 0;
		145	val = 0;
		146	continue;
		147	}
		148	if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
		149	- getv4(curtok, tp, &bits) > 0) {
		150	- tp += NS_INADDRSZ;
		151	+ ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
		152	+ tp += INADDRSZ;
		153	saw_xdigit = 0;
		154	- ipv4 = 1;
		155	+ count_xdigit = 0;
		156	break; /* '\0' was seen by inet_pton4(). */
		157	}
		158	- if (ch == '/' && getbits(src, &bits) > 0)
		159	- break;
		160	goto enoent;
		161	}
		162	if (saw_xdigit) {
		163	if (tp + NS_INT16SZ > endp)
		164	goto enoent;
		165	- *tp++ = (unsigned char)((val >> 8) & 0xff);
		166	- *tp++ = (unsigned char)(val & 0xff);
		167	+ *tp++ = (unsigned char) (val >> 8) & 0xff;
		168	+ *tp++ = (unsigned char) val & 0xff;
		169	}
		170	- if (bits == -1)
		171	- bits = 128;
		172	-
		173	- words = (bits + 15) / 16;
		174	- if (words < 2)
		175	- words = 2;
		176	- if (ipv4)
		177	- words = 8;
		178	- endp = tmp + 2 * words;
		179	-
		180	if (colonp != NULL) {
		181	/*
		182	* Since some memmove()'s erroneously fail to handle
		183	* overlapping regions, we'll do the shift by hand.
		184	*/
		185	- const ares_ssize_t n = tp - colonp;
		186	- ares_ssize_t i;
		187	+ const int n = tp - colonp;
		188	+ int i;
		189
		190	if (tp == endp)
		191	goto enoent;
		192	for (i = 1; i <= n; i++) {
		193	- (endp - i) = (colonp + n - i);
		194	- *(colonp + n - i) = 0;
		195	+ endp[- i] = colonp[n - i];
		196	+ colonp[n - i] = 0;
		197	}
		198	tp = endp;
		199	}
		200	if (tp != endp)
		201	goto enoent;
		202
		203	- bytes = (bits + 7) / 8;
		204	- if (bytes > size)
		205	- goto emsgsize;
		206	- memcpy(dst, tmp, bytes);
		207	- return (bits);
		208	+ memcpy(dst, tmp, NS_IN6ADDRSZ);
		209	+ return (1);
		210
		211	- enoent:
		212	+enoent:
		213	SET_ERRNO(ENOENT);
		214	return (-1);
		215
		216	- emsgsize:
		217	+emsgsize:
		218	SET_ERRNO(EMSGSIZE);
		219	return (-1);
		220	}
		221
		222	+static int
		223	+ares_inet_net_pton_ipv6(const char src, unsigned char dst, size_t size)
		224	+{
		225	+ struct ares_in6_addr in6;
		226	+ int ret;
		227	+ int bits;
		228	+ size_t bytes;
		229	+ char buf[INET6_ADDRSTRLEN + sizeof("/128")];
		230	+ char *sep;
		231	+ const char *errstr;
		232	+
		233	+ if (strlen(src) >= sizeof buf) {
		234	+ SET_ERRNO(EMSGSIZE);
		235	+ return (-1);
		236	+ }
		237	+ strncpy(buf, src, sizeof buf);
		238	+
		239	+ sep = strchr(buf, '/');
		240	+ if (sep != NULL)
		241	+ *sep++ = '\0';
		242	+
		243	+ ret = ares_inet_pton6(buf, (unsigned char *)&in6);
		244	+ if (ret != 1)
		245	+ return (-1);
		246	+
		247	+ if (sep == NULL)
		248	+ bits = 128;
		249	+ else {
		250	+ if (!getbits(sep, &bits)) {
		251	+ SET_ERRNO(ENOENT);
		252	+ return (-1);
		253	+ }
		254	+ }
		255	+
		256	+ bytes = (bits + 7) / 8;
		257	+ if (bytes > size) {
		258	+ SET_ERRNO(EMSGSIZE);
		259	+ return (-1);
		260	+ }
		261	+ memcpy(dst, &in6, bytes);
		262	+ return (bits);
		263	+}
		264	+
		265	/*
		266	* int
		267	* inet_net_pton(af, src, dst, size)
		268	@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char src, void dst, size_t size)
		269	{
		270	switch (af) {
		271	case AF_INET:
		272	- return (inet_net_pton_ipv4(src, dst, size));
		273	+ return (ares_inet_net_pton_ipv4(src, dst, size));
		274	case AF_INET6:
		275	- return (inet_net_pton_ipv6(src, dst, size));
		276	+ return (ares_inet_net_pton_ipv6(src, dst, size));
		277	default:
		278	SET_ERRNO(EAFNOSUPPORT);
		279	return (-1);
		280	}
		281	}
		282
		283	-#endif /* HAVE_INET_NET_PTON */
		284	-
		285	-#ifndef HAVE_INET_PTON
		286	int ares_inet_pton(int af, const char src, void dst)
		287	{
		288	int result;
		289	@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char src, void dst)
		290	return 0;
		291	return (result > -1 ? 1 : -1);
		292	}
		293	-#else /* HAVE_INET_PTON */
		294	-int ares_inet_pton(int af, const char src, void dst)
		295	-{
		296	- /* just relay this to the underlying function */
		297	- return inet_pton(af, src, dst);
		298	-}
		299	-
		300	-#endif
		301	diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc
		302	index 96d4edec..161f0a5c 100644
		303	--- a/test/ares-test-internal.cc
		304	+++ b/test/ares-test-internal.cc
		305	@@ -81,6 +81,7 @@ TEST_F(LibraryTest, InetPtoN) {
		306	EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6)));
		307	EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6)));
		308	EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
		309	+ EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6)));
		310
		311	// Various malformed versions
		312	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4)));
		313	@@ -118,11 +119,9 @@ TEST_F(LibraryTest, InetPtoN) {
		314	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
		315	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
		316	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6)));
		317	- // TODO(drysdale): check whether the next two tests should give -1.
		318	- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
		319	- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
		320	+ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
		321	+ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
		322	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6)));
		323	- EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6)));
		324	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6)));
		325	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6)));
		326	EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6)));
		327	--
		328	2.25.1
		329


diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 6a367e69e1..004de9bd69 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
7		7
8	SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \	8	SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
9	file://CVE-2022-4904.patch \	9	file://CVE-2022-4904.patch \
		10	file://CVE-2023-31130.patch \
10	"	11	"
11	SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"	12	SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
12		13