rpms/avahi
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2023-38470

Browse Source 
Resolves: RHEL-5640
This commit is contained in:
Michal Sekletar 2023-11-09 18:13:18 +01:00
parent 6687e87ad2
commit a30ba7f391
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
0001-Ensure-each-label-is-at-least-one-byte-long.patch Normal file
View File

@ -0,0 +1,55 @@
From 94cb6489114636940ac683515417990b55b5d66c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 11 Apr 2023 15:29:59 +0200
Subject: [PATCH] Ensure each label is at least one byte long
The only allowed exception is single dot, where it should return empty
string.
Fixes #454.
---
avahi-common/domain-test.c | 14 ++++++++++++++
avahi-common/domain.c | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
index cf763ec..3acc1c1 100644
--- a/avahi-common/domain-test.c
+++ b/avahi-common/domain-test.c
@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
avahi_free(s);
+ printf("%s\n", s = avahi_normalize_name_strdup("."));
+ avahi_free(s);
+
+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
+ "}.?.?.?.}.=.?.?.}");
+ assert(s == NULL);
+
printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
printf("%i\n", avahi_domain_equal("A", "a"));
diff --git a/avahi-common/domain.c b/avahi-common/domain.c
index 3b1ab68..e66d241 100644
--- a/avahi-common/domain.c
+++ b/avahi-common/domain.c
@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
}
if (!empty) {
- if (size < 1)
+ if (size < 2)
return NULL;
*(r++) = '.';
--
2.41.0

6
avahi.spec
View File

@ -26,7 +26,7 @@
Name: avahi
Version: 0.7
Release: 21%{?dist}
Release: 22%{?dist}
Summary: Local network service discovery
License: LGPLv2+
URL: http://avahi.org
@ -88,6 +88,7 @@ Patch0003: 0003-Remove-empty-avahi_discover-Python-module.patch
Patch0004: 0004-avahi-client-fix-resource-leak.patch
Patch0005: 0005-chroot-fix-bogus-assignments-in-assertions.patch
Patch0006: 0001-Emit-error-if-requested-service-is-not-found.patch
Patch0007: 0001-Ensure-each-label-is-at-least-one-byte-long.patch
## downstream patches
Patch100: avahi-0.6.30-mono-libdir.patch
@ -656,6 +657,9 @@ exit 0
%changelog
* Thu Nov 09 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-22
- Fix CVE-2023-38470 (RHEL-5640)
* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-21
- Fix CVE-2023-1981 (#2186688)