rpms/avahi
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix checking for sender of rtnetlink messages

Browse Source 
So far we did check that incoming message comes has uid == 0. However this
doesn't work if avahi is running inside net_ns && user_ns. Instead we should
check that message comes from kernel, i.e. pid == 0.

Thanks Lubomir Rintel <lkundrak@v3.sk> for the patch.

Resolves: #1227052
This commit is contained in:
Michal Sekletar 2015-06-17 22:54:05 +02:00
parent 0ca6f3f5b1
commit 3b52db469b
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-netlink-check-that-the-origin-of-the-rtnetlink-messa.patch Normal file
View File

@ -0,0 +1,41 @@
From b8b2b4a03de019e14e439d30ab2d929aec5d6524 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 1 Jun 2015 21:13:40 +0200
Subject: [PATCH] netlink: check that the origin of the rtnetlink messages is
kernel
Instead of asserting it's from UID 0, which breaks in network namespaces.
---
avahi-autoipd/iface-linux.c | 2 +-
avahi-core/netlink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/avahi-autoipd/iface-linux.c b/avahi-autoipd/iface-linux.c
index 83e9e41..1888e37 100644
--- a/avahi-autoipd/iface-linux.c
+++ b/avahi-autoipd/iface-linux.c
@@ -215,7 +215,7 @@ static int process_response(int wait_for_done, unsigned seq) {
ucred = (struct ucred*) CMSG_DATA(cmsghdr);
- if (ucred->uid != 0)
+ if (ucred->pid != 0)
return -1;
bytes = (size_t) r;
diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c
index 4ded5ec..b8c0c06 100644
--- a/avahi-core/netlink.c
+++ b/avahi-core/netlink.c
@@ -82,7 +82,7 @@ int avahi_netlink_work(AvahiNetlink *nl, int block) {
cred = (struct ucred*) CMSG_DATA(cmsg);
- if (cred->uid != 0)
+ if (cred->pid != 0)
return -1;
p = (struct nlmsghdr *) nl->buffer;
--
2.4.3

7
avahi.spec
View File

@ -18,7 +18,7 @@
Name: avahi Name: avahi
Version: 0.6.31 Version: 0.6.31
Release: 34%{?dist} Release: 35%{?dist}
Summary: Local network service discovery Summary: Local network service discovery
License: LGPLv2+ License: LGPLv2+
URL: http://avahi.org URL: http://avahi.org
@ -74,6 +74,7 @@ Patch1: avahi-0.6.31-no-deprecations.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1105647 # https://bugzilla.redhat.com/show_bug.cgi?id=1105647
Patch2: 0001-Disable-publish-workstation-and-publish-hinfo-by-def.patch Patch2: 0001-Disable-publish-workstation-and-publish-hinfo-by-def.patch
Patch3: 0001-netlink-check-that-the-origin-of-the-rtnetlink-messa.patch
%description %description
Avahi is a system which facilitates service discovery on Avahi is a system which facilitates service discovery on
@ -325,6 +326,7 @@ fashion with mDNS.
%patch0 -p1 -b .mono-libdir %patch0 -p1 -b .mono-libdir
%patch1 -p1 -b .no_deprecations %patch1 -p1 -b .no_deprecations
%patch2 -p1 -b .disable-workstation-hinfo %patch2 -p1 -b .disable-workstation-hinfo
%patch3 -p1 -b .netlink-userns
rm docs/INSTALL rm docs/INSTALL
# patch1 requires autogen # patch1 requires autogen
@ -663,6 +665,9 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Jun 17 2015 Michal Sekletar <msekleta@redhat.com> - 0.6.31-35
- check that rtnetlink messages has pid == 0, i.e. they sender is kernel (#1227052)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.31-34 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.31-34
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild