rpms/avahi
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2023-38469

Browse Source 
Resolves: RHEL-5635
This commit is contained in:
Michal Sekletar 2023-11-09 19:32:50 +01:00
parent c4f5f8b357
commit 5ce6485fac
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0001-core-reject-overly-long-TXT-resource-records.patch Normal file
View File

@ -0,0 +1,46 @@
From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 23 Oct 2023 20:29:31 +0000
Subject: [PATCH] core: reject overly long TXT resource records
Closes https://github.com/lathiat/avahi/issues/455
CVE-2023-38469
---
avahi-core/rr.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/avahi-core/rr.c b/avahi-core/rr.c
index 2bb8924..9c04ebb 100644
--- a/avahi-core/rr.c
+++ b/avahi-core/rr.c
@@ -32,6 +32,7 @@
#include <avahi-common/malloc.h>
#include <avahi-common/defs.h>
+#include "dns.h"
#include "rr.h"
#include "log.h"
#include "util.h"
@@ -689,11 +690,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
case AVAHI_DNS_TYPE_TXT: {
AvahiStringList *strlst;
+ size_t used = 0;
- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
if (strlst->size > 255 || strlst->size <= 0)
return 0;
+ used += 1+strlst->size;
+ if (used > AVAHI_DNS_RDATA_MAX)
+ return 0;
+ }
+
return 1;
}
}
--
2.41.0

6
avahi.spec
View File

@ -26,7 +26,7 @@
Name: avahi Name: avahi
Version: 0.7 Version: 0.7
Release: 25%{?dist} Release: 26%{?dist}
Summary: Local network service discovery Summary: Local network service discovery
License: LGPLv2+ License: LGPLv2+
URL: http://avahi.org URL: http://avahi.org
@ -94,6 +94,7 @@ Patch0009: 0001-core-copy-resource-records-with-zero-length-rdata-pr.patch
Patch0010: 0001-common-derive-alternative-host-name-from-its-unescap.patch Patch0010: 0001-common-derive-alternative-host-name-from-its-unescap.patch
Patch0011: 0001-core-extract-host-name-using-avahi_unescape_label.patch Patch0011: 0001-core-extract-host-name-using-avahi_unescape_label.patch
Patch0012: 0001-core-return-errors-from-avahi_server_set_host_name-p.patch Patch0012: 0001-core-return-errors-from-avahi_server_set_host_name-p.patch
Patch0013: 0001-core-reject-overly-long-TXT-resource-records.patch
## downstream patches ## downstream patches
Patch100: avahi-0.6.30-mono-libdir.patch Patch100: avahi-0.6.30-mono-libdir.patch
@ -662,6 +663,9 @@ exit 0
%changelog %changelog
* Thu Nov 09 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-26
- Fix CVE-2023-38469 (RHEL-5635)
* Thu Nov 09 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-25 * Thu Nov 09 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-25
- Fix CVE-2023-38471 (RHEL-5639) - Fix CVE-2023-38471 (RHEL-5639)