diff options
Diffstat (limited to 'meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch')
-rw-r--r-- | meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..59f6806c85 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | |||
@@ -0,0 +1,109 @@ | |||
1 | From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Wed, 11 Oct 2023 17:45:44 +0200 | ||
4 | Subject: [PATCH] common: derive alternative host name from its unescaped | ||
5 | version | ||
6 | |||
7 | Normalization of input makes sure we don't have to deal with special | ||
8 | cases like unescaped dot at the end of label. | ||
9 | |||
10 | Fixes #451 #487 | ||
11 | CVE-2023-38473 | ||
12 | |||
13 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38473.patch?h=ubuntu/focal-security | ||
14 | Upstream commit https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] | ||
15 | CVE: CVE-2023-38473 | ||
16 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
17 | --- | ||
18 | avahi-common/alternative-test.c | 3 +++ | ||
19 | avahi-common/alternative.c | 27 +++++++++++++++++++-------- | ||
20 | 2 files changed, 22 insertions(+), 8 deletions(-) | ||
21 | |||
22 | Index: avahi-0.7/avahi-common/alternative-test.c | ||
23 | =================================================================== | ||
24 | --- avahi-0.7.orig/avahi-common/alternative-test.c | ||
25 | +++ avahi-0.7/avahi-common/alternative-test.c | ||
26 | @@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAH | ||
27 | const char* const test_strings[] = { | ||
28 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | ||
29 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", | ||
30 | + ").", | ||
31 | + "\\.", | ||
32 | + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", | ||
33 | "gurke", | ||
34 | "-", | ||
35 | " #", | ||
36 | Index: avahi-0.7/avahi-common/alternative.c | ||
37 | =================================================================== | ||
38 | --- avahi-0.7.orig/avahi-common/alternative.c | ||
39 | +++ avahi-0.7/avahi-common/alternative.c | ||
40 | @@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c | ||
41 | } | ||
42 | |||
43 | char *avahi_alternative_host_name(const char *s) { | ||
44 | + char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; | ||
45 | + char *alt, *r, *ret; | ||
46 | const char *e; | ||
47 | - char *r; | ||
48 | + size_t len; | ||
49 | |||
50 | assert(s); | ||
51 | |||
52 | if (!avahi_is_valid_host_name(s)) | ||
53 | return NULL; | ||
54 | |||
55 | - if ((e = strrchr(s, '-'))) { | ||
56 | + if (!avahi_unescape_label(&s, label, sizeof(label))) | ||
57 | + return NULL; | ||
58 | + | ||
59 | + if ((e = strrchr(label, '-'))) { | ||
60 | const char *p; | ||
61 | |||
62 | e++; | ||
63 | @@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const | ||
64 | |||
65 | if (e) { | ||
66 | char *c, *m; | ||
67 | - size_t l; | ||
68 | int n; | ||
69 | |||
70 | n = atoi(e)+1; | ||
71 | if (!(m = avahi_strdup_printf("%i", n))) | ||
72 | return NULL; | ||
73 | |||
74 | - l = e-s-1; | ||
75 | + len = e-label-1; | ||
76 | |||
77 | - if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
78 | - l = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
79 | + if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
80 | + len = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
81 | |||
82 | - if (!(c = avahi_strndup(s, l))) { | ||
83 | + if (!(c = avahi_strndup(label, len))) { | ||
84 | avahi_free(m); | ||
85 | return NULL; | ||
86 | } | ||
87 | @@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const | ||
88 | } else { | ||
89 | char *c; | ||
90 | |||
91 | - if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) | ||
92 | + if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) | ||
93 | return NULL; | ||
94 | |||
95 | drop_incomplete_utf8(c); | ||
96 | @@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const | ||
97 | avahi_free(c); | ||
98 | } | ||
99 | |||
100 | + alt = alternative; | ||
101 | + len = sizeof(alternative); | ||
102 | + ret = avahi_escape_label(r, strlen(r), &alt, &len); | ||
103 | + | ||
104 | + avahi_free(r); | ||
105 | + r = avahi_strdup(ret); | ||
106 | + | ||
107 | assert(avahi_is_valid_host_name(r)); | ||
108 | |||
109 | return r; | ||