diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2023-11-22 13:29:23 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-01 04:14:19 -1000 |
commit | 716693ccccb82ad398ff7470c360d047baeaec07 (patch) | |
tree | 2206f3cebfe9d81f2d0f2ccf449f33a50c7d6901 /meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | |
parent | 8cabed090e84c5b4d0511bfced2ace49d9949e4c (diff) | |
download | poky-716693ccccb82ad398ff7470c360d047baeaec07.tar.gz |
avahi: backport Debian patches to fix multiple CVE's
import patches from ubuntu to fix
CVE-2023-1981
CVE-2023-38469
CVE-2023-38470
CVE-2023-38471
CVE-2023-38472
CVE-2023-38473
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
&
https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf
&
https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
&
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
&
https://github.com/lathiat/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24
&
https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09
&
https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460
&
https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40
&
https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797]
(From OE-Core rev: 4771e335cd4d95e734d7f07a718319f4543ce2f1)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch')
-rw-r--r-- | meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..59f6806c85 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | |||
@@ -0,0 +1,109 @@ | |||
1 | From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Wed, 11 Oct 2023 17:45:44 +0200 | ||
4 | Subject: [PATCH] common: derive alternative host name from its unescaped | ||
5 | version | ||
6 | |||
7 | Normalization of input makes sure we don't have to deal with special | ||
8 | cases like unescaped dot at the end of label. | ||
9 | |||
10 | Fixes #451 #487 | ||
11 | CVE-2023-38473 | ||
12 | |||
13 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38473.patch?h=ubuntu/focal-security | ||
14 | Upstream commit https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] | ||
15 | CVE: CVE-2023-38473 | ||
16 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
17 | --- | ||
18 | avahi-common/alternative-test.c | 3 +++ | ||
19 | avahi-common/alternative.c | 27 +++++++++++++++++++-------- | ||
20 | 2 files changed, 22 insertions(+), 8 deletions(-) | ||
21 | |||
22 | Index: avahi-0.7/avahi-common/alternative-test.c | ||
23 | =================================================================== | ||
24 | --- avahi-0.7.orig/avahi-common/alternative-test.c | ||
25 | +++ avahi-0.7/avahi-common/alternative-test.c | ||
26 | @@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAH | ||
27 | const char* const test_strings[] = { | ||
28 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | ||
29 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", | ||
30 | + ").", | ||
31 | + "\\.", | ||
32 | + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", | ||
33 | "gurke", | ||
34 | "-", | ||
35 | " #", | ||
36 | Index: avahi-0.7/avahi-common/alternative.c | ||
37 | =================================================================== | ||
38 | --- avahi-0.7.orig/avahi-common/alternative.c | ||
39 | +++ avahi-0.7/avahi-common/alternative.c | ||
40 | @@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c | ||
41 | } | ||
42 | |||
43 | char *avahi_alternative_host_name(const char *s) { | ||
44 | + char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; | ||
45 | + char *alt, *r, *ret; | ||
46 | const char *e; | ||
47 | - char *r; | ||
48 | + size_t len; | ||
49 | |||
50 | assert(s); | ||
51 | |||
52 | if (!avahi_is_valid_host_name(s)) | ||
53 | return NULL; | ||
54 | |||
55 | - if ((e = strrchr(s, '-'))) { | ||
56 | + if (!avahi_unescape_label(&s, label, sizeof(label))) | ||
57 | + return NULL; | ||
58 | + | ||
59 | + if ((e = strrchr(label, '-'))) { | ||
60 | const char *p; | ||
61 | |||
62 | e++; | ||
63 | @@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const | ||
64 | |||
65 | if (e) { | ||
66 | char *c, *m; | ||
67 | - size_t l; | ||
68 | int n; | ||
69 | |||
70 | n = atoi(e)+1; | ||
71 | if (!(m = avahi_strdup_printf("%i", n))) | ||
72 | return NULL; | ||
73 | |||
74 | - l = e-s-1; | ||
75 | + len = e-label-1; | ||
76 | |||
77 | - if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
78 | - l = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
79 | + if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
80 | + len = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
81 | |||
82 | - if (!(c = avahi_strndup(s, l))) { | ||
83 | + if (!(c = avahi_strndup(label, len))) { | ||
84 | avahi_free(m); | ||
85 | return NULL; | ||
86 | } | ||
87 | @@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const | ||
88 | } else { | ||
89 | char *c; | ||
90 | |||
91 | - if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) | ||
92 | + if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) | ||
93 | return NULL; | ||
94 | |||
95 | drop_incomplete_utf8(c); | ||
96 | @@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const | ||
97 | avahi_free(c); | ||
98 | } | ||
99 | |||
100 | + alt = alternative; | ||
101 | + len = sizeof(alternative); | ||
102 | + ret = avahi_escape_label(r, strlen(r), &alt, &len); | ||
103 | + | ||
104 | + avahi_free(r); | ||
105 | + r = avahi_strdup(ret); | ||
106 | + | ||
107 | assert(avahi_is_valid_host_name(r)); | ||
108 | |||
109 | return r; | ||