rpms/avahi
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2023-38470

Browse Source 
Resolves: RHEL-5641
This commit is contained in:
Michal Sekletar 2023-11-08 16:50:21 +01:00
parent 7e8279ad9e
commit e42b031b0a
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
0001-Ensure-each-label-is-at-least-one-byte-long.patch Normal file
View File

@ -0,0 +1,55 @@
From 94cb6489114636940ac683515417990b55b5d66c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 11 Apr 2023 15:29:59 +0200
Subject: [PATCH] Ensure each label is at least one byte long
The only allowed exception is single dot, where it should return empty
string.
Fixes #454.
---
avahi-common/domain-test.c | 14 ++++++++++++++
avahi-common/domain.c | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
index cf763ec..3acc1c1 100644
--- a/avahi-common/domain-test.c
+++ b/avahi-common/domain-test.c
@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
avahi_free(s);
+ printf("%s\n", s = avahi_normalize_name_strdup("."));
+ avahi_free(s);
+
+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
+ "}.?.?.?.}.=.?.?.}");
+ assert(s == NULL);
+
printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
printf("%i\n", avahi_domain_equal("A", "a"));
diff --git a/avahi-common/domain.c b/avahi-common/domain.c
index 3b1ab68..e66d241 100644
--- a/avahi-common/domain.c
+++ b/avahi-common/domain.c
@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
}
if (!empty) {
- if (size < 1)
+ if (size < 2)
return NULL;
*(r++) = '.';
--
2.41.0

6
avahi.spec
View File

@ -48,7 +48,7 @@
Name: avahi
Version: 0.8
Release: 16%{?dist}
Release: 17%{?dist}
Summary: Local network service discovery
License: LGPLv2+
URL: http://avahi.org
@ -136,6 +136,7 @@ Patch12: 0001-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-.patch
Patch13: 0001-Fix-NULL-pointer-crashes-from-175.patch
Patch14: 0001-Emit-error-if-requested-service-is-not-found.patch
Patch15: 0001-common-derive-alternative-host-name-from-its-unescap.patch
Patch16: 0001-Ensure-each-label-is-at-least-one-byte-long.patch
## downstream patches
Patch100: avahi-0.6.30-mono-libdir.patch
@ -831,6 +832,9 @@ exit 0
%changelog
* Wed Nov 01 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-17
- Fix CVE-2023-38470 (RHEL-5641)
* Wed Nov 01 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-16
- Fix CVE-2023-38473 (RHEL-5729)