avahi: Fix for CVE-2011-1002

As in the patch comments, based on upstream but with a minor change.

Signed-off-by: Tom Rini <tom_rini@mentor.com>

1 files changed, 37 insertions, 0 deletions

diff --git a/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch
new file mode 100644
index 0000000000..f45af44eb8
--- /dev/null
+++ b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch
@@ -0,0 +1,37 @@
+Based on the official fix (46109dfec75534fe270c0ab902576f685d5ab3a6) but
+since we missed having 2b2844b10d7b7e5c97f9c667d664d9418bb7769a we are
+two hunks smaller.
+
+Index: avahi-0.6.25/avahi-core/socket.c
+===================================================================
+--- avahi-0.6.25.orig/avahi-core/socket.c
++++ avahi-0.6.25/avahi-core/socket.c
+@@ -684,10 +684,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip
+         goto fail;
+     }
+ 
+-    if (sa.sin_addr.s_addr == INADDR_ANY) {
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
++    if (sa.sin_addr.s_addr == INADDR_ANY)
+         /* Linux 2.4 behaves very strangely sometimes! */
+         goto fail;
+-    }
+ 
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+@@ -839,6 +843,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip
+         goto fail;
+     }
+ 
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+