daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
node/deps/cares
History
Michael Dawson a81aa37944
deps: cherry-pick 0d252eb from upstream c-ares 
Original commit message:

  If there are more ttls returned than the maximum provided by the requestor, then
  the *naddrttls response would be larger than the actual number of elements in
  the addrttls array.

  This bug could lead to invalid memory accesses in applications using c-ares.

  This behavior appeared to break with PR https://github.com/c-ares/c-ares/pull/257

  Fixes: https://github.com/c-ares/c-ares/issues/371
  Reported By: Momtchil Momtchev (@mmomtchev)
  Fix By: Brad House (@bradh352)

Refs: https://github.com/nodejs/node/issues/36063

Signed-off-by: Michael Dawson <mdawson@devrus.com>

CVE-ID: CVE-2020-8277
PR-URL: https://github.com/nodejs-private/node-private/pull/231
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
 		2020-11-16 17:09:10 +01:00
..
config build: support android build on ndk version equal or above 23 2020-03-11 16:50:52 +01:00
include net: add support for resolving DNS CAA records 2020-10-16 10:21:32 +02:00
src deps: cherry-pick 0d252eb from upstream c-ares 2020-11-16 17:09:10 +01:00
.gitignore deps: upgrade c-ares to piscisaureus/cares@805d153 2013-07-06 22:20:29 +02:00
LICENSE.md deps: upgrade to c-ares v1.15.0 2018-11-06 11:29:22 +00:00
cares.gyp net: add support for resolving DNS CAA records 2020-10-16 10:21:32 +02:00