To prevent possible users having XSS issues due to intentionally malformed DNS replies, validate hostnames returned in responses and return EBADRESP if they are not valid.
It is not clear what legitimate issues this may cause at this point.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
RFC1035 5.1 specifies some reserved characters and escaping sequences
that are allowed to be specified. Expand the list of reserved characters
and also escape non-printable characters using the \DDD format as
specified in the RFC.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
The bug was generated because there was no check for the number
of items in the list and invalid memory was accesed when the list
was empty. There is a check for null after calling malloc but on
some systems it always returns a valid address for size equals 0.
Relates To: #392, 0903dcecab
Fix By: @catalinh-bd
ares_freeaddrinfo() was not checking for a Null ptr during cleanup of
an aborted query.
Once that was resolved it uncovered another possible issue with
multiple simultaneous underlying queries being outstanding and
possibly prematurely cleaning up the handle.
Reported By: Michael Kourlas
Fix By: Brad House (@bradh352)
RANDOM_FILE was never defined by cmake, causing RC4 key generation to use the less secure rand() method.
Also, due to clashes with chain-building from other projects (e.g. curl) that may define RANDOM_FILE, this was renamed to CARES_RANDOM_FILE.
This is the proposed change for #396
Fix By: Brad House (@bradh352)
There is too much inconsistency between platforms for arpa/nameser.h and arpa/nameser_compat.h for the way the current files are structured. Still load the respective system files but make our private nameser.h more forgiving.
Fixes: #388
Fix By: Brad House (@bradh352)
NodeJS passes NULL for addr and 0 for addrlen parameters to ares_parse_ptr_reply(). On systems where malloc(0) returned NULL, this would cause the function to return ARES_ENOMEM, but the cleanup wasn't handled properly and would crash.
This patche fixes that bug, and also hardens ares_free_hostent() to not leak memory during cleanup.
Fixes: #392
Fix By: Brad House (@bradh352)
Some systems may return either NULL or a valid pointer on malloc(0). c-ares should never call malloc(0) so lets return NULL so we're more likely to find an issue if it were to occur.
Buffered fread() reads 4096 bytes which is completely unnecessary and potentially may cause problems.
I discovered this on private linux configuration where custom /dev/urandom implementation has poor performance.
Fix By: @vburdo
When c-ares is being built as static on Win32, CARES_STATICLIB must
be defined, but it wasn't being pulled in for the tools.
Fixes: #384
Fix By: Brad House (@bradh352)
It appears that when building tests, it would hardcode enabling building
of the c-ares static library. This was probably due to Windows limitations
in symbol visibility.
This change will use the static library if it exists for tests, always.
Otherwise, it will only forcibly enable static libraries for tests on
Windows.
Fixes: #380
Fix By: Brad House (@bradh352)
The fuzz test files were not being distributed. This doesn't appear to be
a regression, it looks like they have never been distributed.
Fixes: #379
Fix By: Brad House (@bradh352)
Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
Fix By: Brad House (@bradh352)
It appears some outside projects were relying on macros in ares_dns.h, even though it doesn't appear that header was ever meant to be public. That said, we don't want to break external integrators so we should distribute this header again.
Fix By: Fabrice Fontaine (@ffontaine)
* remove: install-sh mkinstalldirs
They're generated when needed, no need to store in it.
* buildconf: remove custom logic with autoreconf
Fix By: Daniel Stenberg (@bagder)
ai_socktype and ai_protocol were ignored from the hints input. They are now
duplicated into the output as expected. Currently no sanity checks on
proper values are taking place.
Fixes: #317
Fix By: Brad House (@bradh352)
If there are more ttls returned than the maximum provided by the requestor, then
the *naddrttls response would be larger than the actual number of elements in
the addrttls array.
This bug could lead to invalid memory accesses in applications using c-ares.
This behavior appeared to break with PR #257Fixes: #371
Reported By: Momtchil Momtchev (@mmomtchev)
Fix By: Brad House (@bradh352)
If hquery->name is empty (=="\0"), &hquery->name[strlen(hquery->name)-1] would point to "random" place in memory. This is causing some of my address sanitizer tests to fail.
Fix By: Łukasz Marszał (@lmarszal)
CAA (Certification Authority Authorization) was introduced in RFC 6844.
This has been obsoleted by RFC 8659. This commit added the possibility
to query CAA resource records with adig and adds a parser for CAA
records, that can be used in conjunction with ares_query(3).
Closes Bug: #292
Fix By: Daniela Sonnenschein (@lxdicted)