diff options
Diffstat (limited to 'meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch')
-rw-r--r-- | meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
3 | Date: Thu, 17 Nov 2022 01:51:53 +0100 | ||
4 | Subject: [PATCH] Emit error if requested service is not found | ||
5 | |||
6 | It currently just crashes instead of replying with error. Check return | ||
7 | value and emit error instead of passing NULL pointer to reply. | ||
8 | |||
9 | Fixes #375 | ||
10 | |||
11 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security | ||
12 | Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] | ||
13 | CVE: CVE-2023-1981 | ||
14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
15 | --- | ||
16 | avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ | ||
17 | 1 file changed, 14 insertions(+), 6 deletions(-) | ||
18 | |||
19 | diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c | ||
20 | index 70d7687bc..406d0b441 100644 | ||
21 | --- a/avahi-daemon/dbus-protocol.c | ||
22 | +++ b/avahi-daemon/dbus-protocol.c | ||
23 | @@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM | ||
24 | } | ||
25 | |||
26 | t = avahi_alternative_host_name(n); | ||
27 | - avahi_dbus_respond_string(c, m, t); | ||
28 | - avahi_free(t); | ||
29 | + if (t) { | ||
30 | + avahi_dbus_respond_string(c, m, t); | ||
31 | + avahi_free(t); | ||
32 | |||
33 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
34 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
35 | + } else { | ||
36 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); | ||
37 | + } | ||
38 | } | ||
39 | |||
40 | static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
41 | @@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB | ||
42 | } | ||
43 | |||
44 | t = avahi_alternative_service_name(n); | ||
45 | - avahi_dbus_respond_string(c, m, t); | ||
46 | - avahi_free(t); | ||
47 | + if (t) { | ||
48 | + avahi_dbus_respond_string(c, m, t); | ||
49 | + avahi_free(t); | ||
50 | |||
51 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
52 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
53 | + } else { | ||
54 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); | ||
55 | + } | ||
56 | } | ||
57 | |||
58 | static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||