1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
Backport of:
From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 17 Nov 2022 01:51:53 +0100
Subject: [PATCH] Emit error if requested service is not found
It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.
Fixes #375
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/focal-security
Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
CVE: CVE-2023-1981
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
--- a/avahi-daemon/dbus-protocol.c
+++ b/avahi-daemon/dbus-protocol.c
@@ -391,10 +391,14 @@ static DBusHandlerResult msg_server_impl
}
t = avahi_alternative_host_name(n);
- avahi_dbus_respond_string(c, m, t);
- avahi_free(t);
-
- return DBUS_HANDLER_RESULT_HANDLED;
+ if (t) {
+ avahi_dbus_respond_string(c, m, t);
+ avahi_free(t);
+
+ return DBUS_HANDLER_RESULT_HANDLED;
+ } else {
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
+ }
} else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "GetAlternativeServiceName")) {
char *n, *t;
@@ -405,10 +409,14 @@ static DBusHandlerResult msg_server_impl
}
t = avahi_alternative_service_name(n);
- avahi_dbus_respond_string(c, m, t);
- avahi_free(t);
-
- return DBUS_HANDLER_RESULT_HANDLED;
+ if (t) {
+ avahi_dbus_respond_string(c, m, t);
+ avahi_free(t);
+
+ return DBUS_HANDLER_RESULT_HANDLED;
+ } else {
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
+ }
} else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "EntryGroupNew")) {
Client *client;
|
