Original commit message:
ares_parse_naptr_reply: make buffer length check more accurate
9478908a490a6bf009ba58d81de8c1d06d50a117 introduced a length check
for records parsed by `ares_parse_naptr_reply()`. However, that
function is designed to parse replies which also contain non-NAPTR
records; for A records, the `rr_len > 7` check will fail as there
are only 4 bytes of payload.
In particular, parsing ANY replies for NAPTR records was broken
by that patch.
Fix that by moving the check into the case in which it is already
known that the record is a NAPTR record.
Ref: 18ea99693d
PR-URL: https://github.com/nodejs/node/pull/13883
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
ares_parse_naptr_reply: check sufficient data
Check that there is enough data for the required elements
of an NAPTR record (2 int16, 3 bytes for string lengths)
before processing a record.
This patch fixes CVE-2017-1000381
The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was
crafted in a particular way.
Refs: https://c-ares.haxx.se/adv_20170620.html
Refs: https://c-ares.haxx.se/CVE-2017-1000381.patch
PR-URL: https://github.com/nodejs/node-private/pull/88
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Depend on include/ares_rules.h, src/ares_rules.h does not exist.
The typo didn't break the build but it made some of the gyp-based
tooling complain.
PR-URL: https://github.com/nodejs/node/pull/7945
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Many places in cares library, when the stream data arrives
from the network with respect to dns and reverse dns
resolution, they are populated into data structures created
dymaically based on the size of the data. Malloc is heavily
used for such cases.
Often, based on the data length, malloc(0) is invoked. Linux
behavior on zero byte allocation is to return a valid pointer
where in AIX, it always return NULL.
This manifestst as test failure of test/internet/test-dns.js
Solution is to build cares with Linux compatible malloc behavior
PR-URL: https://github.com/nodejs/node/pull/6305
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
On Windows, when compiling with `UNICODE` defined, `LoadLibrary` becomes
`LoadLibraryW`. When an ASCII string is passed to that function it
crashes.
PR-URL: https://github.com/iojs/io.js/pull/226
Reviewed-By: Bert Belder <bertbelder@gmail.com>
These are the core changes that allow AIX to compile. There
are still some test failures as there are some patches needed for
libuv and npm that we'll need to contribute through those
communities but this set allows node to be built on AIX and
pass most of the core tests
The change in js2c is because AIX does not support $ in
identifier names. See the discussion/agreement in
https://github.com/nodejs/node/issues/2272
PR-URL: https://github.com/nodejs/node/pull/2364
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Rod Vagg <r@va.gg>
On Windows, when compiling with `UNICODE` defined, `LoadLibrary` becomes
`LoadLibraryW`. When an ASCII string is passed to that function it
crashes.
PR-URL: https://github.com/iojs/io.js/pull/226
Reviewed-By: Bert Belder <bertbelder@gmail.com>
On Windows, when compiling with `UNICODE` defined, `LoadLibrary` becomes
`LoadLibraryW`. When an ASCII string is passed to that function it
crashes.
PR-URL: https://github.com/iojs/io.js/pull/226
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Original commit message:
ares_parse_txt_reply: return a ares_txt_reply node for each sub-string
Previously, the function would wrongly return all substrings merged into
one.
fix#6931
Anna Henningsen
David Drysdale
Aaron Bieber
Daniel Stenberg
Ben Noordhuis
Gireesh Punathil
Fedor Indutny
Cheng Zhao
Michael Dawson
Fedor Indutny
Bert Belder