daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
node/deps/cares
History
David Drysdale a73142524b
deps: cherry-pick 9478908a49 from cares upstream 
Original commit message:

  ares_parse_naptr_reply: check sufficient data

  Check that there is enough data for the required elements
  of an NAPTR record (2 int16, 3 bytes for string lengths)
  before processing a record.

This patch fixes CVE-2017-1000381

The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was
crafted in a particular way.

Refs: https://c-ares.haxx.se/adv_20170620.html
Refs: https://c-ares.haxx.se/CVE-2017-1000381.patch
PR-URL: https://github.com/nodejs/node-private/pull/88
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
 		2017-07-11 17:46:16 +01:00
..
build Add c-ares dependency 2012-08-07 01:49:02 +02:00
config build: Updates to enable AIX support 2015-09-15 13:17:28 -04:00
include deps: back port OpenBSD fix in c-ares/c-ares 2016-10-28 09:14:40 -07:00
src deps: cherry-pick 9478908a49 from cares upstream 2017-07-11 17:46:16 +01:00
.gitignore deps: upgrade c-ares to piscisaureus/cares@805d153 2013-07-06 22:20:29 +02:00
Makefile deps: upgrade c-ares to 1.10.0 2013-05-14 02:07:35 +02:00
android-configure deps: upgrade c-ares to piscisaureus/cares@805d153 2013-07-06 22:20:29 +02:00
build.mk deps: upgrade c-ares to piscisaureus/cares@805d153 2013-07-06 22:20:29 +02:00
cares.gyp build: fix dependency on missing header file 2016-08-03 11:12:53 +02:00
common.gypi build: Updates to enable AIX support 2015-09-15 13:17:28 -04:00
gyp_cares deps: upgrade c-ares to piscisaureus/cares@805d153 2013-07-06 22:20:29 +02:00