import UBI avahi-0.7-21.el8_9.1
This commit is contained in:
parent
aa633d01a8
commit
086e290bd8
@ -0,0 +1,40 @@
|
||||
From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
|
||||
From: Riccardo Schirone <sirmy15@gmail.com>
|
||||
Date: Fri, 26 Mar 2021 11:50:24 +0100
|
||||
Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
|
||||
client_work
|
||||
|
||||
If a client fills the input buffer, client_work() disables the
|
||||
AVAHI_WATCH_IN event, thus preventing the function from executing the
|
||||
`read` syscall the next times it is called. However, if the client then
|
||||
terminates the connection, the socket file descriptor receives a HUP
|
||||
event, which is not handled, thus the kernel keeps marking the HUP event
|
||||
as occurring. While iterating over the file descriptors that triggered
|
||||
an event, the client file descriptor will keep having the HUP event and
|
||||
the client_work() function is always called with AVAHI_WATCH_HUP but
|
||||
without nothing being done, thus entering an infinite loop.
|
||||
|
||||
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
|
||||
---
|
||||
avahi-daemon/simple-protocol.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
|
||||
index 3e0ebb1..6c0274d 100644
|
||||
--- a/avahi-daemon/simple-protocol.c
|
||||
+++ b/avahi-daemon/simple-protocol.c
|
||||
@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
|
||||
}
|
||||
}
|
||||
|
||||
+ if (events & AVAHI_WATCH_HUP) {
|
||||
+ client_free(c);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
c->server->poll_api->watch_update(
|
||||
watch,
|
||||
(c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,55 @@
|
||||
From 94cb6489114636940ac683515417990b55b5d66c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Tue, 11 Apr 2023 15:29:59 +0200
|
||||
Subject: [PATCH] Ensure each label is at least one byte long
|
||||
|
||||
The only allowed exception is single dot, where it should return empty
|
||||
string.
|
||||
|
||||
Fixes #454.
|
||||
---
|
||||
avahi-common/domain-test.c | 14 ++++++++++++++
|
||||
avahi-common/domain.c | 2 +-
|
||||
2 files changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
|
||||
index cf763ec..3acc1c1 100644
|
||||
--- a/avahi-common/domain-test.c
|
||||
+++ b/avahi-common/domain-test.c
|
||||
@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
|
||||
printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
|
||||
avahi_free(s);
|
||||
|
||||
+ printf("%s\n", s = avahi_normalize_name_strdup("."));
|
||||
+ avahi_free(s);
|
||||
+
|
||||
+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
|
||||
+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
|
||||
+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
|
||||
+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
|
||||
+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
|
||||
+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
|
||||
+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
|
||||
+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
|
||||
+ "}.?.?.?.}.=.?.?.}");
|
||||
+ assert(s == NULL);
|
||||
+
|
||||
printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
|
||||
printf("%i\n", avahi_domain_equal("A", "a"));
|
||||
|
||||
diff --git a/avahi-common/domain.c b/avahi-common/domain.c
|
||||
index 3b1ab68..e66d241 100644
|
||||
--- a/avahi-common/domain.c
|
||||
+++ b/avahi-common/domain.c
|
||||
@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
|
||||
}
|
||||
|
||||
if (!empty) {
|
||||
- if (size < 1)
|
||||
+ if (size < 2)
|
||||
return NULL;
|
||||
|
||||
*(r++) = '.';
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,107 @@
|
||||
From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 11 Oct 2023 17:45:44 +0200
|
||||
Subject: [PATCH] common: derive alternative host name from its unescaped
|
||||
version
|
||||
|
||||
Normalization of input makes sure we don't have to deal with special
|
||||
cases like unescaped dot at the end of label.
|
||||
|
||||
Fixes #451 #487
|
||||
CVE-2023-38473
|
||||
---
|
||||
avahi-common/alternative-test.c | 3 +++
|
||||
avahi-common/alternative.c | 27 +++++++++++++++++++--------
|
||||
2 files changed, 22 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c
|
||||
index 9255435..681fc15 100644
|
||||
--- a/avahi-common/alternative-test.c
|
||||
+++ b/avahi-common/alternative-test.c
|
||||
@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
|
||||
const char* const test_strings[] = {
|
||||
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
|
||||
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü",
|
||||
+ ").",
|
||||
+ "\\.",
|
||||
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\",
|
||||
"gurke",
|
||||
"-",
|
||||
" #",
|
||||
diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c
|
||||
index b3d39f0..a094e6d 100644
|
||||
--- a/avahi-common/alternative.c
|
||||
+++ b/avahi-common/alternative.c
|
||||
@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) {
|
||||
}
|
||||
|
||||
char *avahi_alternative_host_name(const char *s) {
|
||||
+ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1];
|
||||
+ char *alt, *r, *ret;
|
||||
const char *e;
|
||||
- char *r;
|
||||
+ size_t len;
|
||||
|
||||
assert(s);
|
||||
|
||||
if (!avahi_is_valid_host_name(s))
|
||||
return NULL;
|
||||
|
||||
- if ((e = strrchr(s, '-'))) {
|
||||
+ if (!avahi_unescape_label(&s, label, sizeof(label)))
|
||||
+ return NULL;
|
||||
+
|
||||
+ if ((e = strrchr(label, '-'))) {
|
||||
const char *p;
|
||||
|
||||
e++;
|
||||
@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) {
|
||||
|
||||
if (e) {
|
||||
char *c, *m;
|
||||
- size_t l;
|
||||
int n;
|
||||
|
||||
n = atoi(e)+1;
|
||||
if (!(m = avahi_strdup_printf("%i", n)))
|
||||
return NULL;
|
||||
|
||||
- l = e-s-1;
|
||||
+ len = e-label-1;
|
||||
|
||||
- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1)
|
||||
- l = AVAHI_LABEL_MAX-1-strlen(m)-1;
|
||||
+ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1)
|
||||
+ len = AVAHI_LABEL_MAX-1-strlen(m)-1;
|
||||
|
||||
- if (!(c = avahi_strndup(s, l))) {
|
||||
+ if (!(c = avahi_strndup(label, len))) {
|
||||
avahi_free(m);
|
||||
return NULL;
|
||||
}
|
||||
@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) {
|
||||
} else {
|
||||
char *c;
|
||||
|
||||
- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2)))
|
||||
+ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2)))
|
||||
return NULL;
|
||||
|
||||
drop_incomplete_utf8(c);
|
||||
@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) {
|
||||
avahi_free(c);
|
||||
}
|
||||
|
||||
+ alt = alternative;
|
||||
+ len = sizeof(alternative);
|
||||
+ ret = avahi_escape_label(r, strlen(r), &alt, &len);
|
||||
+
|
||||
+ avahi_free(r);
|
||||
+ r = avahi_strdup(ret);
|
||||
+
|
||||
assert(avahi_is_valid_host_name(r));
|
||||
|
||||
return r;
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,52 @@
|
||||
From 160e8fb6ca1b33387f30f7a6aa9159015ffda9d0 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Sun, 22 Oct 2023 10:31:31 +0000
|
||||
Subject: [PATCH] core: copy resource records with zero-length rdata properly
|
||||
|
||||
It fixes the crash spotted
|
||||
https://github.com/lathiat/avahi/pull/490#issuecomment-1773019619.
|
||||
The fuzz target was updated to exercise those code paths (among other
|
||||
things). Without this commit it crashes with
|
||||
```
|
||||
fuzz-consume-record: malloc.c:250: void *avahi_memdup(const void *, size_t): Assertion `s' failed.
|
||||
==72869== ERROR: libFuzzer: deadly signal
|
||||
#0 0x5031b5 in __sanitizer_print_stack_trace (avahi/out/fuzz-consume-record+0x5031b5) (BuildId: 69840d811c9ba9f74eea21e34786a2005c5dcc06)
|
||||
#1 0x45cd6c in fuzzer::PrintStackTrace() (avahi/out/fuzz-consume-record+0x45cd6c) (BuildId: 69840d811c9ba9f74eea21e34786a2005c5dcc06)
|
||||
#2 0x441c47 in fuzzer::Fuzzer::CrashCallback() (out/fuzz-consume-record+0x441c47) (BuildId: 69840d811c9ba9f74eea21e34786a2005c5dcc06)
|
||||
#3 0x7f189e97ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: 3ebe8d97a0ed3e1f13476a02665c5a9442adcd78)
|
||||
#4 0x7f189e9cf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: 3ebe8d97a0ed3e1f13476a02665c5a9442adcd78)
|
||||
#5 0x7f189e97eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: 3ebe8d97a0ed3e1f13476a02665c5a9442adcd78)
|
||||
#6 0x7f189e96787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: 3ebe8d97a0ed3e1f13476a02665c5a9442adcd78)
|
||||
#7 0x7f189e96779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: 3ebe8d97a0ed3e1f13476a02665c5a9442adcd78)
|
||||
#8 0x7f189e977186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: 3ebe8d97a0ed3e1f13476a02665c5a9442adcd78)
|
||||
#9 0x557bfc in avahi_memdup avahi/avahi-common/malloc.c:250:5
|
||||
#10 0x54895c in avahi_record_copy avahi/avahi-core/rr.c:469:45
|
||||
```
|
||||
---
|
||||
avahi-core/rr.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/avahi-core/rr.c b/avahi-core/rr.c
|
||||
index 7fa0bee..2bb8924 100644
|
||||
--- a/avahi-core/rr.c
|
||||
+++ b/avahi-core/rr.c
|
||||
@@ -426,6 +426,7 @@ AvahiRecord *avahi_record_copy(AvahiRecord *r) {
|
||||
copy->ref = 1;
|
||||
copy->key = avahi_key_ref(r->key);
|
||||
copy->ttl = r->ttl;
|
||||
+ memset(©->data, 0, sizeof(copy->data));
|
||||
|
||||
switch (r->key->type) {
|
||||
case AVAHI_DNS_TYPE_PTR:
|
||||
@@ -466,7 +467,7 @@ AvahiRecord *avahi_record_copy(AvahiRecord *r) {
|
||||
break;
|
||||
|
||||
default:
|
||||
- if (!(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size)))
|
||||
+ if (r->data.generic.size && !(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size)))
|
||||
goto fail;
|
||||
copy->data.generic.size = r->data.generic.size;
|
||||
break;
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,71 @@
|
||||
From 894f085f402e023a98cbb6f5a3d117bd88d93b09 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 23 Oct 2023 13:38:35 +0200
|
||||
Subject: [PATCH] core: extract host name using avahi_unescape_label()
|
||||
|
||||
Previously we could create invalid escape sequence when we split the
|
||||
string on dot. For example, from valid host name "foo\\.bar" we have
|
||||
created invalid name "foo\\" and tried to set that as the host name
|
||||
which crashed the daemon.
|
||||
|
||||
Fixes #453
|
||||
|
||||
CVE-2023-38471
|
||||
---
|
||||
avahi-core/server.c | 27 +++++++++++++++++++++------
|
||||
1 file changed, 21 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/avahi-core/server.c b/avahi-core/server.c
|
||||
index c32637a..f6a21bb 100644
|
||||
--- a/avahi-core/server.c
|
||||
+++ b/avahi-core/server.c
|
||||
@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) {
|
||||
}
|
||||
|
||||
int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
|
||||
- char *hn = NULL;
|
||||
+ char label_escaped[AVAHI_LABEL_MAX*4+1];
|
||||
+ char label[AVAHI_LABEL_MAX];
|
||||
+ char *hn = NULL, *h;
|
||||
+ size_t len;
|
||||
+
|
||||
assert(s);
|
||||
|
||||
AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME);
|
||||
@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
|
||||
else
|
||||
hn = avahi_normalize_name_strdup(host_name);
|
||||
|
||||
- hn[strcspn(hn, ".")] = 0;
|
||||
+ h = hn;
|
||||
+ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
|
||||
+ avahi_free(h);
|
||||
+ return AVAHI_ERR_INVALID_HOST_NAME;
|
||||
+ }
|
||||
+
|
||||
+ avahi_free(h);
|
||||
+
|
||||
+ h = label_escaped;
|
||||
+ len = sizeof(label_escaped);
|
||||
+ if (!avahi_escape_label(label, strlen(label), &h, &len))
|
||||
+ return AVAHI_ERR_INVALID_HOST_NAME;
|
||||
|
||||
- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) {
|
||||
- avahi_free(hn);
|
||||
+ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
|
||||
return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
|
||||
- }
|
||||
|
||||
withdraw_host_rrs(s);
|
||||
|
||||
avahi_free(s->host_name);
|
||||
- s->host_name = hn;
|
||||
+ s->host_name = avahi_strdup(label_escaped);
|
||||
+ if (!s->host_name)
|
||||
+ return AVAHI_ERR_NO_MEMORY;
|
||||
|
||||
update_fqdn(s);
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,43 @@
|
||||
From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 19 Oct 2023 17:36:44 +0200
|
||||
Subject: [PATCH] core: make sure there is rdata to process before parsing it
|
||||
|
||||
Fixes #452
|
||||
|
||||
CVE-2023-38472
|
||||
---
|
||||
avahi-client/client-test.c | 3 +++
|
||||
avahi-daemon/dbus-entry-group.c | 2 +-
|
||||
2 files changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
|
||||
index b3366d8..ba97998 100644
|
||||
--- a/avahi-client/client-test.c
|
||||
+++ b/avahi-client/client-test.c
|
||||
@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
|
||||
printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
|
||||
printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
|
||||
|
||||
+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
|
||||
+ assert(error != AVAHI_OK);
|
||||
+
|
||||
avahi_entry_group_commit (group);
|
||||
|
||||
domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
|
||||
diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
|
||||
index 4e879a5..aa23d4b 100644
|
||||
--- a/avahi-daemon/dbus-entry-group.c
|
||||
+++ b/avahi-daemon/dbus-entry-group.c
|
||||
@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
|
||||
if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
|
||||
return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
|
||||
|
||||
- if (avahi_rdata_parse (r, rdata, size) < 0) {
|
||||
+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
|
||||
avahi_record_unref (r);
|
||||
return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,46 @@
|
||||
From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Mon, 23 Oct 2023 20:29:31 +0000
|
||||
Subject: [PATCH] core: reject overly long TXT resource records
|
||||
|
||||
Closes https://github.com/lathiat/avahi/issues/455
|
||||
|
||||
CVE-2023-38469
|
||||
---
|
||||
avahi-core/rr.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/avahi-core/rr.c b/avahi-core/rr.c
|
||||
index 2bb8924..9c04ebb 100644
|
||||
--- a/avahi-core/rr.c
|
||||
+++ b/avahi-core/rr.c
|
||||
@@ -32,6 +32,7 @@
|
||||
#include <avahi-common/malloc.h>
|
||||
#include <avahi-common/defs.h>
|
||||
|
||||
+#include "dns.h"
|
||||
#include "rr.h"
|
||||
#include "log.h"
|
||||
#include "util.h"
|
||||
@@ -689,11 +690,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
|
||||
case AVAHI_DNS_TYPE_TXT: {
|
||||
|
||||
AvahiStringList *strlst;
|
||||
+ size_t used = 0;
|
||||
|
||||
- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
|
||||
+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
|
||||
if (strlst->size > 255 || strlst->size <= 0)
|
||||
return 0;
|
||||
|
||||
+ used += 1+strlst->size;
|
||||
+ if (used > AVAHI_DNS_RDATA_MAX)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,50 @@
|
||||
From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Tue, 24 Oct 2023 22:04:51 +0000
|
||||
Subject: [PATCH] core: return errors from avahi_server_set_host_name properly
|
||||
|
||||
It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09
|
||||
---
|
||||
avahi-core/server.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/avahi-core/server.c b/avahi-core/server.c
|
||||
index f6a21bb..84df6b5 100644
|
||||
--- a/avahi-core/server.c
|
||||
+++ b/avahi-core/server.c
|
||||
@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
|
||||
else
|
||||
hn = avahi_normalize_name_strdup(host_name);
|
||||
|
||||
+ if (!hn)
|
||||
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
|
||||
+
|
||||
h = hn;
|
||||
if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
|
||||
avahi_free(h);
|
||||
- return AVAHI_ERR_INVALID_HOST_NAME;
|
||||
+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
|
||||
}
|
||||
|
||||
avahi_free(h);
|
||||
@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
|
||||
h = label_escaped;
|
||||
len = sizeof(label_escaped);
|
||||
if (!avahi_escape_label(label, strlen(label), &h, &len))
|
||||
- return AVAHI_ERR_INVALID_HOST_NAME;
|
||||
+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
|
||||
|
||||
if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
|
||||
return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
|
||||
@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
|
||||
avahi_free(s->host_name);
|
||||
s->host_name = avahi_strdup(label_escaped);
|
||||
if (!s->host_name)
|
||||
- return AVAHI_ERR_NO_MEMORY;
|
||||
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
|
||||
|
||||
update_fqdn(s);
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
@ -26,7 +26,7 @@
|
||||
|
||||
Name: avahi
|
||||
Version: 0.7
|
||||
Release: 21%{?dist}
|
||||
Release: 21%{?dist}.1
|
||||
Summary: Local network service discovery
|
||||
License: LGPLv2+
|
||||
URL: http://avahi.org
|
||||
@ -88,6 +88,14 @@ Patch0003: 0003-Remove-empty-avahi_discover-Python-module.patch
|
||||
Patch0004: 0004-avahi-client-fix-resource-leak.patch
|
||||
Patch0005: 0005-chroot-fix-bogus-assignments-in-assertions.patch
|
||||
Patch0006: 0001-Emit-error-if-requested-service-is-not-found.patch
|
||||
Patch0007: 0001-Ensure-each-label-is-at-least-one-byte-long.patch
|
||||
Patch0008: 0001-core-make-sure-there-is-rdata-to-process-before-pars.patch
|
||||
Patch0009: 0001-core-copy-resource-records-with-zero-length-rdata-pr.patch
|
||||
Patch0010: 0001-common-derive-alternative-host-name-from-its-unescap.patch
|
||||
Patch0011: 0001-core-extract-host-name-using-avahi_unescape_label.patch
|
||||
Patch0012: 0001-core-return-errors-from-avahi_server_set_host_name-p.patch
|
||||
Patch0013: 0001-core-reject-overly-long-TXT-resource-records.patch
|
||||
Patch0014: 0001-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-.patch
|
||||
|
||||
## downstream patches
|
||||
Patch100: avahi-0.6.30-mono-libdir.patch
|
||||
@ -656,6 +664,14 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Dec 06 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-21.1
|
||||
- Fix CVE-2021-3468 (RHEL-18311)
|
||||
- Fix CVE-2023-38469 (RHEL-17783)
|
||||
- Fix CVE-2023-38470 (RHEL-17795)
|
||||
- Fix CVE-2023-38471 (RHEL-17789)
|
||||
- Fix CVE-2023-38472 (RHEL-17807)
|
||||
- Fix CVE-2023-38473 (RHEL-17801)
|
||||
|
||||
* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-21
|
||||
- Fix CVE-2023-1981 (#2186688)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user