From 1fd2c8142b611baadc973947b83c0863cb003d9d Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Thu, 12 Nov 2020 19:02:17 -0500
Subject: [PATCH] deps: cherry-pick 0d252eb from upstream c-ares

Original commit message:

  If there are more ttls returned than the maximum provided by the requestor, then
  the *naddrttls response would be larger than the actual number of elements in
  the addrttls array.

  This bug could lead to invalid memory accesses in applications using c-ares.

  This behavior appeared to break with PR https://github.com/c-ares/c-ares/pull/257

  Fixes: https://github.com/c-ares/c-ares/issues/371
  Reported By: Momtchil Momtchev (@mmomtchev)
  Fix By: Brad House (@bradh352)

Refs: https://github.com/nodejs/node/issues/36063

Signed-off-by: Michael Dawson <mdawson@devrus.com>

CVE-ID: CVE-2020-8277
PR-URL: https://github.com/nodejs-private/node-private/pull/231
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
---
 deps/cares/src/ares_parse_a_reply.c    | 3 ++-
 deps/cares/src/ares_parse_aaaa_reply.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/deps/cares/src/ares_parse_a_reply.c b/deps/cares/src/ares_parse_a_reply.c
index d8a9e9b578363b..e71c993f8de691 100644
--- a/deps/cares/src/ares_parse_a_reply.c
+++ b/deps/cares/src/ares_parse_a_reply.c
@@ -197,7 +197,8 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
 
   if (naddrttls)
     {
-      *naddrttls = naddrs;
+      /* Truncated to at most *naddrttls entries */
+      *naddrttls = (naddrs > *naddrttls)?*naddrttls:naddrs;
     }
 
   ares__freeaddrinfo_cnames(ai.cnames);
diff --git a/deps/cares/src/ares_parse_aaaa_reply.c b/deps/cares/src/ares_parse_aaaa_reply.c
index 0d39bfa8268bc0..346d430750beab 100644
--- a/deps/cares/src/ares_parse_aaaa_reply.c
+++ b/deps/cares/src/ares_parse_aaaa_reply.c
@@ -200,7 +200,8 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
 
   if (naddrttls)
     {
-      *naddrttls = naddrs;
+      /* Truncated to at most *naddrttls entries */
+      *naddrttls = (naddrs > *naddrttls)?*naddrttls:naddrs;
     }
 
   ares__freeaddrinfo_cnames(ai.cnames);