avahi: backport CVE-2023-1981 & CVE's follow-up patches

import patches from ubuntu to fix CVE-2023-1981 CVE-2023-38469-2 CVE-2023-38470-2 CVE-2023-38471-2 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f & https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 & https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c & https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] Ref: https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/nanbield-nut&id=a9203c46cd64c3ec5e5b00e381bbac85733f85df (From OE-Core rev: 2b0d8a63a212897b33e85cc3694cd9a3d6e09ca8) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Vijay Anusuri <vanusuri@mvista.com> 2023-12-12 14:35:18 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-12-21 10:38:30 +0000
commit: 198d891baa5dbeaca0e02e1904208d0edd30d495 (patch)
tree: 89b34cad35b22df7e598ddf0d06aab36dbbee9ae /meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
parent: 3c26d5181a778c2d5ab6111578d41e4b9000c0b9 (diff)
download: poky-198d891baa5dbeaca0e02e1904208d0edd30d495.tar.gz
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
new file mode 100644
index 0000000000..a078f66102
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
@@ -0,0 +1,48 @@
+From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 23 Oct 2023 20:29:31 +0000
+Subject: [PATCH] avahi: core: reject overly long TXT resource records
+Closes https://github.com/lathiat/avahi/issues/455
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
+CVE: CVE-2023-38469
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ avahi-core/rr.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+diff --git a/avahi-core/rr.c b/avahi-core/rr.c
+index 7fa0bee..b03a24c 100644
+--- a/avahi-core/rr.c
+++ b/avahi-core/rr.c
+@@ -32,6 +32,7 @@
+ #include <avahi-common/malloc.h>
+ #include <avahi-common/defs.h>
+#include "dns.h"
+ #include "rr.h"
+ #include "log.h"
+ #include "util.h"
+@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
+         case AVAHI_DNS_TYPE_TXT: {
+             AvahiStringList *strlst;
+            size_t used = 0;
+-            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
+            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
+                 if (strlst->size > 255 || strlst->size <= 0)
+                     return 0;
+                used += 1+strlst->size;
+                if (used > AVAHI_DNS_RDATA_MAX)
+                    return 0;
+            }
+
+             return 1;
+         }
+     }
+--
+2.40.0
author	Vijay Anusuri <vanusuri@mvista.com>	2023-12-12 14:35:18 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-21 10:38:30 +0000
commit	198d891baa5dbeaca0e02e1904208d0edd30d495 (patch)
tree	89b34cad35b22df7e598ddf0d06aab36dbbee9ae /meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
parent	3c26d5181a778c2d5ab6111578d41e4b9000c0b9 (diff)
download	poky-198d891baa5dbeaca0e02e1904208d0edd30d495.tar.gz

diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..a078f66102 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
@@ -0,0 +1,48 @@
	1	From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001
	2	From: Evgeny Vereshchagin <evvers@ya.ru>
	3	Date: Mon, 23 Oct 2023 20:29:31 +0000
	4	Subject: [PATCH] avahi: core: reject overly long TXT resource records
	5
	6	Closes https://github.com/lathiat/avahi/issues/455
	7
	8	Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
	9	CVE: CVE-2023-38469
	10
	11	Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
	12	---
	13	avahi-core/rr.c \| 9 ++++++++-
	14	1 file changed, 8 insertions(+), 1 deletion(-)
	15
	16	diff --git a/avahi-core/rr.c b/avahi-core/rr.c
	17	index 7fa0bee..b03a24c 100644
	18	--- a/avahi-core/rr.c
	19	+++ b/avahi-core/rr.c
	20	@@ -32,6 +32,7 @@
	21	#include <avahi-common/malloc.h>
	22	#include <avahi-common/defs.h>
	23
	24	+#include "dns.h"
	25	#include "rr.h"
	26	#include "log.h"
	27	#include "util.h"
	28	@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
	29	case AVAHI_DNS_TYPE_TXT: {
	30
	31	AvahiStringList *strlst;
	32	+ size_t used = 0;
	33
	34	- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
	35	+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
	36	if (strlst->size > 255 \|\| strlst->size <= 0)
	37	return 0;
	38
	39	+ used += 1+strlst->size;
	40	+ if (used > AVAHI_DNS_RDATA_MAX)
	41	+ return 0;
	42	+ }
	43	+
	44	return 1;
	45	}
	46	}
	47	--
	48	2.40.0