Michal Sekletar
parent
a92a735c98
commit
486b4f7426
|
|
@ -0,0 +1,40 @@
|
|||
From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
|
||||
From: Riccardo Schirone <sirmy15@gmail.com>
|
||||
Date: Fri, 26 Mar 2021 11:50:24 +0100
|
||||
Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
|
||||
client_work
|
||||
|
||||
If a client fills the input buffer, client_work() disables the
|
||||
AVAHI_WATCH_IN event, thus preventing the function from executing the
|
||||
`read` syscall the next times it is called. However, if the client then
|
||||
terminates the connection, the socket file descriptor receives a HUP
|
||||
event, which is not handled, thus the kernel keeps marking the HUP event
|
||||
as occurring. While iterating over the file descriptors that triggered
|
||||
an event, the client file descriptor will keep having the HUP event and
|
||||
the client_work() function is always called with AVAHI_WATCH_HUP but
|
||||
without nothing being done, thus entering an infinite loop.
|
||||
|
||||
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
|
||||
---
|
||||
avahi-daemon/simple-protocol.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
|
||||
index 3e0ebb1..6c0274d 100644
|
||||
--- a/avahi-daemon/simple-protocol.c
|
||||
+++ b/avahi-daemon/simple-protocol.c
|
||||
@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
|
||||
}
|
||||
}
|
||||
|
||||
+ if (events & AVAHI_WATCH_HUP) {
|
||||
+ client_free(c);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
c->server->poll_api->watch_update(
|
||||
watch,
|
||||
(c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
|
||||
--
|
||||
2.40.0
|
||||
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
|
||||
Name: avahi
|
||||
Version: 0.8
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
Summary: Local network service discovery
|
||||
License: LGPLv2+
|
||||
URL: http://avahi.org
|
||||
|
|
@ -132,6 +132,7 @@ Patch8: 0008-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
|
|||
Patch9: 0009-fix-requires-in-pc-file.patch
|
||||
Patch10: 0010-fix-bytestring-decoding-for-proper-display.patch
|
||||
Patch11: 0011-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch
|
||||
Patch12: 0001-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-.patch
|
||||
|
||||
## downstream patches
|
||||
Patch100: avahi-0.6.30-mono-libdir.patch
|
||||
|
|
@ -827,6 +828,9 @@ exit 0
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Aug 17 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-13
|
||||
- Fix CVE-2021-3468 (#1944092)
|
||||
|
||||
* Mon Feb 21 2022 Michal Sekletár <msekleta@redhat.com> - 0.8-12
|
||||
- make sure we get compiled with -fstack-protector-strong (#2044643)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue