From d7193a102f3d060e8cb72071c41b49001adcec23 Mon Sep 17 00:00:00 2001
From: zhangcui <zhangcui11@huawei.com>
Date: Tue, 7 Mar 2023 12:09:52 +0000
Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: zhangcui <zhangcui11@huawei.com>
---
 ares_init.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ares_init.c b/ares_init.c
index dffa518..94855c1 100644
--- a/ares_init.c
+++ b/ares_init.c
@@ -2210,6 +2210,9 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
       q = str;
       while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
         q++;
+      if (q - str >= 16) {
+        return ARES_EBADSTR;
+      }
       memcpy(ipbuf, str, q-str);
       ipbuf[q-str] = '\0';
       /* Find the prefix */
@@ -2218,6 +2221,9 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
           const char *str2 = q+1;
           while (*q && *q != ';' && !ISSPACE(*q))
             q++;
+          if (q - str >= 32) {
+            return ARES_EBADSTR;
+          }
           memcpy(ipbufpfx, str, q-str);
           ipbufpfx[q-str] = '\0';
           str = str2;
-- 
Gitee


From d3765b0f6b6d7c5417479c9989d779001b028d25 Mon Sep 17 00:00:00 2001
From: zhangcui <zhangcui11@huawei.com>
Date: Tue, 7 Mar 2023 12:26:29 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: zhangcui <zhangcui11@huawei.com>
---
 test/ares-test-init.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc
index ff6c6c6..c3cb948 100644
--- a/test/ares-test-init.cc
+++ b/test/ares-test-init.cc
@@ -270,6 +270,8 @@ TEST_F(DefaultChannelTest, SetAddresses) {
 
 TEST_F(DefaultChannelTest, SetSortlistFailures) {
   EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
+  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
+  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
   EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
   EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
 }
-- 
Gitee