diff options
| author | Vijay Anusuri <vanusuri@mvista.com> | 2023-11-22 13:29:23 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-12-01 04:14:19 -1000 |
| commit | 716693ccccb82ad398ff7470c360d047baeaec07 (patch) | |
| tree | 2206f3cebfe9d81f2d0f2ccf449f33a50c7d6901 /meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch | |
| parent | 8cabed090e84c5b4d0511bfced2ace49d9949e4c (diff) | |
| download | poky-716693ccccb82ad398ff7470c360d047baeaec07.tar.gz | |
avahi: backport Debian patches to fix multiple CVE's
import patches from ubuntu to fix
CVE-2023-1981
CVE-2023-38469
CVE-2023-38470
CVE-2023-38471
CVE-2023-38472
CVE-2023-38473
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
&
https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf
&
https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
&
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
&
https://github.com/lathiat/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24
&
https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09
&
https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460
&
https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40
&
https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797]
(From OE-Core rev: 4771e335cd4d95e734d7f07a718319f4543ce2f1)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch')
| -rw-r--r-- | meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..403ed6fd6a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
| 3 | Date: Tue, 19 Sep 2023 03:21:25 +0000 | ||
| 4 | Subject: [PATCH] [common] bail out when escaped labels can't fit into ret | ||
| 5 | |||
| 6 | Fixes: | ||
| 7 | ``` | ||
| 8 | ==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 | ||
| 9 | READ of size 1110 at 0x7f9e76f14c16 thread T0 | ||
| 10 | #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) | ||
| 11 | #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 | ||
| 12 | #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 | ||
| 13 | ``` | ||
| 14 | and | ||
| 15 | ``` | ||
| 16 | fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. | ||
| 17 | ==101571== ERROR: libFuzzer: deadly signal | ||
| 18 | #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
| 19 | #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
| 20 | #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
| 21 | #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 22 | #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 23 | #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 24 | #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 25 | #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 26 | #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 27 | #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 | ||
| 28 | ``` | ||
| 29 | |||
| 30 | It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c | ||
| 31 | |||
| 32 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/focal-security | ||
| 33 | Upstream commit https://github.com/lathiat/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24] | ||
| 34 | CVE: CVE-2023-38470 #Follow-up patch | ||
| 35 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 36 | --- | ||
| 37 | avahi-common/domain.c | 3 ++- | ||
| 38 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 39 | |||
| 40 | Index: avahi-0.7/avahi-common/domain.c | ||
| 41 | =================================================================== | ||
| 42 | --- avahi-0.7.orig/avahi-common/domain.c | ||
| 43 | +++ avahi-0.7/avahi-common/domain.c | ||
| 44 | @@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s | ||
| 45 | } else | ||
| 46 | empty = 0; | ||
| 47 | |||
| 48 | - avahi_escape_label(label, strlen(label), &r, &size); | ||
| 49 | + if (!(avahi_escape_label(label, strlen(label), &r, &size))) | ||
| 50 | + return NULL; | ||
| 51 | } | ||
| 52 | |||
| 53 | return ret_s; | ||