Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2016-5180] ares_create_query: avoid single-byte buffer overwrite #8849

Closed
wants to merge 0 commits into from

Conversation

sgallagher
Copy link
Contributor

Checklist
  • make -j8 test (UNIX), or vcbuild test nosign (Windows) passes
  • commit message follows commit guidelines
Affected core subsystem(s)

bundled c-ares

Description of change

Avoid single-byte buffer overwrite when the name ends with an escaped dot.

CVE-2016-5180

Bug: https://c-ares.haxx.se/adv_20160929.html

@nodejs-github-bot nodejs-github-bot added the cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. label Sep 29, 2016
@MylesBorins
Copy link
Contributor

MylesBorins commented Sep 29, 2016

I can confirm the e8dd387 is identical to the patch found at https://c-ares.haxx.se/CVE-2016-5180.patch

LGTM

@MylesBorins MylesBorins added the security Issues and PRs related to security. label Sep 29, 2016
Copy link
Member

@jasnell jasnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@jbergstroem jbergstroem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jbergstroem
Copy link
Member

Copy link
Member

@indutny indutny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MylesBorins
Copy link
Contributor

MylesBorins commented Sep 29, 2016

windows failure is infra related https://ci.nodejs.org/job/node-test-binary-windows/4102/RUN_SUBSET=3,VS_VERSION=vcbt2015,label=win10/tapTestReport/test.tap-238/

/cc @nodejs/platform-windows re: flaky test

@Trott
Copy link
Member

Trott commented Sep 30, 2016

Aside: I think @geek has a PR in to fix that test. #8848

@jbergstroem
Copy link
Member

I'll land this in 24h unless anyone has any objections.

@MylesBorins
Copy link
Contributor

once it lands I'll deal with backporting

On Fri, Sep 30, 2016, 1:52 AM Johan Bergström notifications@github.com
wrote:

I'll land this in 24h unless anyone has any objections.


You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#8849 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAecV9Jgf-c-FaTgZYMHzDycGyTb9ZC8ks5qvKOSgaJpZM4KKT9Z
.

@MylesBorins
Copy link
Contributor

@jbergstroem
Copy link
Member

Test failures look unrelated.

@jbergstroem
Copy link
Member

wtf -- PR got closed when I pushed to the remote branch. Merged in 68c4c71.

jbergstroem pushed a commit that referenced this pull request Oct 2, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: #8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
@mscdex
Copy link
Contributor

mscdex commented Oct 3, 2016

This should have had a better subsystem name, like cares: instead of ares_create_query:.

@jbergstroem
Copy link
Member

@mscdex true, apologies.

jasnell pushed a commit that referenced this pull request Oct 6, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: #8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
@MylesBorins MylesBorins self-assigned this Oct 6, 2016
@MylesBorins
Copy link
Contributor

So it looks like v4.x is using care v1.10.1 and as such is affected, this patch is not landing cleanly though. I'll manually backport

Fishrock123 pushed a commit that referenced this pull request Oct 11, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: #8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Oct 11, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

Ref: nodejs#9037
PR-URL: nodejs#8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
MylesBorins pushed a commit that referenced this pull request Oct 14, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

Ref: #9037
PR-URL: #8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
rvagg pushed a commit that referenced this pull request Oct 15, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

Ref: #9037
PR-URL: #8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
rvagg added a commit to rvagg/io.js that referenced this pull request Oct 15, 2016
Backport of nodejs#8849 for c-ares
1.9.0.

Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html
rvagg pushed a commit to rvagg/io.js that referenced this pull request Oct 18, 2016
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

Ref: nodejs#9037
PR-URL: nodejs#8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
@rvagg rvagg mentioned this pull request Oct 18, 2016
rvagg added a commit to rvagg/io.js that referenced this pull request Oct 18, 2016
Backport of nodejs#8849 for c-ares
1.9.0.

Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: nodejs#9108
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. security Issues and PRs related to security.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants