diff options
author | Tom Rini <tom_rini@mentor.com> | 2011-02-27 16:45:36 -0700 |
---|---|---|
committer | Tom Rini <tom_rini@mentor.com> | 2011-02-27 20:03:32 -0700 |
commit | 2de86aa285bee790c9c4171d66b0a03932cb0865 (patch) | |
tree | 16bcfcc7c97e01f08e9376d2bd993fffd35bb93d /recipes/avahi/avahi-0.6.25 | |
parent | 9f37d1ab0ed3566fcae28ab96f3e59cbed99007b (diff) | |
download | openembedded-2de86aa285bee790c9c4171d66b0a03932cb0865.tar.gz |
avahi: Fix for CVE-2011-1002
As in the patch comments, based on upstream but with a minor change.
Signed-off-by: Tom Rini <tom_rini@mentor.com>
Diffstat (limited to 'recipes/avahi/avahi-0.6.25')
-rw-r--r-- | recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch new file mode 100644 index 0000000000..f45af44eb8 --- /dev/null +++ b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch @@ -0,0 +1,37 @@ +Based on the official fix (46109dfec75534fe270c0ab902576f685d5ab3a6) but +since we missed having 2b2844b10d7b7e5c97f9c667d664d9418bb7769a we are +two hunks smaller. + +Index: avahi-0.6.25/avahi-core/socket.c +=================================================================== +--- avahi-0.6.25.orig/avahi-core/socket.c ++++ avahi-0.6.25/avahi-core/socket.c +@@ -684,10 +684,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip + goto fail; + } + +- if (sa.sin_addr.s_addr == INADDR_ANY) { ++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So ++ * fail after having read them. */ ++ if (!ms) ++ goto fail; ++ ++ if (sa.sin_addr.s_addr == INADDR_ANY) + /* Linux 2.4 behaves very strangely sometimes! */ + goto fail; +- } + + assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); +@@ -839,6 +843,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip + goto fail; + } + ++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So ++ * fail after having read them. */ ++ if (!ms) ++ goto fail; ++ + assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); + |