• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
2From: Brad House <brad@brad-house.com>
3Date: Mon, 22 May 2023 06:51:49 -0400
4Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
5
6---
7 src/lib/ares_process.c | 41 +++++++++++++++++++++++++----------------
8 1 file changed, 25 insertions(+), 16 deletions(-)
9
10diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
11index bf0cde4..6cac0a9 100644
12--- a/src/lib/ares_process.c
13+++ b/src/lib/ares_process.c
14@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
15 {
16   struct server_state *server;
17   int i;
18-  ares_ssize_t count;
19+  ares_ssize_t read_len;
20   unsigned char buf[MAXENDSSZ + 1];
21 #ifdef HAVE_RECVFROM
22   ares_socklen_t fromlen;
23@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
24       /* To reduce event loop overhead, read and process as many
25        * packets as we can. */
26       do {
27-        if (server->udp_socket == ARES_SOCKET_BAD)
28-          count = 0;
29-
30-        else {
31-          if (server->addr.family == AF_INET)
32+        if (server->udp_socket == ARES_SOCKET_BAD) {
33+          read_len = -1;
34+        } else {
35+          if (server->addr.family == AF_INET) {
36             fromlen = sizeof(from.sa4);
37-          else
38+          } else {
39             fromlen = sizeof(from.sa6);
40-          count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
41-                                  sizeof(buf), 0, &from.sa, &fromlen);
42+          }
43+          read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
44+                                     sizeof(buf), 0, &from.sa, &fromlen);
45         }
46
47-        if (count == -1 && try_again(SOCKERRNO))
48+        if (read_len == 0) {
49+          /* UDP is connectionless, so result code of 0 is a 0-length UDP
50+           * packet, and not an indication the connection is closed like on
51+           * tcp */
52           continue;
53-        else if (count <= 0)
54+        } else if (read_len < 0) {
55+          if (try_again(SOCKERRNO))
56+            continue;
57+
58           handle_error(channel, i, now);
59+
60 #ifdef HAVE_RECVFROM
61-        else if (!same_address(&from.sa, &server->addr))
62+        } else if (!same_address(&from.sa, &server->addr)) {
63           /* The address the response comes from does not match the address we
64            * sent the request to. Someone may be attempting to perform a cache
65            * poisoning attack. */
66-          break;
67+          continue;
68 #endif
69-        else
70-          process_answer(channel, buf, (int)count, i, 0, now);
71-       } while (count > 0);
72+
73+        } else {
74+          process_answer(channel, buf, (int)read_len, i, 0, now);
75+        }
76+      } while (read_len >= 0);
77     }
78 }
79
80--
812.27.0
82
83