{"id":10180,"date":"2017-06-20T08:15:52","date_gmt":"2017-06-20T06:15:52","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=10180"},"modified":"2017-06-20T08:15:52","modified_gmt":"2017-06-20T06:15:52","slug":"c-ares-1-13-0","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2017\/06\/20\/c-ares-1-13-0\/","title":{"rendered":"c-ares 1.13.0"},"content":{"rendered":"

\"\"<\/a>The c-ares project<\/a> may not be very fancy or make a lot of noise, but it steadily moves forward and boasts an amazing 95% code coverage in the automated tests.<\/p>\n

Today we release c-ares 1.13.0<\/strong>.<\/p>\n

This time there’s basically three notable things to take home from this, apart from the 20-something bug-fixes.<\/p>\n

CVE-2017-1000381<\/h2>\n

Due to an oversight there was an API function that we didn’t fuzz and yes, it was found out to have a security flaw. If you ask a server for a NAPTR DNS field and that response comes back crafted carefully, it could cause c-ares to access memory out of bounds.<\/p>\n

All details for CVE-2017-1000381 on the c-ares site<\/a>.<\/p>\n

(Side-note: this is the first CVE I’ve received with a 7(!)-digit number to the right of the year.)<\/p>\n

cmake<\/h2>\n

Now c-ares can optionally be built using cmake, in addition to the existing autotools setup.<\/p>\n

Virtual socket IO<\/h2>\n

If you have a special setup or custom needs, c-ares now allows you to fully replace all the socket IO functions with your own custom set with ares_set_socket_functions<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The c-ares project may not be very fancy or make a lot of noise, but it steadily moves forward and boasts an amazing 95% code coverage in the automated tests. Today we release c-ares 1.13.0. This time there’s basically three notable things to take home from this, apart from the 20-something bug-fixes. CVE-2017-1000381 Due to … Continue reading c-ares 1.13.0<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[239],"tags":[213,95],"class_list":["post-10180","post","type-post","status-publish","format-standard","hentry","category-c-ares-floss","tag-c-ares","tag-release"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/10180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=10180"}],"version-history":[{"count":2,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/10180\/revisions"}],"predecessor-version":[{"id":10185,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/10180\/revisions\/10185"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=10180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=10180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=10180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}