avahi: fix CVE-2021-36217, crash on pinging '.local'

(From OE-Core rev: 638beadad098e9ee4e743be8f59f5a7f11373aff) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross@burtonini.com> 2021-07-19 11:02:32 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-07-20 08:51:06 +0100
commit: 3714bfb060ea57de4c57d510a4b6841b694066bd (patch)
tree: e9a2ed9874c72e86fefd9e4488004ad249e6705e /meta/recipes-connectivity/avahi
parent: 74cf2d75702611ba6fbb2728b6db3a67064397b5 (diff)
download: poky-3714bfb060ea57de4c57d510a4b6841b694066bd.tar.gz
2 files changed, 153 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 4302310888..79ce669a3e 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
           file://initscript.patch \
           file://0001-Fix-opening-etc-resolv.conf-error.patch \
           file://handle-hup.patch \
+           file://local-ping.patch \
           "
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
new file mode 100644
index 0000000000..94116ad1f3
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -0,0 +1,152 @@
+CVE: CVE-2021-36217
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tommi.t.rantala@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: [PATCH] Fix NULL pointer crashes from #175
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+---
+ avahi-core/browse-dns-server.c   | 5 ++++-
+ avahi-core/browse-domain.c       | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c      | 3 +++
+ avahi-core/browse.c              | 3 +++
+ avahi-core/resolve-address.c     | 5 ++++-
+ avahi-core/resolve-host-name.c   | 5 ++++-
+ avahi-core/resolve-service.c     | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e9..c2d914fa 100644
+--- a/avahi-core/browse-dns-server.c
+++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+         AvahiSDNSServerBrowser* b;
+ 
+         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_dns_server_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56a..06fa70c0 100644
+--- a/avahi-core/browse-domain.c
+++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+         AvahiSDomainBrowser *b;
+ 
+         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_domain_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index fdd22dcd..b1fc7af8 100644
+--- a/avahi-core/browse-service-type.c
+++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+         AvahiSServiceTypeBrowser *b;
+ 
+         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_service_type_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360c..63e0275a 100644
+--- a/avahi-core/browse-service.c
+++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+         AvahiSServiceBrowser *b;
+ 
+         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_service_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e579..e8a915e9 100644
+--- a/avahi-core/browse.c
+++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+         AvahiSRecordBrowser *b;
+ 
+         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_record_browser_start_query(b);
+ 
+         return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b1..e61dd242 100644
+--- a/avahi-core/resolve-address.c
+++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+         AvahiSAddressResolver *b;
+ 
+         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_address_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e72..4e8e5973 100644
+--- a/avahi-core/resolve-host-name.c
+++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+         AvahiSHostNameResolver *b;
+ 
+         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_host_name_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3cae..43771763 100644
+--- a/avahi-core/resolve-service.c
+++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+         AvahiSServiceResolver *b;
+ 
+         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_service_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
author	Ross Burton <ross@burtonini.com>	2021-07-19 11:02:32 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-07-20 08:51:06 +0100
commit	3714bfb060ea57de4c57d510a4b6841b694066bd (patch)
tree	e9a2ed9874c72e86fefd9e4488004ad249e6705e /meta/recipes-connectivity/avahi
parent	74cf2d75702611ba6fbb2728b6db3a67064397b5 (diff)
download	poky-3714bfb060ea57de4c57d510a4b6841b694066bd.tar.gz

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 4302310888..79ce669a3e 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
25	file://initscript.patch \	25	file://initscript.patch \
26	file://0001-Fix-opening-etc-resolv.conf-error.patch \	26	file://0001-Fix-opening-etc-resolv.conf-error.patch \
27	file://handle-hup.patch \	27	file://handle-hup.patch \
		28	file://local-ping.patch \
28	"	29	"
29		30
30	UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"	31	UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"


diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..94116ad1f3 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -0,0 +1,152 @@
		1	CVE: CVE-2021-36217
		2	Upstream-Status: Backport
		3	Signed-off-by: Ross Burton <ross.burton@arm.com>
		4
		5	From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
		6	From: Tommi Rantala <tommi.t.rantala@nokia.com>
		7	Date: Mon, 8 Feb 2021 11:04:43 +0200
		8	Subject: [PATCH] Fix NULL pointer crashes from #175
		9
		10	avahi-daemon is crashing when running "ping .local".
		11	The crash is due to failing assertion from NULL pointer.
		12	Add missing NULL pointer checks to fix it.
		13
		14	Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
		15	---
		16	avahi-core/browse-dns-server.c \| 5 ++++-
		17	avahi-core/browse-domain.c \| 5 ++++-
		18	avahi-core/browse-service-type.c \| 3 +++
		19	avahi-core/browse-service.c \| 3 +++
		20	avahi-core/browse.c \| 3 +++
		21	avahi-core/resolve-address.c \| 5 ++++-
		22	avahi-core/resolve-host-name.c \| 5 ++++-
		23	avahi-core/resolve-service.c \| 5 ++++-
		24	8 files changed, 29 insertions(+), 5 deletions(-)
		25
		26	diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
		27	index 049752e9..c2d914fa 100644
		28	--- a/avahi-core/browse-dns-server.c
		29	+++ b/avahi-core/browse-dns-server.c
		30	@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
		31	AvahiSDNSServerBrowser* b;
		32
		33	b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
		34	+ if (!b)
		35	+ return NULL;
		36	+
		37	avahi_s_dns_server_browser_start(b);
		38
		39	return b;
		40	-}
		41	\ No newline at end of file
		42	+}
		43	diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
		44	index f145d56a..06fa70c0 100644
		45	--- a/avahi-core/browse-domain.c
		46	+++ b/avahi-core/browse-domain.c
		47	@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
		48	AvahiSDomainBrowser *b;
		49
		50	b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
		51	+ if (!b)
		52	+ return NULL;
		53	+
		54	avahi_s_domain_browser_start(b);
		55
		56	return b;
		57	-}
		58	\ No newline at end of file
		59	+}
		60	diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
		61	index fdd22dcd..b1fc7af8 100644
		62	--- a/avahi-core/browse-service-type.c
		63	+++ b/avahi-core/browse-service-type.c
		64	@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
		65	AvahiSServiceTypeBrowser *b;
		66
		67	b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
		68	+ if (!b)
		69	+ return NULL;
		70	+
		71	avahi_s_service_type_browser_start(b);
		72
		73	return b;
		74	diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
		75	index 5531360c..63e0275a 100644
		76	--- a/avahi-core/browse-service.c
		77	+++ b/avahi-core/browse-service.c
		78	@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
		79	AvahiSServiceBrowser *b;
		80
		81	b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
		82	+ if (!b)
		83	+ return NULL;
		84	+
		85	avahi_s_service_browser_start(b);
		86
		87	return b;
		88	diff --git a/avahi-core/browse.c b/avahi-core/browse.c
		89	index 2941e579..e8a915e9 100644
		90	--- a/avahi-core/browse.c
		91	+++ b/avahi-core/browse.c
		92	@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
		93	AvahiSRecordBrowser *b;
		94
		95	b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
		96	+ if (!b)
		97	+ return NULL;
		98	+
		99	avahi_s_record_browser_start_query(b);
		100
		101	return b;
		102	diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
		103	index ac0b29b1..e61dd242 100644
		104	--- a/avahi-core/resolve-address.c
		105	+++ b/avahi-core/resolve-address.c
		106	@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
		107	AvahiSAddressResolver *b;
		108
		109	b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
		110	+ if (!b)
		111	+ return NULL;
		112	+
		113	avahi_s_address_resolver_start(b);
		114
		115	return b;
		116	-}
		117	\ No newline at end of file
		118	+}
		119	diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
		120	index 808b0e72..4e8e5973 100644
		121	--- a/avahi-core/resolve-host-name.c
		122	+++ b/avahi-core/resolve-host-name.c
		123	@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
		124	AvahiSHostNameResolver *b;
		125
		126	b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
		127	+ if (!b)
		128	+ return NULL;
		129	+
		130	avahi_s_host_name_resolver_start(b);
		131
		132	return b;
		133	-}
		134	\ No newline at end of file
		135	+}
		136	diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
		137	index 66bf3cae..43771763 100644
		138	--- a/avahi-core/resolve-service.c
		139	+++ b/avahi-core/resolve-service.c
		140	@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
		141	AvahiSServiceResolver *b;
		142
		143	b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
		144	+ if (!b)
		145	+ return NULL;
		146	+
		147	avahi_s_service_resolver_start(b);
		148
		149	return b;
		150	-}
		151	\ No newline at end of file
		152	+}