1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
new file mode 100644
index 0000000000..4d7924d13a
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,58 @@
+From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 17 Nov 2022 01:51:53 +0100
+Subject: [PATCH] Emit error if requested service is not found
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+Fixes #375
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
+CVE: CVE-2023-1981
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
+index 70d7687bc..406d0b441 100644
+--- a/avahi-daemon/dbus-protocol.c
+++ b/avahi-daemon/dbus-protocol.c
+@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
+     }
+ 
+     t = avahi_alternative_host_name(n);
+-    avahi_dbus_respond_string(c, m, t);
+-    avahi_free(t);
+    if (t) {
+        avahi_dbus_respond_string(c, m, t);
+        avahi_free(t);
+ 
+-    return DBUS_HANDLER_RESULT_HANDLED;
+        return DBUS_HANDLER_RESULT_HANDLED;
+    } else {
+        return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
+    }
+ }
+ 
+ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
+@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
+     }
+ 
+     t = avahi_alternative_service_name(n);
+-    avahi_dbus_respond_string(c, m, t);
+-    avahi_free(t);
+    if (t) {
+        avahi_dbus_respond_string(c, m, t);
+        avahi_free(t);
+ 
+-    return DBUS_HANDLER_RESULT_HANDLED;
+        return DBUS_HANDLER_RESULT_HANDLED;
+    } else {
+        return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
+    }
+ }
+ 
+ static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {

diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,58 @@
	1	From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
	3	Date: Thu, 17 Nov 2022 01:51:53 +0100
	4	Subject: [PATCH] Emit error if requested service is not found
	5
	6	It currently just crashes instead of replying with error. Check return
	7	value and emit error instead of passing NULL pointer to reply.
	8
	9	Fixes #375
	10
	11	Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security
	12	Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
	13	CVE: CVE-2023-1981
	14	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	15	---
	16	avahi-daemon/dbus-protocol.c \| 20 ++++++++++++++------
	17	1 file changed, 14 insertions(+), 6 deletions(-)
	18
	19	diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
	20	index 70d7687bc..406d0b441 100644
	21	--- a/avahi-daemon/dbus-protocol.c
	22	+++ b/avahi-daemon/dbus-protocol.c
	23	@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
	24	}
	25
	26	t = avahi_alternative_host_name(n);
	27	- avahi_dbus_respond_string(c, m, t);
	28	- avahi_free(t);
	29	+ if (t) {
	30	+ avahi_dbus_respond_string(c, m, t);
	31	+ avahi_free(t);
	32
	33	- return DBUS_HANDLER_RESULT_HANDLED;
	34	+ return DBUS_HANDLER_RESULT_HANDLED;
	35	+ } else {
	36	+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
	37	+ }
	38	}
	39
	40	static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection c, DBusMessage m, DBusError *error) {
	41	@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
	42	}
	43
	44	t = avahi_alternative_service_name(n);
	45	- avahi_dbus_respond_string(c, m, t);
	46	- avahi_free(t);
	47	+ if (t) {
	48	+ avahi_dbus_respond_string(c, m, t);
	49	+ avahi_free(t);
	50
	51	- return DBUS_HANDLER_RESULT_HANDLED;
	52	+ return DBUS_HANDLER_RESULT_HANDLED;
	53	+ } else {
	54	+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
	55	+ }
	56	}
	57
	58	static DBusHandlerResult dbus_create_new_entry_group(DBusConnection c, DBusMessage m, DBusError *error) {