summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMeenali Gupta <meenali.gupta@windriver.com>2023-11-16 10:38:09 +0000
committerSteve Sakoman <steve@sakoman.com>2023-11-28 05:00:32 -1000
commitf2c0b5cef237065f66456226b2185f34e4c2389a (patch)
treeed4c4bd113aa34614ada490836cd8416781d4f82
parent1867c0de3577f4d45076b44365a3d3af57702385 (diff)
downloadpoky-f2c0b5cef237065f66456226b2185f34e4c2389a.tar.gz
avahi: fix CVE-2023-38470
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. (From OE-Core rev: bc211ae0e597d40f938f9a25bfc0fcbb228d90b6) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-connectivity/avahi/avahi_0.8.bb1
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch59
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index ac04b42614..a2ad9058d6 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
27 file://handle-hup.patch \ 27 file://handle-hup.patch \
28 file://local-ping.patch \ 28 file://local-ping.patch \
29 file://CVE-2023-38471.patch \ 29 file://CVE-2023-38471.patch \
30 file://CVE-2023-38470.patch \
30 " 31 "
31 32
32UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" 33UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
new file mode 100644
index 0000000000..5cf9af6fd6
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
@@ -0,0 +1,59 @@
1From 26806dbde54c5b40a2bf108d334ba59ec9d242d6 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3Date: Tue, 11 Apr 2023 15:29:59 +0200
4Subject: [PATCH]Ensure each label is at least one byte long
5
6The only allowed exception is single dot, where it should return empty
7string.
8
9Fixes #454.
10
11Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c]
12CVE: CVE-2023-38470
13
14Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
15---
16 avahi-common/domain-test.c | 14 ++++++++++++++
17 avahi-common/domain.c | 2 +-
18 2 files changed, 15 insertions(+), 1 deletion(-)
19
20diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
21index cf763ec..3acc1c1 100644
22--- a/avahi-common/domain-test.c
23+++ b/avahi-common/domain-test.c
24@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
25 printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
26 avahi_free(s);
27
28+ printf("%s\n", s = avahi_normalize_name_strdup("."));
29+ avahi_free(s);
30+
31+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
32+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
33+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
34+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
35+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
36+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
37+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
38+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
39+ "}.?.?.?.}.=.?.?.}");
40+ assert(s == NULL);
41+
42 printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
43 printf("%i\n", avahi_domain_equal("A", "a"));
44
45diff --git a/avahi-common/domain.c b/avahi-common/domain.c
46index 3b1ab68..e66d241 100644
47--- a/avahi-common/domain.c
48+++ b/avahi-common/domain.c
49@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
50 }
51
52 if (!empty) {
53- if (size < 1)
54+ if (size < 2)
55 return NULL;
56
57 *(r++) = '.';
58--
592.40.0