From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 24 Oct 2023 22:04:51 +0000 Subject: [PATCH] core: return errors from avahi_server_set_host_name properly It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] CVE: CVE-2023-38471 #Follow-up Patch Signed-off-by: Vijay Anusuri --- avahi-core/server.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) Index: avahi-0.8/avahi-core/server.c =================================================================== --- avahi-0.8.orig/avahi-core/server.c +++ avahi-0.8/avahi-core/server.c @@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ else hn = avahi_normalize_name_strdup(host_name); + if (!hn) + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); + h = hn; if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { avahi_free(h); - return AVAHI_ERR_INVALID_HOST_NAME; + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); } avahi_free(h); @@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ h = label_escaped; len = sizeof(label_escaped); if (!avahi_escape_label(label, strlen(label), &h, &len)) - return AVAHI_ERR_INVALID_HOST_NAME; + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); @@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ avahi_free(s->host_name); s->host_name = avahi_strdup(label_escaped); if (!s->host_name) - return AVAHI_ERR_NO_MEMORY; + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); update_fqdn(s);