rpms
/
avahi
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2023-1981 

Resolves: #2186689
This commit is contained in:
Michal Sekletar 2023-08-23 19:11:00 +02:00
parent bb92ca0435
commit 5d0083e9a1
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
0001-Emit-error-if-requested-service-is-not-found.patch Normal file
View File

@ -0,0 +1,56 @@
From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 17 Nov 2022 01:51:53 +0100
Subject: [PATCH] Emit error if requested service is not found
It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.
Fixes #375
---
avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
index 70d7687..406d0b4 100644
--- a/avahi-daemon/dbus-protocol.c
+++ b/avahi-daemon/dbus-protocol.c
@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
}
t = avahi_alternative_host_name(n);
- avahi_dbus_respond_string(c, m, t);
- avahi_free(t);
+ if (t) {
+ avahi_dbus_respond_string(c, m, t);
+ avahi_free(t);
- return DBUS_HANDLER_RESULT_HANDLED;
+ return DBUS_HANDLER_RESULT_HANDLED;
+ } else {
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
+ }
}
static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
}
t = avahi_alternative_service_name(n);
- avahi_dbus_respond_string(c, m, t);
- avahi_free(t);
+ if (t) {
+ avahi_dbus_respond_string(c, m, t);
+ avahi_free(t);
- return DBUS_HANDLER_RESULT_HANDLED;
+ return DBUS_HANDLER_RESULT_HANDLED;
+ } else {
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
+ }
}
static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {
--
2.41.0

6
avahi.spec
View File

@ -48,7 +48,7 @@
Name: avahi
Version: 0.8
Release: 14%{?dist}
Release: 15%{?dist}
Summary: Local network service discovery
License: LGPLv2+
URL: http://avahi.org
@ -134,6 +134,7 @@ Patch10: 0010-fix-bytestring-decoding-for-proper-display.patch
Patch11: 0011-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch
Patch12: 0001-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-.patch
Patch13: 0001-Fix-NULL-pointer-crashes-from-175.patch
Patch14: 0001-Emit-error-if-requested-service-is-not-found.patch
## downstream patches
Patch100: avahi-0.6.30-mono-libdir.patch
@ -829,6 +830,9 @@ exit 0
%changelog
* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-15
- Fix CVE-2023-1981 (#2186689)
* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-14
- Fix CVE-2021-3502 (#1949949)