git.openpandora.org / openembedded.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f37d1a)
avahi: Fix for CVE-2011-1002
authorTom Rini <tom_rini@mentor.com>
Sun, 27 Feb 2011 23:45:36 +0000 (16:45 -0700)
committerTom Rini <tom_rini@mentor.com>
Mon, 28 Feb 2011 03:03:32 +0000 (20:03 -0700)
As in the patch comments, based on upstream but with a minor change.

Signed-off-by: Tom Rini <tom_rini@mentor.com>
recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch [new file with mode: 0644] patch | blob
recipes/avahi/avahi_0.6.25.bb patch | blob | history

diff --git a/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch
new file mode 100644 (file)
index 0000000..f45af44
--- /dev/null
+++ b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch
@@ -0,0 +1,37 @@
+Based on the official fix (46109dfec75534fe270c0ab902576f685d5ab3a6) but
+since we missed having 2b2844b10d7b7e5c97f9c667d664d9418bb7769a we are
+two hunks smaller.
+
+Index: avahi-0.6.25/avahi-core/socket.c
+===================================================================
+--- avahi-0.6.25.orig/avahi-core/socket.c
++++ avahi-0.6.25/avahi-core/socket.c
+@@ -684,10 +684,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip
+         goto fail;
+     }
+-    if (sa.sin_addr.s_addr == INADDR_ANY) {
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
++    if (sa.sin_addr.s_addr == INADDR_ANY)
+         /* Linux 2.4 behaves very strangely sometimes! */
+         goto fail;
+-    }
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+@@ -839,6 +843,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip
+         goto fail;
+     }
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
diff --git a/recipes/avahi/avahi_0.6.25.bb b/recipes/avahi/avahi_0.6.25.bb
index 4b598a0..a7a28ec 100644 (file)
--- a/recipes/avahi/avahi_0.6.25.bb
+++ b/recipes/avahi/avahi_0.6.25.bb
@@ -6,7 +6,8 @@ DEPENDS += "intltool-native"
 
 PACKAGES =+ "libavahi-gobject"
 
-SRC_URI += "file://disable-ipv6.patch"
+SRC_URI += "file://disable-ipv6.patch \
+            file://fix-CVE-2011-1002.patch"
 
 noipv6 = "${@base_contains('DISTRO_FEATURES', 'ipv6', '', '-DDISABLE_IPV6', d)}"
 EXTRA_OEMAKE_append = " 'CFLAGS=${CFLAGS} ${noipv6}'"
Clone of mainline OpenEmbedded repository