Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / a27bf072516caa93cac0ae6f95f4639c3ec08bd7 / . / poky / meta / recipes-connectivity / avahi / files / CVE-2023-38472.patch
blob: 85dbded73bdff9d374de5a12b795e848078dc180 [file] [log] [blame]
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]1From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]2From: Michal Sekletar <msekleta@redhat.com>
3Date: Thu, 19 Oct 2023 17:36:44 +0200
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]4Subject: [PATCH] core: make sure there is rdata to process before parsing it
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]5
6Fixes #452
7
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]8CVE-2023-38472
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]9
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]10Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security
11Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
12CVE: CVE-2023-38472
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]13Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]15---
16 avahi-client/client-test.c | 3 +++
17 avahi-daemon/dbus-entry-group.c | 2 +-
18 2 files changed, 4 insertions(+), 1 deletion(-)
19
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]20Index: avahi-0.8/avahi-client/client-test.c
21===================================================================
22--- avahi-0.8.orig/avahi-client/client-test.c
23+++ avahi-0.8/avahi-client/client-test.c
24@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
25 assert(error == AVAHI_ERR_INVALID_RECORD);
26 avahi_string_list_free(txt);
27
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]28+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
29+ assert(error != AVAHI_OK);
30+
31 avahi_entry_group_commit (group);
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]32
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]33 domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]34Index: avahi-0.8/avahi-daemon/dbus-entry-group.c
35===================================================================
36--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c
37+++ avahi-0.8/avahi-daemon/dbus-entry-group.c
38@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]39 if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
40 return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
Patrick Williams169d7bc2024-01-05 11:33:25 -0600[diff] [blame]41
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]42- if (avahi_rdata_parse (r, rdata, size) < 0) {
43+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
44 avahi_record_unref (r);
45 return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
46 }