| Patrick Williams | 169d7bc | 2024-01-05 11:33:25 -0600 | [diff] [blame] | 1 | From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 |
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> |
| 3 | Date: Wed, 25 Oct 2023 18:15:42 +0000 |
| 4 | Subject: [PATCH] tests: pass overly long TXT resource records |
| 5 | |
| 6 | to make sure they don't crash avahi any more. |
| 7 | It reproduces https://github.com/lathiat/avahi/issues/455 |
| 8 | |
| 9 | Canonical notes: |
| 10 | nickgalanis> removed first hunk since there is no .github dir in this release |
| 11 | |
| 12 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security |
| 13 | Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] |
| 14 | CVE: CVE-2023-38469 |
| 15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> |
| 16 | --- |
| 17 | avahi-client/client-test.c | 14 ++++++++++++++ |
| 18 | 1 files changed, 14 insertions(+) |
| 19 | |
| 20 | Index: avahi-0.8/avahi-client/client-test.c |
| 21 | =================================================================== |
| 22 | --- avahi-0.8.orig/avahi-client/client-test.c |
| 23 | +++ avahi-0.8/avahi-client/client-test.c |
| 24 | @@ -22,6 +22,7 @@ |
| 25 | #endif |
| 26 | |
| 27 | #include <stdio.h> |
| 28 | +#include <string.h> |
| 29 | #include <assert.h> |
| 30 | |
| 31 | #include <avahi-client/client.h> |
| 32 | @@ -33,6 +34,8 @@ |
| 33 | #include <avahi-common/malloc.h> |
| 34 | #include <avahi-common/timeval.h> |
| 35 | |
| 36 | +#include <avahi-core/dns.h> |
| 37 | + |
| 38 | static const AvahiPoll *poll_api = NULL; |
| 39 | static AvahiSimplePoll *simple_poll = NULL; |
| 40 | |
| 41 | @@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA |
| 42 | uint32_t cookie; |
| 43 | struct timeval tv; |
| 44 | AvahiAddress a; |
| 45 | + uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; |
| 46 | + AvahiStringList *txt = NULL; |
| 47 | + int r; |
| 48 | |
| 49 | simple_poll = avahi_simple_poll_new(); |
| 50 | poll_api = avahi_simple_poll_get(simple_poll); |
| 51 | @@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA |
| 52 | printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); |
| 53 | printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); |
| 54 | |
| 55 | + memset(rdata, 1, sizeof(rdata)); |
| 56 | + r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); |
| 57 | + assert(r >= 0); |
| 58 | + assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); |
| 59 | + error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); |
| 60 | + assert(error == AVAHI_ERR_INVALID_RECORD); |
| 61 | + avahi_string_list_free(txt); |
| 62 | + |
| 63 | avahi_entry_group_commit (group); |
| 64 | |
| 65 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); |