[meta-oe][dunfell][PATCH 1/5] Revert "c-ares: Add fix for CVE-2021-3672"


akash hadke
 

From: Ranjitsinh Rathod <ranjitsinh.rathod@...>

This reverts commit b06724bc274f751004ade2ceeddfb8ec40d93f16.
Revert this CVE fix as we upgrade c-ares to 1.18.1

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Akash Hadke <akash.hadke@...>
---
...-fix-formatting-and-handling-of-root.patch | 115 ------------------
...d_name-should-escape-more-characters.patch | 90 --------------
.../recipes-support/c-ares/c-ares_1.16.1.bb | 2 -
3 files changed, 207 deletions(-)
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
delete mode 100644 meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch

diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
deleted file mode 100644
index d1cb54aefb..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-fix-formatting-and-handling-of-root.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From: bradh352 <brad@...>
-Date: Fri, 11 Jun 2021 12:39:24 -0400
-Subject: [2/2] ares_expand_name(): fix formatting and handling of root name
- response
-Origin: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672
-
-Fixes issue introduced in prior commit with formatting and handling
-of parsing a root name response which should not be escaped.
-
-Fix By: Brad House
-CVE: CVE-2021-3672
-Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz]
-Signed-off-by: Neetika Singh <Neetika.Singh@...>
----
- ares_expand_name.c | 62 ++++++++++++++++++++++++--------------
- 1 file changed, 40 insertions(+), 22 deletions(-)
-
-diff --git a/ares_expand_name.c b/ares_expand_name.c
-index f1c874a97cfc..eb9268c1ff0a 100644
---- a/ares_expand_name.c
-+++ b/ares_expand_name.c
-@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
- }
- else
- {
-- len = *p;
-+ int name_len = *p;
-+ len = name_len;
- p++;
-+
- while (len--)
- {
-- if (!isprint(*p)) {
-- /* Output as \DDD for consistency with RFC1035 5.1 */
-- *q++ = '\\';
-- *q++ = '0' + *p / 100;
-- *q++ = '0' + (*p % 100) / 10;
-- *q++ = '0' + (*p % 10);
-- } else if (is_reservedch(*p)) {
-- *q++ = '\\';
-- *q++ = *p;
-- } else {
-- *q++ = *p;
-- }
-+ /* Output as \DDD for consistency with RFC1035 5.1, except
-+ * for the special case of a root name response */
-+ if (!isprint(*p) && !(name_len == 1 && *p == 0))
-+ {
-+
-+ *q++ = '\\';
-+ *q++ = '0' + *p / 100;
-+ *q++ = '0' + (*p % 100) / 10;
-+ *q++ = '0' + (*p % 10);
-+ }
-+ else if (is_reservedch(*p))
-+ {
-+ *q++ = '\\';
-+ *q++ = *p;
-+ }
-+ else
-+ {
-+ *q++ = *p;
-+ }
- p++;
- }
- *q++ = '.';
- }
-- }
-+ }
-+
- if (!indir)
- *enclen = aresx_uztosl(p + 1U - encoded);
-
-@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
- }
- else if (top == 0x00)
- {
-- offset = *encoded;
-+ int name_len = *encoded;
-+ offset = name_len;
- if (encoded + offset + 1 >= abuf + alen)
- return -1;
- encoded++;
-+
- while (offset--)
- {
-- if (!isprint(*encoded)) {
-- n += 4;
-- } else if (is_reservedch(*encoded)) {
-- n += 2;
-- } else {
-- n += 1;
-- }
-+ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0))
-+ {
-+ n += 4;
-+ }
-+ else if (is_reservedch(*encoded))
-+ {
-+ n += 2;
-+ }
-+ else
-+ {
-+ n += 1;
-+ }
- encoded++;
- }
-+
- n++;
- }
- else
---
-2.32.0
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch b/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
deleted file mode 100644
index 3603ef1278..0000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/ares_expand_name-should-escape-more-characters.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From: bradh352 <brad@...>
-Date: Fri, 11 Jun 2021 11:27:45 -0400
-Subject: [1/2] ares_expand_name() should escape more characters
-Origin: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3672
-
-RFC1035 5.1 specifies some reserved characters and escaping sequences
-that are allowed to be specified. Expand the list of reserved characters
-and also escape non-printable characters using the \DDD format as
-specified in the RFC.
-
-Bug Reported By: philipp.jeitner@...
-Fix By: Brad House (@bradh352)
-CVE: CVE-2021-3672
-Upstream-Status: Backport [http://snapshot.debian.org/archive/debian-security/20210810T064453Z/pool/updates/main/c/c-ares/c-ares_1.17.1-1%2Bdeb11u1.debian.tar.xz]
-Signed-off-by: Neetika Singh <Neetika.Singh@...>
----
- ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++---
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/ares_expand_name.c b/ares_expand_name.c
-index 407200ef5b4b..f1c874a97cfc 100644
---- a/ares_expand_name.c
-+++ b/ares_expand_name.c
-@@ -32,6 +32,26 @@
- static int name_length(const unsigned char *encoded, const unsigned char *abuf,
- int alen);
-
-+/* Reserved characters for names that need to be escaped */
-+static int is_reservedch(int ch)
-+{
-+ switch (ch) {
-+ case '"':
-+ case '.':
-+ case ';':
-+ case '\\':
-+ case '(':
-+ case ')':
-+ case '@':
-+ case '$':
-+ return 1;
-+ default:
-+ break;
-+ }
-+
-+ return 0;
-+}
-+
- /* Expand an RFC1035-encoded domain name given by encoded. The
- * containing message is given by abuf and alen. The result given by
- * *s, which is set to a NUL-terminated allocated buffer. *enclen is
-@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
- p++;
- while (len--)
- {
-- if (*p == '.' || *p == '\\')
-+ if (!isprint(*p)) {
-+ /* Output as \DDD for consistency with RFC1035 5.1 */
-+ *q++ = '\\';
-+ *q++ = '0' + *p / 100;
-+ *q++ = '0' + (*p % 100) / 10;
-+ *q++ = '0' + (*p % 10);
-+ } else if (is_reservedch(*p)) {
- *q++ = '\\';
-- *q++ = *p;
-+ *q++ = *p;
-+ } else {
-+ *q++ = *p;
-+ }
- p++;
- }
- *q++ = '.';
-@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
- encoded++;
- while (offset--)
- {
-- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
-+ if (!isprint(*encoded)) {
-+ n += 4;
-+ } else if (is_reservedch(*encoded)) {
-+ n += 2;
-+ } else {
-+ n += 1;
-+ }
- encoded++;
- }
- n++;
---
-2.32.0
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
index 692a5f0d6e..0e118c88ff 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
@@ -11,8 +11,6 @@ SRC_URI = "\
git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
file://cmake-install-libcares.pc.patch \
file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
- file://ares_expand_name-should-escape-more-characters.patch \
- file://ares_expand_name-fix-formatting-and-handling-of-root.patch \
"
SRCREV = "74a1426ba60e2cd7977e53a22ef839c87415066e"

--
2.17.1

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.