diff options
Diffstat (limited to 'meta/recipes-connectivity/avahi/files')
12 files changed, 786 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
3 | Date: Thu, 17 Nov 2022 01:51:53 +0100 | ||
4 | Subject: [PATCH] Emit error if requested service is not found | ||
5 | |||
6 | It currently just crashes instead of replying with error. Check return | ||
7 | value and emit error instead of passing NULL pointer to reply. | ||
8 | |||
9 | Fixes #375 | ||
10 | |||
11 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security | ||
12 | Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] | ||
13 | CVE: CVE-2023-1981 | ||
14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
15 | --- | ||
16 | avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ | ||
17 | 1 file changed, 14 insertions(+), 6 deletions(-) | ||
18 | |||
19 | diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c | ||
20 | index 70d7687bc..406d0b441 100644 | ||
21 | --- a/avahi-daemon/dbus-protocol.c | ||
22 | +++ b/avahi-daemon/dbus-protocol.c | ||
23 | @@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM | ||
24 | } | ||
25 | |||
26 | t = avahi_alternative_host_name(n); | ||
27 | - avahi_dbus_respond_string(c, m, t); | ||
28 | - avahi_free(t); | ||
29 | + if (t) { | ||
30 | + avahi_dbus_respond_string(c, m, t); | ||
31 | + avahi_free(t); | ||
32 | |||
33 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
34 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
35 | + } else { | ||
36 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); | ||
37 | + } | ||
38 | } | ||
39 | |||
40 | static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
41 | @@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB | ||
42 | } | ||
43 | |||
44 | t = avahi_alternative_service_name(n); | ||
45 | - avahi_dbus_respond_string(c, m, t); | ||
46 | - avahi_free(t); | ||
47 | + if (t) { | ||
48 | + avahi_dbus_respond_string(c, m, t); | ||
49 | + avahi_free(t); | ||
50 | |||
51 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
52 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
53 | + } else { | ||
54 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); | ||
55 | + } | ||
56 | } | ||
57 | |||
58 | static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..a078f66102 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Mon, 23 Oct 2023 20:29:31 +0000 | ||
4 | Subject: [PATCH] avahi: core: reject overly long TXT resource records | ||
5 | |||
6 | Closes https://github.com/lathiat/avahi/issues/455 | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] | ||
9 | CVE: CVE-2023-38469 | ||
10 | |||
11 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
12 | --- | ||
13 | avahi-core/rr.c | 9 ++++++++- | ||
14 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/avahi-core/rr.c b/avahi-core/rr.c | ||
17 | index 7fa0bee..b03a24c 100644 | ||
18 | --- a/avahi-core/rr.c | ||
19 | +++ b/avahi-core/rr.c | ||
20 | @@ -32,6 +32,7 @@ | ||
21 | #include <avahi-common/malloc.h> | ||
22 | #include <avahi-common/defs.h> | ||
23 | |||
24 | +#include "dns.h" | ||
25 | #include "rr.h" | ||
26 | #include "log.h" | ||
27 | #include "util.h" | ||
28 | @@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { | ||
29 | case AVAHI_DNS_TYPE_TXT: { | ||
30 | |||
31 | AvahiStringList *strlst; | ||
32 | + size_t used = 0; | ||
33 | |||
34 | - for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) | ||
35 | + for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { | ||
36 | if (strlst->size > 255 || strlst->size <= 0) | ||
37 | return 0; | ||
38 | |||
39 | + used += 1+strlst->size; | ||
40 | + if (used > AVAHI_DNS_RDATA_MAX) | ||
41 | + return 0; | ||
42 | + } | ||
43 | + | ||
44 | return 1; | ||
45 | } | ||
46 | } | ||
47 | -- | ||
48 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Wed, 25 Oct 2023 18:15:42 +0000 | ||
4 | Subject: [PATCH] tests: pass overly long TXT resource records | ||
5 | |||
6 | to make sure they don't crash avahi any more. | ||
7 | It reproduces https://github.com/lathiat/avahi/issues/455 | ||
8 | |||
9 | Canonical notes: | ||
10 | nickgalanis> removed first hunk since there is no .github dir in this release | ||
11 | |||
12 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security | ||
13 | Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] | ||
14 | CVE: CVE-2023-38469 | ||
15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
16 | --- | ||
17 | avahi-client/client-test.c | 14 ++++++++++++++ | ||
18 | 1 files changed, 14 insertions(+) | ||
19 | |||
20 | Index: avahi-0.8/avahi-client/client-test.c | ||
21 | =================================================================== | ||
22 | --- avahi-0.8.orig/avahi-client/client-test.c | ||
23 | +++ avahi-0.8/avahi-client/client-test.c | ||
24 | @@ -22,6 +22,7 @@ | ||
25 | #endif | ||
26 | |||
27 | #include <stdio.h> | ||
28 | +#include <string.h> | ||
29 | #include <assert.h> | ||
30 | |||
31 | #include <avahi-client/client.h> | ||
32 | @@ -33,6 +34,8 @@ | ||
33 | #include <avahi-common/malloc.h> | ||
34 | #include <avahi-common/timeval.h> | ||
35 | |||
36 | +#include <avahi-core/dns.h> | ||
37 | + | ||
38 | static const AvahiPoll *poll_api = NULL; | ||
39 | static AvahiSimplePoll *simple_poll = NULL; | ||
40 | |||
41 | @@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
42 | uint32_t cookie; | ||
43 | struct timeval tv; | ||
44 | AvahiAddress a; | ||
45 | + uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; | ||
46 | + AvahiStringList *txt = NULL; | ||
47 | + int r; | ||
48 | |||
49 | simple_poll = avahi_simple_poll_new(); | ||
50 | poll_api = avahi_simple_poll_get(simple_poll); | ||
51 | @@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
52 | printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); | ||
53 | printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); | ||
54 | |||
55 | + memset(rdata, 1, sizeof(rdata)); | ||
56 | + r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); | ||
57 | + assert(r >= 0); | ||
58 | + assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); | ||
59 | + error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); | ||
60 | + assert(error == AVAHI_ERR_INVALID_RECORD); | ||
61 | + avahi_string_list_free(txt); | ||
62 | + | ||
63 | avahi_entry_group_commit (group); | ||
64 | |||
65 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch new file mode 100644 index 0000000000..91f9e677ac --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
3 | Date: Tue, 11 Apr 2023 15:29:59 +0200 | ||
4 | Subject: [PATCH] avahi: Ensure each label is at least one byte long | ||
5 | |||
6 | The only allowed exception is single dot, where it should return empty | ||
7 | string. | ||
8 | |||
9 | Fixes #454. | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] | ||
12 | CVE: CVE-2023-38470 | ||
13 | |||
14 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
15 | --- | ||
16 | avahi-common/domain-test.c | 14 ++++++++++++++ | ||
17 | avahi-common/domain.c | 2 +- | ||
18 | 2 files changed, 15 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c | ||
21 | index cf763ec..3acc1c1 100644 | ||
22 | --- a/avahi-common/domain-test.c | ||
23 | +++ b/avahi-common/domain-test.c | ||
24 | @@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { | ||
25 | printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); | ||
26 | avahi_free(s); | ||
27 | |||
28 | + printf("%s\n", s = avahi_normalize_name_strdup(".")); | ||
29 | + avahi_free(s); | ||
30 | + | ||
31 | + s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." | ||
32 | + "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" | ||
33 | + ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" | ||
34 | + "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." | ||
35 | + "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." | ||
36 | + "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" | ||
37 | + "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." | ||
38 | + "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." | ||
39 | + "}.?.?.?.}.=.?.?.}"); | ||
40 | + assert(s == NULL); | ||
41 | + | ||
42 | printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); | ||
43 | printf("%i\n", avahi_domain_equal("A", "a")); | ||
44 | |||
45 | diff --git a/avahi-common/domain.c b/avahi-common/domain.c | ||
46 | index 3b1ab68..e66d241 100644 | ||
47 | --- a/avahi-common/domain.c | ||
48 | +++ b/avahi-common/domain.c | ||
49 | @@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { | ||
50 | } | ||
51 | |||
52 | if (!empty) { | ||
53 | - if (size < 1) | ||
54 | + if (size < 2) | ||
55 | return NULL; | ||
56 | |||
57 | *(r++) = '.'; | ||
58 | -- | ||
59 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Tue, 19 Sep 2023 03:21:25 +0000 | ||
4 | Subject: [PATCH] [common] bail out when escaped labels can't fit into ret | ||
5 | |||
6 | Fixes: | ||
7 | ``` | ||
8 | ==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 | ||
9 | READ of size 1110 at 0x7f9e76f14c16 thread T0 | ||
10 | #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) | ||
11 | #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 | ||
12 | #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 | ||
13 | ``` | ||
14 | and | ||
15 | ``` | ||
16 | fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. | ||
17 | ==101571== ERROR: libFuzzer: deadly signal | ||
18 | #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
19 | #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
20 | #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
21 | #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
22 | #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
23 | #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
24 | #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
25 | #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
26 | #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
27 | #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 | ||
28 | ``` | ||
29 | |||
30 | It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c | ||
31 | |||
32 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security | ||
33 | CVE: CVE-2023-38470 #Follow-up patch | ||
34 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
35 | --- | ||
36 | avahi-common/domain.c | 3 ++- | ||
37 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
38 | |||
39 | Index: avahi-0.8/avahi-common/domain.c | ||
40 | =================================================================== | ||
41 | --- avahi-0.8.orig/avahi-common/domain.c | ||
42 | +++ avahi-0.8/avahi-common/domain.c | ||
43 | @@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s | ||
44 | } else | ||
45 | empty = 0; | ||
46 | |||
47 | - avahi_escape_label(label, strlen(label), &r, &size); | ||
48 | + if (!(avahi_escape_label(label, strlen(label), &r, &size))) | ||
49 | + return NULL; | ||
50 | } | ||
51 | |||
52 | return ret_s; | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch new file mode 100644 index 0000000000..b3f716495d --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Mon, 23 Oct 2023 13:38:35 +0200 | ||
4 | Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label() | ||
5 | |||
6 | Previously we could create invalid escape sequence when we split the | ||
7 | string on dot. For example, from valid host name "foo\\.bar" we have | ||
8 | created invalid name "foo\\" and tried to set that as the host name | ||
9 | which crashed the daemon. | ||
10 | |||
11 | Fixes #453 | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] | ||
14 | CVE: CVE-2023-38471 | ||
15 | |||
16 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
17 | --- | ||
18 | avahi-core/server.c | 27 +++++++++++++++++++++------ | ||
19 | 1 file changed, 21 insertions(+), 6 deletions(-) | ||
20 | |||
21 | diff --git a/avahi-core/server.c b/avahi-core/server.c | ||
22 | index e507750..40f1d68 100644 | ||
23 | --- a/avahi-core/server.c | ||
24 | +++ b/avahi-core/server.c | ||
25 | @@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { | ||
26 | } | ||
27 | |||
28 | int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { | ||
29 | - char *hn = NULL; | ||
30 | + char label_escaped[AVAHI_LABEL_MAX*4+1]; | ||
31 | + char label[AVAHI_LABEL_MAX]; | ||
32 | + char *hn = NULL, *h; | ||
33 | + size_t len; | ||
34 | + | ||
35 | assert(s); | ||
36 | |||
37 | AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); | ||
38 | @@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { | ||
39 | else | ||
40 | hn = avahi_normalize_name_strdup(host_name); | ||
41 | |||
42 | - hn[strcspn(hn, ".")] = 0; | ||
43 | + h = hn; | ||
44 | + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { | ||
45 | + avahi_free(h); | ||
46 | + return AVAHI_ERR_INVALID_HOST_NAME; | ||
47 | + } | ||
48 | + | ||
49 | + avahi_free(h); | ||
50 | + | ||
51 | + h = label_escaped; | ||
52 | + len = sizeof(label_escaped); | ||
53 | + if (!avahi_escape_label(label, strlen(label), &h, &len)) | ||
54 | + return AVAHI_ERR_INVALID_HOST_NAME; | ||
55 | |||
56 | - if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { | ||
57 | - avahi_free(hn); | ||
58 | + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) | ||
59 | return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); | ||
60 | - } | ||
61 | |||
62 | withdraw_host_rrs(s); | ||
63 | |||
64 | avahi_free(s->host_name); | ||
65 | - s->host_name = hn; | ||
66 | + s->host_name = avahi_strdup(label_escaped); | ||
67 | + if (!s->host_name) | ||
68 | + return AVAHI_ERR_NO_MEMORY; | ||
69 | |||
70 | update_fqdn(s); | ||
71 | |||
72 | -- | ||
73 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Tue, 24 Oct 2023 22:04:51 +0000 | ||
4 | Subject: [PATCH] core: return errors from avahi_server_set_host_name properly | ||
5 | |||
6 | It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 | ||
7 | |||
8 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security | ||
9 | Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] | ||
10 | CVE: CVE-2023-38471 #Follow-up Patch | ||
11 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
12 | --- | ||
13 | avahi-core/server.c | 9 ++++++--- | ||
14 | 1 file changed, 6 insertions(+), 3 deletions(-) | ||
15 | |||
16 | Index: avahi-0.8/avahi-core/server.c | ||
17 | =================================================================== | ||
18 | --- avahi-0.8.orig/avahi-core/server.c | ||
19 | +++ avahi-0.8/avahi-core/server.c | ||
20 | @@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ | ||
21 | else | ||
22 | hn = avahi_normalize_name_strdup(host_name); | ||
23 | |||
24 | + if (!hn) | ||
25 | + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); | ||
26 | + | ||
27 | h = hn; | ||
28 | if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { | ||
29 | avahi_free(h); | ||
30 | - return AVAHI_ERR_INVALID_HOST_NAME; | ||
31 | + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); | ||
32 | } | ||
33 | |||
34 | avahi_free(h); | ||
35 | @@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ | ||
36 | h = label_escaped; | ||
37 | len = sizeof(label_escaped); | ||
38 | if (!avahi_escape_label(label, strlen(label), &h, &len)) | ||
39 | - return AVAHI_ERR_INVALID_HOST_NAME; | ||
40 | + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); | ||
41 | |||
42 | if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) | ||
43 | return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); | ||
44 | @@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ | ||
45 | avahi_free(s->host_name); | ||
46 | s->host_name = avahi_strdup(label_escaped); | ||
47 | if (!s->host_name) | ||
48 | - return AVAHI_ERR_NO_MEMORY; | ||
49 | + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); | ||
50 | |||
51 | update_fqdn(s); | ||
52 | |||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch new file mode 100644 index 0000000000..85dbded73b --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Thu, 19 Oct 2023 17:36:44 +0200 | ||
4 | Subject: [PATCH] core: make sure there is rdata to process before parsing it | ||
5 | |||
6 | Fixes #452 | ||
7 | |||
8 | CVE-2023-38472 | ||
9 | |||
10 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security | ||
11 | Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] | ||
12 | CVE: CVE-2023-38472 | ||
13 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
15 | --- | ||
16 | avahi-client/client-test.c | 3 +++ | ||
17 | avahi-daemon/dbus-entry-group.c | 2 +- | ||
18 | 2 files changed, 4 insertions(+), 1 deletion(-) | ||
19 | |||
20 | Index: avahi-0.8/avahi-client/client-test.c | ||
21 | =================================================================== | ||
22 | --- avahi-0.8.orig/avahi-client/client-test.c | ||
23 | +++ avahi-0.8/avahi-client/client-test.c | ||
24 | @@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
25 | assert(error == AVAHI_ERR_INVALID_RECORD); | ||
26 | avahi_string_list_free(txt); | ||
27 | |||
28 | + error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); | ||
29 | + assert(error != AVAHI_OK); | ||
30 | + | ||
31 | avahi_entry_group_commit (group); | ||
32 | |||
33 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); | ||
34 | Index: avahi-0.8/avahi-daemon/dbus-entry-group.c | ||
35 | =================================================================== | ||
36 | --- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c | ||
37 | +++ avahi-0.8/avahi-daemon/dbus-entry-group.c | ||
38 | @@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g | ||
39 | if (!(r = avahi_record_new_full (name, clazz, type, ttl))) | ||
40 | return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); | ||
41 | |||
42 | - if (avahi_rdata_parse (r, rdata, size) < 0) { | ||
43 | + if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { | ||
44 | avahi_record_unref (r); | ||
45 | return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); | ||
46 | } | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..707acb60fe --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | |||
@@ -0,0 +1,110 @@ | |||
1 | From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Wed, 11 Oct 2023 17:45:44 +0200 | ||
4 | Subject: [PATCH] avahi: common: derive alternative host name from its | ||
5 | unescaped version | ||
6 | |||
7 | Normalization of input makes sure we don't have to deal with special | ||
8 | cases like unescaped dot at the end of label. | ||
9 | |||
10 | Fixes #451 #487 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] | ||
13 | CVE: CVE-2023-38473 | ||
14 | |||
15 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
16 | --- | ||
17 | avahi-common/alternative-test.c | 3 +++ | ||
18 | avahi-common/alternative.c | 27 +++++++++++++++++++-------- | ||
19 | 2 files changed, 22 insertions(+), 8 deletions(-) | ||
20 | |||
21 | diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c | ||
22 | index 9255435..681fc15 100644 | ||
23 | --- a/avahi-common/alternative-test.c | ||
24 | +++ b/avahi-common/alternative-test.c | ||
25 | @@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { | ||
26 | const char* const test_strings[] = { | ||
27 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | ||
28 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", | ||
29 | + ").", | ||
30 | + "\\.", | ||
31 | + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", | ||
32 | "gurke", | ||
33 | "-", | ||
34 | " #", | ||
35 | diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c | ||
36 | index b3d39f0..a094e6d 100644 | ||
37 | --- a/avahi-common/alternative.c | ||
38 | +++ b/avahi-common/alternative.c | ||
39 | @@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { | ||
40 | } | ||
41 | |||
42 | char *avahi_alternative_host_name(const char *s) { | ||
43 | + char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; | ||
44 | + char *alt, *r, *ret; | ||
45 | const char *e; | ||
46 | - char *r; | ||
47 | + size_t len; | ||
48 | |||
49 | assert(s); | ||
50 | |||
51 | if (!avahi_is_valid_host_name(s)) | ||
52 | return NULL; | ||
53 | |||
54 | - if ((e = strrchr(s, '-'))) { | ||
55 | + if (!avahi_unescape_label(&s, label, sizeof(label))) | ||
56 | + return NULL; | ||
57 | + | ||
58 | + if ((e = strrchr(label, '-'))) { | ||
59 | const char *p; | ||
60 | |||
61 | e++; | ||
62 | @@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { | ||
63 | |||
64 | if (e) { | ||
65 | char *c, *m; | ||
66 | - size_t l; | ||
67 | int n; | ||
68 | |||
69 | n = atoi(e)+1; | ||
70 | if (!(m = avahi_strdup_printf("%i", n))) | ||
71 | return NULL; | ||
72 | |||
73 | - l = e-s-1; | ||
74 | + len = e-label-1; | ||
75 | |||
76 | - if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
77 | - l = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
78 | + if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
79 | + len = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
80 | |||
81 | - if (!(c = avahi_strndup(s, l))) { | ||
82 | + if (!(c = avahi_strndup(label, len))) { | ||
83 | avahi_free(m); | ||
84 | return NULL; | ||
85 | } | ||
86 | @@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { | ||
87 | } else { | ||
88 | char *c; | ||
89 | |||
90 | - if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) | ||
91 | + if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) | ||
92 | return NULL; | ||
93 | |||
94 | drop_incomplete_utf8(c); | ||
95 | @@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { | ||
96 | avahi_free(c); | ||
97 | } | ||
98 | |||
99 | + alt = alternative; | ||
100 | + len = sizeof(alternative); | ||
101 | + ret = avahi_escape_label(r, strlen(r), &alt, &len); | ||
102 | + | ||
103 | + avahi_free(r); | ||
104 | + r = avahi_strdup(ret); | ||
105 | + | ||
106 | assert(avahi_is_valid_host_name(r)); | ||
107 | |||
108 | return r; | ||
109 | -- | ||
110 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | CVE: CVE-2021-3468 | ||
2 | Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] | ||
3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
4 | |||
5 | From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 | ||
6 | From: Riccardo Schirone <sirmy15@gmail.com> | ||
7 | Date: Fri, 26 Mar 2021 11:50:24 +0100 | ||
8 | Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in | ||
9 | client_work | ||
10 | |||
11 | If a client fills the input buffer, client_work() disables the | ||
12 | AVAHI_WATCH_IN event, thus preventing the function from executing the | ||
13 | `read` syscall the next times it is called. However, if the client then | ||
14 | terminates the connection, the socket file descriptor receives a HUP | ||
15 | event, which is not handled, thus the kernel keeps marking the HUP event | ||
16 | as occurring. While iterating over the file descriptors that triggered | ||
17 | an event, the client file descriptor will keep having the HUP event and | ||
18 | the client_work() function is always called with AVAHI_WATCH_HUP but | ||
19 | without nothing being done, thus entering an infinite loop. | ||
20 | |||
21 | See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 | ||
22 | --- | ||
23 | avahi-daemon/simple-protocol.c | 5 +++++ | ||
24 | 1 file changed, 5 insertions(+) | ||
25 | |||
26 | diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c | ||
27 | index 3e0ebb11..6c0274d6 100644 | ||
28 | --- a/avahi-daemon/simple-protocol.c | ||
29 | +++ b/avahi-daemon/simple-protocol.c | ||
30 | @@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv | ||
31 | } | ||
32 | } | ||
33 | |||
34 | + if (events & AVAHI_WATCH_HUP) { | ||
35 | + client_free(c); | ||
36 | + return; | ||
37 | + } | ||
38 | + | ||
39 | c->server->poll_api->watch_update( | ||
40 | watch, | ||
41 | (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | | ||
diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch new file mode 100644 index 0000000000..8f188aff2c --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/invalid-service.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001 | ||
2 | From: Asger Hautop Drewsen <asger@princh.com> | ||
3 | Date: Mon, 9 Aug 2021 14:25:08 +0200 | ||
4 | Subject: [PATCH] Fix avahi-browse: Invalid service type | ||
5 | |||
6 | Invalid service types will stop the browse from completing, or | ||
7 | in simple terms "my washing machine stops me from printing". | ||
8 | |||
9 | Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472] | ||
10 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
11 | --- | ||
12 | avahi-core/browse-service.c | 4 +++- | ||
13 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c | ||
16 | index 63e0275a..ac3d2ecb 100644 | ||
17 | --- a/avahi-core/browse-service.c | ||
18 | +++ b/avahi-core/browse-service.c | ||
19 | @@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare( | ||
20 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); | ||
21 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); | ||
22 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); | ||
23 | - AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE); | ||
24 | + | ||
25 | + if (!avahi_is_valid_service_type_generic(service_type)) | ||
26 | + service_type = "_invalid._tcp"; | ||
27 | |||
28 | if (!domain) | ||
29 | domain = server->domain_name; | ||
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..29c192d296 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch | |||
@@ -0,0 +1,153 @@ | |||
1 | CVE: CVE-2021-36217 | ||
2 | CVE: CVE-2021-3502 | ||
3 | Upstream-Status: Backport | ||
4 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
5 | |||
6 | From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 | ||
7 | From: Tommi Rantala <tommi.t.rantala@nokia.com> | ||
8 | Date: Mon, 8 Feb 2021 11:04:43 +0200 | ||
9 | Subject: [PATCH] Fix NULL pointer crashes from #175 | ||
10 | |||
11 | avahi-daemon is crashing when running "ping .local". | ||
12 | The crash is due to failing assertion from NULL pointer. | ||
13 | Add missing NULL pointer checks to fix it. | ||
14 | |||
15 | Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd | ||
16 | --- | ||
17 | avahi-core/browse-dns-server.c | 5 ++++- | ||
18 | avahi-core/browse-domain.c | 5 ++++- | ||
19 | avahi-core/browse-service-type.c | 3 +++ | ||
20 | avahi-core/browse-service.c | 3 +++ | ||
21 | avahi-core/browse.c | 3 +++ | ||
22 | avahi-core/resolve-address.c | 5 ++++- | ||
23 | avahi-core/resolve-host-name.c | 5 ++++- | ||
24 | avahi-core/resolve-service.c | 5 ++++- | ||
25 | 8 files changed, 29 insertions(+), 5 deletions(-) | ||
26 | |||
27 | diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c | ||
28 | index 049752e9..c2d914fa 100644 | ||
29 | --- a/avahi-core/browse-dns-server.c | ||
30 | +++ b/avahi-core/browse-dns-server.c | ||
31 | @@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( | ||
32 | AvahiSDNSServerBrowser* b; | ||
33 | |||
34 | b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); | ||
35 | + if (!b) | ||
36 | + return NULL; | ||
37 | + | ||
38 | avahi_s_dns_server_browser_start(b); | ||
39 | |||
40 | return b; | ||
41 | -} | ||
42 | \ No newline at end of file | ||
43 | +} | ||
44 | diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c | ||
45 | index f145d56a..06fa70c0 100644 | ||
46 | --- a/avahi-core/browse-domain.c | ||
47 | +++ b/avahi-core/browse-domain.c | ||
48 | @@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( | ||
49 | AvahiSDomainBrowser *b; | ||
50 | |||
51 | b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); | ||
52 | + if (!b) | ||
53 | + return NULL; | ||
54 | + | ||
55 | avahi_s_domain_browser_start(b); | ||
56 | |||
57 | return b; | ||
58 | -} | ||
59 | \ No newline at end of file | ||
60 | +} | ||
61 | diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c | ||
62 | index fdd22dcd..b1fc7af8 100644 | ||
63 | --- a/avahi-core/browse-service-type.c | ||
64 | +++ b/avahi-core/browse-service-type.c | ||
65 | @@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( | ||
66 | AvahiSServiceTypeBrowser *b; | ||
67 | |||
68 | b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); | ||
69 | + if (!b) | ||
70 | + return NULL; | ||
71 | + | ||
72 | avahi_s_service_type_browser_start(b); | ||
73 | |||
74 | return b; | ||
75 | diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c | ||
76 | index 5531360c..63e0275a 100644 | ||
77 | --- a/avahi-core/browse-service.c | ||
78 | +++ b/avahi-core/browse-service.c | ||
79 | @@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( | ||
80 | AvahiSServiceBrowser *b; | ||
81 | |||
82 | b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); | ||
83 | + if (!b) | ||
84 | + return NULL; | ||
85 | + | ||
86 | avahi_s_service_browser_start(b); | ||
87 | |||
88 | return b; | ||
89 | diff --git a/avahi-core/browse.c b/avahi-core/browse.c | ||
90 | index 2941e579..e8a915e9 100644 | ||
91 | --- a/avahi-core/browse.c | ||
92 | +++ b/avahi-core/browse.c | ||
93 | @@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( | ||
94 | AvahiSRecordBrowser *b; | ||
95 | |||
96 | b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); | ||
97 | + if (!b) | ||
98 | + return NULL; | ||
99 | + | ||
100 | avahi_s_record_browser_start_query(b); | ||
101 | |||
102 | return b; | ||
103 | diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c | ||
104 | index ac0b29b1..e61dd242 100644 | ||
105 | --- a/avahi-core/resolve-address.c | ||
106 | +++ b/avahi-core/resolve-address.c | ||
107 | @@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( | ||
108 | AvahiSAddressResolver *b; | ||
109 | |||
110 | b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); | ||
111 | + if (!b) | ||
112 | + return NULL; | ||
113 | + | ||
114 | avahi_s_address_resolver_start(b); | ||
115 | |||
116 | return b; | ||
117 | -} | ||
118 | \ No newline at end of file | ||
119 | +} | ||
120 | diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c | ||
121 | index 808b0e72..4e8e5973 100644 | ||
122 | --- a/avahi-core/resolve-host-name.c | ||
123 | +++ b/avahi-core/resolve-host-name.c | ||
124 | @@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( | ||
125 | AvahiSHostNameResolver *b; | ||
126 | |||
127 | b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); | ||
128 | + if (!b) | ||
129 | + return NULL; | ||
130 | + | ||
131 | avahi_s_host_name_resolver_start(b); | ||
132 | |||
133 | return b; | ||
134 | -} | ||
135 | \ No newline at end of file | ||
136 | +} | ||
137 | diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c | ||
138 | index 66bf3cae..43771763 100644 | ||
139 | --- a/avahi-core/resolve-service.c | ||
140 | +++ b/avahi-core/resolve-service.c | ||
141 | @@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( | ||
142 | AvahiSServiceResolver *b; | ||
143 | |||
144 | b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); | ||
145 | + if (!b) | ||
146 | + return NULL; | ||
147 | + | ||
148 | avahi_s_service_resolver_start(b); | ||
149 | |||
150 | return b; | ||
151 | -} | ||
152 | \ No newline at end of file | ||
153 | +} | ||