From c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d Mon Sep 17 00:00:00 2001 From: Brad House Date: Sun, 30 Apr 2023 14:53:34 -0400 Subject: [PATCH] Merge pull request from GHSA-54xr-f67r-4pc4 * CARES_RANDOM_FILE should always default to /dev/urandom During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately detected, therefore we should always set it to /dev/urandom and allow the entity requesting compilation override the value. The code does appropriately fall back if CARES_RANDOM_FILE cannot be opened. * use set not option --- CMakeLists.txt | 6 ++---- configure.ac | 12 +----------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7a29fef7..0ec8d413 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent) OPTION (CARES_BUILD_TESTS "Build and run tests" OFF) OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF) OPTION (CARES_BUILD_TOOLS "Build tools" ON) +SET (CARES_RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom") + # Tests require static to be enabled on Windows to be able to access otherwise hidden symbols IF (CARES_BUILD_TESTS AND (NOT CARES_STATIC) AND WIN32) @@ -402,10 +404,6 @@ SET (CMAKE_REQUIRED_DEFINITIONS) SET (CMAKE_REQUIRED_LIBRARIES) -find_file(CARES_RANDOM_FILE urandom /dev) -mark_as_advanced(CARES_RANDOM_FILE) - - ################################################################################ # recv, recvfrom, send, getnameinfo, gethostname # ARGUMENTS AND RETURN VALUES diff --git a/configure.ac b/configure.ac index 56a570bc..f8ebd07d 100644 --- a/configure.ac +++ b/configure.ac @@ -896,17 +896,7 @@ AC_ARG_WITH(random, AS_HELP_STRING([--with-random=FILE], [read randomness from FILE (default=/dev/urandom)]), [ CARES_RANDOM_FILE="$withval" ], - [ - dnl Check for random device. If we're cross compiling, we can't - dnl check, and it's better to assume it doesn't exist than it is - dnl to fail on AC_CHECK_FILE or later. - if test "$cross_compiling" = "no"; then - AC_CHECK_FILE("/dev/urandom", [ CARES_RANDOM_FILE="/dev/urandom"] ) - else - AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none]) - fi - - ] + [ CARES_RANDOM_FILE="/dev/urandom" ] ) if test -n "$CARES_RANDOM_FILE" && test X"$CARES_RANDOM_FILE" != Xno ; then AC_SUBST(CARES_RANDOM_FILE)