1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
new file mode 100644
index 0000000000..1209864402
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,60 @@
+Backport of:
+From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 17 Nov 2022 01:51:53 +0100
+Subject: [PATCH] Emit error if requested service is not found
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+Fixes #375
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/focal-security
+Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
+CVE: CVE-2023-1981
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+--- a/avahi-daemon/dbus-protocol.c
+++ b/avahi-daemon/dbus-protocol.c
+@@ -391,10 +391,14 @@ static DBusHandlerResult msg_server_impl
+         }
+ 
+         t = avahi_alternative_host_name(n);
+-        avahi_dbus_respond_string(c, m, t);
+-        avahi_free(t);
+-
+-        return DBUS_HANDLER_RESULT_HANDLED;
+        if (t) {
+            avahi_dbus_respond_string(c, m, t);
+            avahi_free(t);
+
+            return DBUS_HANDLER_RESULT_HANDLED;
+        } else {
+            return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
+        }
+ 
+     } else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "GetAlternativeServiceName")) {
+         char *n, *t;
+@@ -405,10 +409,14 @@ static DBusHandlerResult msg_server_impl
+         }
+ 
+         t = avahi_alternative_service_name(n);
+-        avahi_dbus_respond_string(c, m, t);
+-        avahi_free(t);
+-
+-        return DBUS_HANDLER_RESULT_HANDLED;
+        if (t) {
+            avahi_dbus_respond_string(c, m, t);
+            avahi_free(t);
+
+            return DBUS_HANDLER_RESULT_HANDLED;
+        } else {
+            return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
+        }
+ 
+     } else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "EntryGroupNew")) {
+         Client *client;

diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..1209864402 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,60 @@
	1	Backport of:
	2
	3	From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
	4	From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
	5	Date: Thu, 17 Nov 2022 01:51:53 +0100
	6	Subject: [PATCH] Emit error if requested service is not found
	7
	8	It currently just crashes instead of replying with error. Check return
	9	value and emit error instead of passing NULL pointer to reply.
	10
	11	Fixes #375
	12
	13	Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/focal-security
	14	Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
	15	CVE: CVE-2023-1981
	16	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	17	---
	18	avahi-daemon/dbus-protocol.c \| 20 ++++++++++++++------
	19	1 file changed, 14 insertions(+), 6 deletions(-)
	20
	21	--- a/avahi-daemon/dbus-protocol.c
	22	+++ b/avahi-daemon/dbus-protocol.c
	23	@@ -391,10 +391,14 @@ static DBusHandlerResult msg_server_impl
	24	}
	25
	26	t = avahi_alternative_host_name(n);
	27	- avahi_dbus_respond_string(c, m, t);
	28	- avahi_free(t);
	29	-
	30	- return DBUS_HANDLER_RESULT_HANDLED;
	31	+ if (t) {
	32	+ avahi_dbus_respond_string(c, m, t);
	33	+ avahi_free(t);
	34	+
	35	+ return DBUS_HANDLER_RESULT_HANDLED;
	36	+ } else {
	37	+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
	38	+ }
	39
	40	} else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "GetAlternativeServiceName")) {
	41	char n, t;
	42	@@ -405,10 +409,14 @@ static DBusHandlerResult msg_server_impl
	43	}
	44
	45	t = avahi_alternative_service_name(n);
	46	- avahi_dbus_respond_string(c, m, t);
	47	- avahi_free(t);
	48	-
	49	- return DBUS_HANDLER_RESULT_HANDLED;
	50	+ if (t) {
	51	+ avahi_dbus_respond_string(c, m, t);
	52	+ avahi_free(t);
	53	+
	54	+ return DBUS_HANDLER_RESULT_HANDLED;
	55	+ } else {
	56	+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
	57	+ }
	58
	59	} else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "EntryGroupNew")) {
	60	Client *client;