Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: cherry-pick 0d252eb from upstream c-ares
Original commit message: If there are more ttls returned than the maximum provided by the requestor, then the *naddrttls response would be larger than the actual number of elements in the addrttls array. This bug could lead to invalid memory accesses in applications using c-ares. This behavior appeared to break with PR c-ares/c-ares#257 Fixes: c-ares/c-ares#371 Reported By: Momtchil Momtchev (@mmomtchev) Fix By: Brad House (@bradh352) Refs: https://github.com/nodejs/node/issues/36063 Signed-off-by: Michael Dawson <mdawson@devrus.com> CVE-ID: CVE-2020-8277 PR-URL: nodejs-private/node-private#231 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>
- Loading branch information