diff --git a/deps/cares/include/ares_version.h b/deps/cares/include/ares_version.h index 7758a48148a804..c041d574dee09e 100644 --- a/deps/cares/include/ares_version.h +++ b/deps/cares/include/ares_version.h @@ -7,11 +7,11 @@ #define ARES_VERSION_MAJOR 1 #define ARES_VERSION_MINOR 16 -#define ARES_VERSION_PATCH 0 +#define ARES_VERSION_PATCH 1 #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\ (ARES_VERSION_MINOR<<8)|\ (ARES_VERSION_PATCH)) -#define ARES_VERSION_STR "1.16.0" +#define ARES_VERSION_STR "1.16.1" #if (ARES_VERSION >= 0x010700) # define CARES_HAVE_ARES_LIBRARY_INIT 1 diff --git a/deps/cares/src/RELEASE-NOTES b/deps/cares/src/RELEASE-NOTES index 0d8573ae8dd933..7a9d75fe788e84 100644 --- a/deps/cares/src/RELEASE-NOTES +++ b/deps/cares/src/RELEASE-NOTES @@ -1,85 +1,30 @@ -c-ares version 1.16.0 +c-ares version 1.16.1 + +Security: + o Prevent possible use-after-free and double-free in ares_getaddrinfo() if + ares_destroy() is called prior to ares_getaddrinfo() completing. Reported + by Jann Horn at Google Project Zero. Changes: - o Introduction of ares_getaddrinfo() API which provides similar output - (including proper sorting as per RFC 6724) to the system native API, but - utilizes different data structures in order to provide additional information - such as TTLs and all aliases. Please reference the respective man pages for - usage details. [3] [4] [5] [7] [8] [13] [14] [15] [16] [17] [22] - o Parse SOA records from ns_t_any response [29] [30] - o CMake: Provide c-ares version in package export file [24] - o CMake: Add CPACK functionality for DEB and RPM [28] - o CMake: Generate PDB files during build [33] [34] - o CMake: Support manpage installation [37] [38] + o Allow TXT records on CHAOS qclass. Used for retriving things like + version.bind, version.server, authoris.bind, hostname.bind, and id.server. + [3] Bug fixes: - o Fix bad expectation in IPv6 localhost test. [1] [2] - o AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to prevent - complaints about CPPFLAGS in CFLAGS. [6] - o Fix .onion handling - o Command line usage was out of date for adig and ahost. [18] - o Typos in manpages [19] [20] - o If ares_getenv is defined, it must return a value on all platforms [21] - o If /etc/resolv.conf has invalid lookup values, use the defaults. [23] - o Tests: Separate live tests from SetServers* tests as only live tests should - require internet access. [25] - o ares_gethostbyname() should return ENODATA if no valid A or AAAA record is - found, but a CNAME was found. [26] [27] - o CMake: Rework library function checking to prevent unintended linking with - system libraries that aren't needed. [31] [32] - o Due to use of inet_addr() it was not possible to return 255.255.255.255 from - ares_gethostbyname(). [35] [36] - o CMake: Fix building of tests on Windows + o Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1] + o Silence false cast-align compiler warnings due to valid casts of + struct sockaddr to struct sockaddr_in and struct sockaddr_in6. + o MacOS should use libresolv for retrieving DNS servers, like iOS + o CMake build system should populate the INCLUDE_DIRECTORIES property of + installed targets [2] + o Correct macros in use for the ares_getaddrinfo.3 man page Thanks go to these friendly people for their efforts and contributions: - Abhishek Arya (@inferno-chromium), Adam Majer (@AdamMajer), - Andrew Selivanov (@ki11roy), Ben Noordhuis (@bnoordhuis), - Brad House (@bradh352), Christian Ammer (@ChristianAmmer), Dan NoƩ (@dnoe), - Daniel Stenberg (@bagder), Darrin Cullop (@dwcullop), - Dron Rathore (@DronRathore), Fabrice Fontaine (@ffontaine), - Gregor Jasny (@gjasny), @kedixa, Khaidi Chu (@XadillaX), - Kyle Edwards (@KyleFromKitware), @lifenjoiner, Michal Rostecki (@mrostecki), - Peter Eisentraut (@petere), Piotr Pietraszkiewicz (@ppietrasa), - Stephen Bryant (@bf-bryants), @tjwalton, Vy Nguyen (@oontvoo) - (22 contributors) + Brad House (@bradh352), Daniel Stenberg (@bagder), Dmitry Igrishin (@dmitigr), + Jann Horn, Shelly Vohr, Teemu R (@rytilahti) + (6 contributors) References to bug reports and discussions on issues: - [1] = https://github.com/c-ares/c-ares/pull/227 - [2] = https://github.com/c-ares/c-ares/issues/85 - [3] = https://github.com/c-ares/c-ares/pull/112 - [4] = https://github.com/c-ares/c-ares/pull/233 - [5] = https://github.com/c-ares/c-ares/pull/234 - [6] = https://github.com/c-ares/c-ares/pull/236 - [7] = https://github.com/c-ares/c-ares/pull/235 - [8] = https://github.com/c-ares/c-ares/pull/239 - [9] = https://github.com/c-ares/c-ares/pull/241 - [10] = https://github.com/c-ares/c-ares/pull/187 - [11] = https://github.com/c-ares/c-ares/pull/252 - [12] = https://github.com/c-ares/c-ares/issues/251 - [13] = https://github.com/c-ares/c-ares/pull/258 - [14] = https://github.com/c-ares/c-ares/pull/257 - [15] = https://github.com/c-ares/c-ares/pull/262 - [16] = https://github.com/c-ares/c-ares/pull/264 - [17] = https://github.com/c-ares/c-ares/pull/265 - [18] = https://github.com/c-ares/c-ares/pull/256 - [19] = https://github.com/c-ares/c-ares/pull/269 - [20] = https://github.com/c-ares/c-ares/pull/275 - [21] = https://github.com/c-ares/c-ares/pull/279 - [22] = https://github.com/c-ares/c-ares/pull/290 - [23] = https://github.com/c-ares/c-ares/pull/274 - [24] = https://github.com/c-ares/c-ares/pull/296 - [25] = https://github.com/c-ares/c-ares/pull/299 - [26] = https://github.com/c-ares/c-ares/pull/304 - [27] = https://github.com/c-ares/c-ares/issues/303 - [28] = https://github.com/c-ares/c-ares/pull/283 - [29] = https://github.com/c-ares/c-ares/pull/103 - [30] = https://github.com/c-ares/c-ares/issues/102 - [31] = https://github.com/c-ares/c-ares/pull/310 - [32] = https://github.com/c-ares/c-ares/issues/307 - [33] = https://github.com/c-ares/c-ares/pull/311 - [34] = https://github.com/c-ares/c-ares/issues/245 - [35] = https://github.com/c-ares/c-ares/issues/309 - [36] = https://github.com/c-ares/c-ares/pull/312 - [37] = https://github.com/c-ares/c-ares/issues/297 - [38] = https://github.com/c-ares/c-ares/pull/314 - + [1] = https://github.com/c-ares/c-ares/pull/328 + [2] = https://github.com/c-ares/c-ares/pull/323 + [3] = https://github.com/c-ares/c-ares/pull/321 diff --git a/deps/cares/src/ares_getaddrinfo.c b/deps/cares/src/ares_getaddrinfo.c index 8265e4afc20f60..be168068b1d424 100644 --- a/deps/cares/src/ares_getaddrinfo.c +++ b/deps/cares/src/ares_getaddrinfo.c @@ -408,11 +408,11 @@ static void end_hquery(struct host_query *hquery, int status) { if (next->ai_family == AF_INET) { - ((struct sockaddr_in *)next->ai_addr)->sin_port = htons(hquery->port); + (CARES_INADDR_CAST(struct sockaddr_in *, next->ai_addr))->sin_port = htons(hquery->port); } else { - ((struct sockaddr_in6 *)next->ai_addr)->sin6_port = htons(hquery->port); + (CARES_INADDR_CAST(struct sockaddr_in6 *, next->ai_addr))->sin6_port = htons(hquery->port); } next = next->ai_next; } @@ -456,18 +456,18 @@ static int file_lookup(struct host_query *hquery) char tmp[MAX_PATH]; HKEY hkeyHosts; - if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY, 0, KEY_READ, + if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY, 0, KEY_READ, &hkeyHosts) == ERROR_SUCCESS) { DWORD dwLength = MAX_PATH; - RegQueryValueEx(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp, + RegQueryValueExA(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp, &dwLength); - ExpandEnvironmentStrings(tmp, PATH_HOSTS, MAX_PATH); + ExpandEnvironmentStringsA(tmp, PATH_HOSTS, MAX_PATH); RegCloseKey(hkeyHosts); } } else if (platform == WIN_9X) - GetWindowsDirectory(PATH_HOSTS, MAX_PATH); + GetWindowsDirectoryA(PATH_HOSTS, MAX_PATH); else return ARES_ENOTFOUND; @@ -548,6 +548,7 @@ static void host_callback(void *arg, int status, int timeouts, else if (status == ARES_EDESTRUCTION) { end_hquery(hquery, status); + return; } if (!hquery->remaining) diff --git a/deps/cares/src/ares_getnameinfo.c b/deps/cares/src/ares_getnameinfo.c index aa089417060fec..53f91ca8459fc1 100644 --- a/deps/cares/src/ares_getnameinfo.c +++ b/deps/cares/src/ares_getnameinfo.c @@ -92,13 +92,13 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, if ((sa->sa_family == AF_INET) && (salen == sizeof(struct sockaddr_in))) { - addr = (struct sockaddr_in *)sa; + addr = CARES_INADDR_CAST(struct sockaddr_in *, sa); port = addr->sin_port; } else if ((sa->sa_family == AF_INET6) && (salen == sizeof(struct sockaddr_in6))) { - addr6 = (struct sockaddr_in6 *)sa; + addr6 = CARES_INADDR_CAST(struct sockaddr_in6 *, sa); port = addr6->sin6_port; } else diff --git a/deps/cares/src/ares_parse_a_reply.c b/deps/cares/src/ares_parse_a_reply.c index 920ba24af42129..d8a9e9b578363b 100644 --- a/deps/cares/src/ares_parse_a_reply.c +++ b/deps/cares/src/ares_parse_a_reply.c @@ -163,7 +163,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, { hostent->h_addr_list[i] = (char *)&addrs[i]; memcpy(hostent->h_addr_list[i], - &(((struct sockaddr_in *)next->ai_addr)->sin_addr), + &(CARES_INADDR_CAST(struct sockaddr_in *, next->ai_addr)->sin_addr), sizeof(struct in_addr)); if (naddrttls && i < *naddrttls) { @@ -173,7 +173,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, addrttls[i].ttl = next->ai_ttl; memcpy(&addrttls[i].ipaddr, - &(((struct sockaddr_in *)next->ai_addr)->sin_addr), + &(CARES_INADDR_CAST(struct sockaddr_in *, next->ai_addr)->sin_addr), sizeof(struct in_addr)); } ++i; diff --git a/deps/cares/src/ares_parse_aaaa_reply.c b/deps/cares/src/ares_parse_aaaa_reply.c index d39e138d4c3304..0d39bfa8268bc0 100644 --- a/deps/cares/src/ares_parse_aaaa_reply.c +++ b/deps/cares/src/ares_parse_aaaa_reply.c @@ -165,7 +165,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, { hostent->h_addr_list[i] = (char*)&addrs[i]; memcpy(hostent->h_addr_list[i], - &(((struct sockaddr_in6 *)next->ai_addr)->sin6_addr), + &(CARES_INADDR_CAST(struct sockaddr_in6 *, next->ai_addr)->sin6_addr), sizeof(struct ares_in6_addr)); if (naddrttls && i < *naddrttls) { @@ -175,7 +175,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, addrttls[i].ttl = next->ai_ttl; memcpy(&addrttls[i].ip6addr, - &(((struct sockaddr_in6 *)next->ai_addr)->sin6_addr), + &(CARES_INADDR_CAST(struct sockaddr_in6 *, next->ai_addr)->sin6_addr), sizeof(struct ares_in6_addr)); } ++i; diff --git a/deps/cares/src/ares_parse_txt_reply.c b/deps/cares/src/ares_parse_txt_reply.c index 4856b4cea31f9f..3f47e23f08637f 100644 --- a/deps/cares/src/ares_parse_txt_reply.c +++ b/deps/cares/src/ares_parse_txt_reply.c @@ -113,7 +113,7 @@ ares__parse_txt_reply (const unsigned char *abuf, int alen, } /* Check if we are really looking at a TXT record */ - if (rr_class == C_IN && rr_type == T_TXT) + if ((rr_class == C_IN || rr_class == C_CHAOS) && rr_type == T_TXT) { /* * There may be multiple substrings in a single TXT record. Each diff --git a/deps/cares/src/ares_private.h b/deps/cares/src/ares_private.h index 2ee54e5ecd8e21..1884c1659681c1 100644 --- a/deps/cares/src/ares_private.h +++ b/deps/cares/src/ares_private.h @@ -50,6 +50,11 @@ #define STATIC_TESTABLE static #endif +/* By using a double cast, we can get rid of the bogus warning of + * warning: cast from 'const struct sockaddr *' to 'const struct sockaddr_in6 *' increases required alignment from 1 to 4 [-Wcast-align] + */ +#define CARES_INADDR_CAST(type, var) ((type)((void *)var)) + #if defined(WIN32) && !defined(WATT32) #define WIN_NS_9X "System\\CurrentControlSet\\Services\\VxD\\MSTCP" diff --git a/deps/cares/src/ares_process.c b/deps/cares/src/ares_process.c index c86d3f2026b20b..ff71f66a1ecce0 100644 --- a/deps/cares/src/ares_process.c +++ b/deps/cares/src/ares_process.c @@ -1337,13 +1337,13 @@ static int same_address(struct sockaddr *sa, struct ares_addr *aa) { case AF_INET: addr1 = &aa->addrV4; - addr2 = &((struct sockaddr_in *)sa)->sin_addr; + addr2 = &(CARES_INADDR_CAST(struct sockaddr_in *, sa))->sin_addr; if (memcmp(addr1, addr2, sizeof(aa->addrV4)) == 0) return 1; /* match */ break; case AF_INET6: addr1 = &aa->addrV6; - addr2 = &((struct sockaddr_in6 *)sa)->sin6_addr; + addr2 = &(CARES_INADDR_CAST(struct sockaddr_in6 *, sa))->sin6_addr; if (memcmp(addr1, addr2, sizeof(aa->addrV6)) == 0) return 1; /* match */ break;