[1/5] avahi: fix CVE-2023-38469

Message ID	20231116111712.399905-1-meenali.gupta@windriver.com
State	Accepted, archived
Commit	885d64f067b9ddaf890d9bdef7b76898ff90b04e
Headers	show Return-Path: <meenali.gupta@windriver.com> ip: 205.220.166.238, mailfrom: prvs=9684df30ff=meenali.gupta@windriver.com) From: mgupta1 <meenali.gupta@windriver.com> To: <openembedded-core@lists.openembedded.org> Subject: [oe-core][PATCH 1/5] avahi: fix CVE-2023-38469 Date: Thu, 16 Nov 2023 11:17:12 +0000 Message-ID: <20231116111712.399905-1-meenali.gupta@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[1/5] avahi: fix CVE-2023-38469 \| expand [1/5] avahi: fix CVE-2023-38469 [2/5] avahi: fix CVE-2023-38470 [3/5] avahi: fix CVE-2023-38471 [4/5] avahi fix CVE-2023-38472 [5/5] avahi: fix CVE-2023-38473

Message ID

20231116111712.399905-1-meenali.gupta@windriver.com

State

Accepted, archived

Commit

885d64f067b9ddaf890d9bdef7b76898ff90b04e

Headers

From: mgupta1 <meenali.gupta@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [oe-core][PATCH 1/5] avahi: fix CVE-2023-38469
Date: Thu, 16 Nov 2023 11:17:12 +0000
Message-ID: <20231116111712.399905-1-meenali.gupta@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[1/5] avahi: fix CVE-2023-38469 | expand

Commit Message

mgupta1 Nov. 16, 2023, 11:17 a.m. UTC

From: Meenali Gupta <meenali.gupta@windriver.com>

A vulnerability was found in Avahi, where a reachable assertion exists
in avahi_dns_packet_append_record.

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  1 +
 .../avahi/files/CVE-2023-38469.patch          | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 4c830cc058..90b33ba81b 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -26,6 +26,7 @@  SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
            file://handle-hup.patch \
            file://local-ping.patch \
            file://invalid-service.patch \
+           file://CVE-2023-38469.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
new file mode 100644
index 0000000000..a078f66102
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
@@ -0,0 +1,48 @@ 
+From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 23 Oct 2023 20:29:31 +0000
+Subject: [PATCH] avahi: core: reject overly long TXT resource records
+
+Closes https://github.com/lathiat/avahi/issues/455
+
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
+CVE: CVE-2023-38469
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ avahi-core/rr.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-core/rr.c b/avahi-core/rr.c
+index 7fa0bee..b03a24c 100644
+--- a/avahi-core/rr.c
++++ b/avahi-core/rr.c
+@@ -32,6 +32,7 @@
+ #include <avahi-common/malloc.h>
+ #include <avahi-common/defs.h>
+
++#include "dns.h"
+ #include "rr.h"
+ #include "log.h"
+ #include "util.h"
+@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
+         case AVAHI_DNS_TYPE_TXT: {
+
+             AvahiStringList *strlst;
++            size_t used = 0;
+
+-            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
++            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
+                 if (strlst->size > 255 || strlst->size <= 0)
+                     return 0;
+
++                used += 1+strlst->size;
++                if (used > AVAHI_DNS_RDATA_MAX)
++                    return 0;
++            }
++
+             return 1;
+         }
+     }
+--
+2.40.0

[1/5] avahi: fix CVE-2023-38469

Commit Message

Patch