c-ares/RELEASE-NOTES

c-ares version 1.17.0

Security:
 o avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
   fuzzing [2] [3]
 o Avoid theoretical buffer overflow in RC4 loop comparison [5]
 o Empty hquery->name could lead to invalid memory access [15]
 o ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
   passed in [17]

Changes:
 o Update help information for adig, acountry, and ahost [4]
 o Test Suite now uses dynamic system-assigned ports rather than hardcoded
   ports to prevent failures in containers [10]
 o Detect remote DNS server does not support EDNS using rules from RFC 6891 [12]
 o Source tree has been reorganized to use a more modern layout [13]
 o Allow parsing of CAA Resource Record [14]

Bug fixes:
 o readaddrinfo bad sizeof() [1]
 o Test cases should honor HAVE_WRITEV flag, not depend on WIN32 [6]
 o FQDN with trailing period should be queried first [7]
 o ares_getaddrinfo() was returning members of the struct as garbage values if
   unset, and was not honoring ai_socktype and ai_protocol hints. [8] [9]
 o ares_gethostbyname() with AF_UNSPEC and an ip address would fail [11]
 o Properly document ares_set_local_ip4() uses host byte order [16]

Thanks go to these friendly people for their efforts and contributions:
  @anonymoushelpishere
  Anthony Penniston (@apenn-msft)
  Brad House (@bradh352)
  Bulat Gaifullin (@bgaifullin)
  Daniela Sonnenschein (@lxdicted)
  Daniel Stenberg (@bagder)
  David Hotham (@dimbleby)
  Fionn Fitzmaurice (@fionn)
  Gisle Vanem (@gavenm)
  Ivan Baidakou (@basiliscos)
  Jonathan Maye-Hobbs (@wheelpharoah)
  Łukasz Marszał (@lmarszal)
  lutianxiong (@ltx2018)
  Seraphime Kirkovski (@Seraphime)
(14 contributors)

References to bug reports and discussions on issues:
 [1] = https://github.com/c-ares/c-ares/pull/331
 [2] = https://github.com/c-ares/c-ares/pull/332
 [3] = https://github.com/c-ares/c-ares/issues/333
 [4] = https://github.com/c-ares/c-ares/pull/334
 [5] = https://github.com/c-ares/c-ares/pull/336
 [6] = https://github.com/c-ares/c-ares/pull/344
 [7] = https://github.com/c-ares/c-ares/pull/345
 [8] = https://github.com/c-ares/c-ares/issues/343
 [9] = https://github.com/c-ares/c-ares/issues/317
 [10] = https://github.com/c-ares/c-ares/pull/346
 [11] = https://github.com/c-ares/c-ares/pull/204
 [12] = https://github.com/c-ares/c-ares/pull/244
 [13] = https://github.com/c-ares/c-ares/pull/349
 [14] = https://github.com/c-ares/c-ares/pull/360
 [15] = https://github.com/c-ares/c-ares/pull/367
 [16] = https://github.com/c-ares/c-ares/pull/368
 [17] = https://github.com/c-ares/c-ares/issues/371
1.17.0 release prep 4 years ago			`c-ares version 1.17.0`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 4 years ago
			`Security:`
1.17.0 release prep 4 years ago			`o avoid read-heap-buffer-overflow in ares_parse_soa_reply found during`
			`fuzzing [2] [3]`
			`o Avoid theoretical buffer overflow in RC4 loop comparison [5]`
			`o Empty hquery->name could lead to invalid memory access [15]`
			`o ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was`
			`passed in [17]`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 4 years ago
			`Changes:`
1.17.0 release prep 4 years ago			`o Update help information for adig, acountry, and ahost [4]`
			`o Test Suite now uses dynamic system-assigned ports rather than hardcoded`
			`ports to prevent failures in containers [10]`
			`o Detect remote DNS server does not support EDNS using rules from RFC 6891 [12]`
			`o Source tree has been reorganized to use a more modern layout [13]`
			`o Allow parsing of CAA Resource Record [14]`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 4 years ago
			`Bug fixes:`
1.17.0 release prep 4 years ago			`o readaddrinfo bad sizeof() [1]`
			`o Test cases should honor HAVE_WRITEV flag, not depend on WIN32 [6]`
			`o FQDN with trailing period should be queried first [7]`
			`o ares_getaddrinfo() was returning members of the struct as garbage values if`
			`unset, and was not honoring ai_socktype and ai_protocol hints. [8] [9]`
			`o ares_gethostbyname() with AF_UNSPEC and an ip address would fail [11]`
			`o Properly document ares_set_local_ip4() uses host byte order [16]`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 4 years ago
			`Thanks go to these friendly people for their efforts and contributions:`
1.17.0 release prep 4 years ago			`@anonymoushelpishere`
			`Anthony Penniston (@apenn-msft)`
			`Brad House (@bradh352)`
			`Bulat Gaifullin (@bgaifullin)`
			`Daniela Sonnenschein (@lxdicted)`
			`Daniel Stenberg (@bagder)`
			`David Hotham (@dimbleby)`
			`Fionn Fitzmaurice (@fionn)`
			`Gisle Vanem (@gavenm)`
			`Ivan Baidakou (@basiliscos)`
			`Jonathan Maye-Hobbs (@wheelpharoah)`
			`Łukasz Marszał (@lmarszal)`
			`lutianxiong (@ltx2018)`
			`Seraphime Kirkovski (@Seraphime)`
			`(14 contributors)`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 4 years ago
			`References to bug reports and discussions on issues:`
1.17.0 release prep 4 years ago			`[1] = https://github.com/c-ares/c-ares/pull/331`
			`[2] = https://github.com/c-ares/c-ares/pull/332`
			`[3] = https://github.com/c-ares/c-ares/issues/333`
			`[4] = https://github.com/c-ares/c-ares/pull/334`
			`[5] = https://github.com/c-ares/c-ares/pull/336`
			`[6] = https://github.com/c-ares/c-ares/pull/344`
			`[7] = https://github.com/c-ares/c-ares/pull/345`
			`[8] = https://github.com/c-ares/c-ares/issues/343`
			`[9] = https://github.com/c-ares/c-ares/issues/317`
			`[10] = https://github.com/c-ares/c-ares/pull/346`
			`[11] = https://github.com/c-ares/c-ares/pull/204`
			`[12] = https://github.com/c-ares/c-ares/pull/244`
			`[13] = https://github.com/c-ares/c-ares/pull/349`
			`[14] = https://github.com/c-ares/c-ares/pull/360`
			`[15] = https://github.com/c-ares/c-ares/pull/367`
			`[16] = https://github.com/c-ares/c-ares/pull/368`
			`[17] = https://github.com/c-ares/c-ares/issues/371`