From 53cb29bddc6e68fe248552044be49b4d654782d1 Mon Sep 17 00:00:00 2001
From: lutianxiong <lutianxiong@huawei.com>
Date: Sat, 23 May 2020 11:04:59 +0800
Subject: [PATCH] Fix invalid read in ares_parse_soa_reply

---
 ...invalid-read-in-ares_parse_soa_reply.patch | 25 +++++++++++++++++++
 c-ares.spec                                   |  9 ++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 0002-Fix-invalid-read-in-ares_parse_soa_reply.patch

diff --git a/0002-Fix-invalid-read-in-ares_parse_soa_reply.patch b/0002-Fix-invalid-read-in-ares_parse_soa_reply.patch
new file mode 100644
index 0000000..00968b2
--- /dev/null
+++ b/0002-Fix-invalid-read-in-ares_parse_soa_reply.patch
@@ -0,0 +1,25 @@
+commit 1b98172b141fe874ad43e679e67506f9b2139043
+Author: lutianxiong <50396812+ltx2018@users.noreply.github.com>
+Date:   Fri May 22 20:02:21 2020 +0800
+
+    avoid read-heap-buffer-overflow (#332)
+    
+    Fix invalid read in ares_parse_soa_reply.c found during fuzzing
+    
+    Fixes Bug: #333
+    Fix By: lutianxiong (@ltx2018)
+
+diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
+index 2a2cac8..7cfaed2 100644
+--- a/ares_parse_soa_reply.c
++++ b/ares_parse_soa_reply.c
+@@ -69,6 +69,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
+   status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
+   if (status != ARES_SUCCESS)
+     goto failed_stat;
++
++  if (alen <= len + HFIXEDSZ + 1)
++    goto failed;
+   aptr += len;
+ 
+   qclass = DNS_QUESTION_TYPE(aptr);
diff --git a/c-ares.spec b/c-ares.spec
index 94e9c91..ce3275a 100644
--- a/c-ares.spec
+++ b/c-ares.spec
@@ -1,6 +1,6 @@
 Name:           c-ares
 Version:        1.16.0
-Release:        1
+Release:        2
 Summary:        A C library for asynchronous DNS requests
 
 License:        MIT
@@ -10,6 +10,7 @@ Source0:        https://github.com/c-ares/c-ares/releases/tag/%{name}-%{version}
 BuildRequires:  gcc autoconf automake libtool
 # Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR
 Patch0:         0001-Use-RPM-compiler-options.patch
+Patch1:         0002-Fix-invalid-read-in-ares_parse_soa_reply.patch
 %description
 This is c-ares, an asynchronous resolver library. It is intended for applications
 which need to perform DNS queries without blocking, or need to perform multiple
@@ -52,6 +53,12 @@ make %{?_smp_mflags}
 %{_mandir}/man3/*
 
 %changelog
+* Sat May 23 2020 lutianxiong<lutianxiong@huawei.com> - 1.16.0-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: Fix invalid read in ares_parse_soa_reply.c found during fuzzing
+
 * Fri Apr 17 2020 liaichun<liaichun@huawei.com> - 1.16.0-1
 - Type:bugfix
 - ID:NA
-- 
Gitee