OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
v7.x
node/deps
History
David Drysdale 8a82960e76
deps: cherry-pick 9478908a49 from cares upstream 
Original commit message:

  ares_parse_naptr_reply: check sufficient data

  Check that there is enough data for the required elements
  of an NAPTR record (2 int16, 3 bytes for string lengths)
  before processing a record.

This patch fixes CVE-2017-1000381

The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was
crafted in a particular way.

Refs: https://c-ares.haxx.se/adv_20170620.html
Refs: https://c-ares.haxx.se/CVE-2017-1000381.patch
PR-URL: https://github.com/nodejs/node-private/pull/88
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2017-07-10 23:59:31 +01:00
..
cares deps: cherry-pick 9478908a49 from cares upstream 2017-07-10 23:59:31 +01:00
gtest gtest: output tap comments as yamlish 2016-11-11 10:52:12 -05:00
http_parser deps: update to http-parser 2.7.0 2016-04-19 11:47:39 -04:00
icu-small deps: ICU 58.2 bump 2017-01-04 10:44:09 -06:00
node-inspect deps: Add node-inspect 1.10.6 2017-03-20 11:30:42 -04:00
npm deps: remove **/node_modules/form-data/README.md 2017-05-02 15:22:44 -05:00
openssl deps: update openssl asm and asm_obsolete files 2017-01-30 12:09:07 -05:00
uv deps: upgrade libuv to 1.11.0 2017-02-14 11:52:25 -05:00
v8 v8: fix stack overflow in recursive method 2017-05-02 12:46:15 -05:00
v8_inspector inspector: switch to new inspector APIs 2016-11-03 05:14:40 -05:00
zlib deps: fix CLEAR_HASH macro to be usable as a single statement 2017-03-07 06:04:05 -06:00