diff options
| author | David Drysdale <drysdale@google.com> | 2017-05-22 10:54:10 +0100 |
|---|---|---|
| committer | Myles Borins <mylesborins@google.com> | 2017-07-11 00:17:33 +0100 |
| commit | 75bc33d16fbc46f026cf913a08dff80167c370d1 (patch) | |
| tree | 4378feac016995391926af0bd3690cc82cb59cac /.github | |
| parent | 6e247b8a4e6ad1641d51c3d070c28e8bbdfc0c5a (diff) | |
| download | node-new-75bc33d16fbc46f026cf913a08dff80167c370d1.tar.gz | |
deps: cherry-pick 9478908a49 from cares upstream
Original commit message:
ares_parse_naptr_reply: check sufficient data
Check that there is enough data for the required elements
of an NAPTR record (2 int16, 3 bytes for string lengths)
before processing a record.
This patch fixes CVE-2017-1000381
The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was
crafted in a particular way.
Refs: https://c-ares.haxx.se/adv_20170620.html
Refs: https://c-ares.haxx.se/CVE-2017-1000381.patch
PR-URL: https://github.com/nodejs/node-private/pull/88
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Diffstat (limited to '.github')
0 files changed, 0 insertions, 0 deletions