diff options
Diffstat (limited to 'meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch')
| -rw-r--r-- | meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..12dad9ef6f --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
| 3 | Date: Mon, 23 Oct 2023 20:29:31 +0000 | ||
| 4 | Subject: [PATCH] core: reject overly long TXT resource records | ||
| 5 | |||
| 6 | Closes https://github.com/lathiat/avahi/issues/455 | ||
| 7 | |||
| 8 | CVE-2023-38469 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-1.patch?h=ubuntu/focal-security | ||
| 11 | Upstream commit https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] | ||
| 12 | CVE: CVE-2023-38469 | ||
| 13 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 14 | --- | ||
| 15 | avahi-core/rr.c | 9 ++++++++- | ||
| 16 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
| 17 | |||
| 18 | Index: avahi-0.7/avahi-core/rr.c | ||
| 19 | =================================================================== | ||
| 20 | --- avahi-0.7.orig/avahi-core/rr.c | ||
| 21 | +++ avahi-0.7/avahi-core/rr.c | ||
| 22 | @@ -32,6 +32,7 @@ | ||
| 23 | #include <avahi-common/malloc.h> | ||
| 24 | #include <avahi-common/defs.h> | ||
| 25 | |||
| 26 | +#include "dns.h" | ||
| 27 | #include "rr.h" | ||
| 28 | #include "log.h" | ||
| 29 | #include "util.h" | ||
| 30 | @@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r | ||
| 31 | case AVAHI_DNS_TYPE_TXT: { | ||
| 32 | |||
| 33 | AvahiStringList *strlst; | ||
| 34 | + size_t used = 0; | ||
| 35 | |||
| 36 | - for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) | ||
| 37 | + for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { | ||
| 38 | if (strlst->size > 255 || strlst->size <= 0) | ||
| 39 | return 0; | ||
| 40 | |||
| 41 | + used += 1+strlst->size; | ||
| 42 | + if (used > AVAHI_DNS_RDATA_MAX) | ||
| 43 | + return 0; | ||
| 44 | + } | ||
| 45 | + | ||
| 46 | return 1; | ||
| 47 | } | ||
| 48 | } | ||