1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 24 Oct 2023 22:04:51 +0000
Subject: [PATCH] core: return errors from avahi_server_set_host_name properly
It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security
Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]
CVE: CVE-2023-38471 #Follow-up Patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
avahi-core/server.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
Index: avahi-0.8/avahi-core/server.c
===================================================================
--- avahi-0.8.orig/avahi-core/server.c
+++ avahi-0.8/avahi-core/server.c
@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ
else
hn = avahi_normalize_name_strdup(host_name);
+ if (!hn)
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
+
h = hn;
if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
avahi_free(h);
- return AVAHI_ERR_INVALID_HOST_NAME;
+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
}
avahi_free(h);
@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ
h = label_escaped;
len = sizeof(label_escaped);
if (!avahi_escape_label(label, strlen(label), &h, &len))
- return AVAHI_ERR_INVALID_HOST_NAME;
+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ
avahi_free(s->host_name);
s->host_name = avahi_strdup(label_escaped);
if (!s->host_name)
- return AVAHI_ERR_NO_MEMORY;
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
update_fqdn(s);
|
