When cross compiling with yocto's meta-mingw layer, getting a dependency
error.
This is caused by the fact that advapi32 is lower case in mingw builds.
Fix By: Sinan Kaya <sinan.kaya@microsoft.com>
ax_code_coverage.m4 dropped the @CODE_COVERAGE_RULES@ macro, so we need to switch to the latest recommendation from the m4 file. This requires updates to Makefile.am.
Fix By: Felix Yan (@felixonmars)
This commit adds the build directory to be ignored by git.
The motivation for adding this to .gitignore as opposed to
.git/info/exclude is that the CMake example in INSTALL.md uses build
as the name of the directory to be used by CMake. This will cause
git to report build as an untracked file.
Fix By: Daniel Bevenius (@danbev)
strdup() is used in src/lib/ares_parse_a_reply.c and src/lib/ares_parse_aaaa_reply.c whereas allocated memory is freed using ares_free().
Bug: 407
Fix By: Jean-pierre Cartal (@jeanpierrecartal)
To prevent possible users having XSS issues due to intentionally malformed DNS replies, validate hostnames returned in responses and return EBADRESP if they are not valid.
It is not clear what legitimate issues this may cause at this point.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
RFC1035 5.1 specifies some reserved characters and escaping sequences
that are allowed to be specified. Expand the list of reserved characters
and also escape non-printable characters using the \DDD format as
specified in the RFC.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
The bug was generated because there was no check for the number
of items in the list and invalid memory was accesed when the list
was empty. There is a check for null after calling malloc but on
some systems it always returns a valid address for size equals 0.
Relates To: #392, 0903dcecab
Fix By: @catalinh-bd
ares_freeaddrinfo() was not checking for a Null ptr during cleanup of
an aborted query.
Once that was resolved it uncovered another possible issue with
multiple simultaneous underlying queries being outstanding and
possibly prematurely cleaning up the handle.
Reported By: Michael Kourlas
Fix By: Brad House (@bradh352)
RANDOM_FILE was never defined by cmake, causing RC4 key generation to use the less secure rand() method.
Also, due to clashes with chain-building from other projects (e.g. curl) that may define RANDOM_FILE, this was renamed to CARES_RANDOM_FILE.
This is the proposed change for #396
Fix By: Brad House (@bradh352)
There is too much inconsistency between platforms for arpa/nameser.h and arpa/nameser_compat.h for the way the current files are structured. Still load the respective system files but make our private nameser.h more forgiving.
Fixes: #388
Fix By: Brad House (@bradh352)
NodeJS passes NULL for addr and 0 for addrlen parameters to ares_parse_ptr_reply(). On systems where malloc(0) returned NULL, this would cause the function to return ARES_ENOMEM, but the cleanup wasn't handled properly and would crash.
This patche fixes that bug, and also hardens ares_free_hostent() to not leak memory during cleanup.
Fixes: #392
Fix By: Brad House (@bradh352)
Some systems may return either NULL or a valid pointer on malloc(0). c-ares should never call malloc(0) so lets return NULL so we're more likely to find an issue if it were to occur.
Buffered fread() reads 4096 bytes which is completely unnecessary and potentially may cause problems.
I discovered this on private linux configuration where custom /dev/urandom implementation has poor performance.
Fix By: @vburdo
When c-ares is being built as static on Win32, CARES_STATICLIB must
be defined, but it wasn't being pulled in for the tools.
Fixes: #384
Fix By: Brad House (@bradh352)