mirror of
https://git.yoctoproject.org/poky
synced 2026-04-17 00:32:13 +02:00
avahi: fix CVE-2023-38469
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. (From OE-Core rev: 8bd1980fd4175be3dd68987f8c5653409b76f544) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Meenali Gupta
committed by
Steve Sakoman
Steve Sakoman
parent
f2c0b5cef2
commit
973020ce12
@@ -28,6 +28,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
|
||||
file://local-ping.patch \
|
||||
file://CVE-2023-38471.patch \
|
||||
file://CVE-2023-38470.patch \
|
||||
file://CVE-2023-38469.patch \
|
||||
"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
|
||||
|
||||
47
meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
Normal file
47
meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
Normal file
@@ -0,0 +1,47 @@
|
||||
From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Mon, 23 Oct 2023 20:29:31 +0000
|
||||
Subject: [PATCH]core: reject overly long TXT resource records
|
||||
Closes https://github.com/lathiat/avahi/issues/455
|
||||
|
||||
Upstream-Status: Backport [https://github.com/lathiat/avahi/pull/500/commits/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
|
||||
CVE: CVE-2023-38469
|
||||
|
||||
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
|
||||
---
|
||||
avahi-core/rr.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/avahi-core/rr.c b/avahi-core/rr.c
|
||||
index 7fa0bee..b03a24c 100644
|
||||
--- a/avahi-core/rr.c
|
||||
+++ b/avahi-core/rr.c
|
||||
@@ -32,6 +32,7 @@
|
||||
#include <avahi-common/malloc.h>
|
||||
#include <avahi-common/defs.h>
|
||||
|
||||
+#include "dns.h"
|
||||
#include "rr.h"
|
||||
#include "log.h"
|
||||
#include "util.h"
|
||||
@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
|
||||
case AVAHI_DNS_TYPE_TXT: {
|
||||
|
||||
AvahiStringList *strlst;
|
||||
+ size_t used = 0;
|
||||
|
||||
- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
|
||||
+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
|
||||
if (strlst->size > 255 || strlst->size <= 0)
|
||||
return 0;
|
||||
|
||||
+ used += 1+strlst->size;
|
||||
+ if (used > AVAHI_DNS_RDATA_MAX)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.40.0
|
||||
Reference in New Issue
Block a user