diff options
Diffstat (limited to 'recipes')
-rw-r--r-- | recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch | 37 | ||||
-rw-r--r-- | recipes/avahi/avahi_0.6.25.bb | 3 |
2 files changed, 39 insertions, 1 deletions
diff --git a/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch new file mode 100644 index 0000000000..f45af44eb8 --- /dev/null +++ b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch @@ -0,0 +1,37 @@ +Based on the official fix (46109dfec75534fe270c0ab902576f685d5ab3a6) but +since we missed having 2b2844b10d7b7e5c97f9c667d664d9418bb7769a we are +two hunks smaller. + +Index: avahi-0.6.25/avahi-core/socket.c +=================================================================== +--- avahi-0.6.25.orig/avahi-core/socket.c ++++ avahi-0.6.25/avahi-core/socket.c +@@ -684,10 +684,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip + goto fail; + } + +- if (sa.sin_addr.s_addr == INADDR_ANY) { ++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So ++ * fail after having read them. */ ++ if (!ms) ++ goto fail; ++ ++ if (sa.sin_addr.s_addr == INADDR_ANY) + /* Linux 2.4 behaves very strangely sometimes! */ + goto fail; +- } + + assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); +@@ -839,6 +843,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip + goto fail; + } + ++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So ++ * fail after having read them. */ ++ if (!ms) ++ goto fail; ++ + assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); + diff --git a/recipes/avahi/avahi_0.6.25.bb b/recipes/avahi/avahi_0.6.25.bb index 4b598a0313..a7a28ecf11 100644 --- a/recipes/avahi/avahi_0.6.25.bb +++ b/recipes/avahi/avahi_0.6.25.bb @@ -6,7 +6,8 @@ DEPENDS += "intltool-native" PACKAGES =+ "libavahi-gobject" -SRC_URI += "file://disable-ipv6.patch" +SRC_URI += "file://disable-ipv6.patch \ + file://fix-CVE-2011-1002.patch" noipv6 = "${@base_contains('DISTRO_FEATURES', 'ipv6', '', '-DDISABLE_IPV6', d)}" EXTRA_OEMAKE_append = " 'CFLAGS=${CFLAGS} ${noipv6}'" |