c-ares gRPC library: fix a bug impacting gRPC's use of c-ares (envoyp…

…roxy#35487) Signed-off-by: Adi Suissa-Peleg <[email protected]>
fredyw · Jul 30, 2024 · 3f6a8c0 · 3f6a8c0
1 parent 90761ad
commit 3f6a8c0
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/bazel/foreign_cc/cares.patch b/bazel/foreign_cc/cares.patch
@@ -0,0 +1,58 @@
+From a070d7835d667b2fae5266fe1b790677dae47d25 Mon Sep 17 00:00:00 2001
+From: Brad House <[email protected]>
+Date: Thu, 12 Oct 2023 09:29:14 -0400
+Subject: [PATCH] Socket callbacks were passed SOCK_STREAM instead of
+ SOCK_DGRAM on udp
+
+A regression was introduced in 1.20.0 that would pass SOCK_STREAM on udp
+connections due to code refactoring.  If a client application validated this
+data, it could cause issues as seen in gRPC.
+
+Fixes Issue: #571
+Fix By: Brad House (@bradh352)
+---
+ src/lib/ares_process.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
+index ca597db7ad..2f8e4de30d 100644
+--- a/src/lib/ares_process.c
++++ b/src/lib/ares_process.c
+@@ -1065,6 +1065,7 @@ static ares_status_t open_socket(ares_channel channel,
+   unsigned short port;
+   struct server_connection *conn;
+   ares__llist_node_t *node;
++  int type = is_tcp?SOCK_STREAM:SOCK_DGRAM;
+
+   if (is_tcp) {
+     port = aresx_sitous(server->addr.tcp_port?
+@@ -1098,8 +1099,7 @@ static ares_status_t open_socket(ares_channel channel,
+   }
+
+   /* Acquire a socket. */
+-  s = ares__open_socket(channel, server->addr.family,
+-                        is_tcp?SOCK_STREAM:SOCK_DGRAM, 0);
++  s = ares__open_socket(channel, server->addr.family, type, 0);
+   if (s == ARES_SOCKET_BAD)
+     return ARES_ECONNREFUSED;
+
+@@ -1129,8 +1129,7 @@ static ares_status_t open_socket(ares_channel channel,
+ #endif
+
+   if (channel->sock_config_cb) {
+-    int err = channel->sock_config_cb(s, SOCK_STREAM,
+-                                      channel->sock_config_cb_data);
++    int err = channel->sock_config_cb(s, type, channel->sock_config_cb_data);
+     if (err < 0) {
+       ares__close_socket(channel, s);
+       return ARES_ECONNREFUSED;
+@@ -1148,8 +1147,7 @@ static ares_status_t open_socket(ares_channel channel,
+   }
+
+   if (channel->sock_create_cb) {
+-    int err = channel->sock_create_cb(s, SOCK_STREAM,
+-                                      channel->sock_create_cb_data);
++    int err = channel->sock_create_cb(s, type, channel->sock_create_cb_data);
+     if (err < 0) {
+       ares__close_socket(channel, s);
+       return ARES_ECONNREFUSED;
diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
@@ -443,6 +443,11 @@ def _com_github_c_ares_c_ares():
     external_http_archive(
         name = "com_github_c_ares_c_ares",
         build_file_content = BUILD_ALL_CONTENT,
+        # Patch c-ares library aith commit
+        # https://github.com/c-ares/c-ares/commit/a070d7835d667b2fae5266fe1b790677dae47d25
+        # This commit fixes an issue when the gRPC library attempts to resolve a domain name.
+        patches = ["@envoy//bazel/foreign_cc:cares.patch"],
+        patch_args = ["-p1"],
     )
     native.bind(
         name = "ares",

diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -26,6 +26,9 @@ bug_fixes:
 - area: quic
   change: |
     Fixes access log formatter %CONNECTION_ID% for QUIC connections.
+- area: c-ares
+  change: |
+    Applying a C-ares patch to fix DNS resoultion by the Google gRPC library.
 - area: ext_authz
   change: |
     Fixed fail-open behavior of the :ref:`failure_mode_allow config option