From: Alexandre Belloni <alexandre.belloni@bootlin.com>
To: meenali.gupta@windriver.com
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472
Date: Thu, 16 Nov 2023 17:32:34 +0100 [thread overview]
Message-ID: <20231116163234fe55e02a@mail.local> (raw)
In-Reply-To: <20231116114450.1124133-1-meenali.gupta@windriver.com>
Please version properly your patches, this should have been v2.
Also please resend the whole series because now, I have to go and
cherry-pick patches from v1 because 5/5 doesn't apply standalone.
You hsould not push this work on the maintainers.
On 16/11/2023 11:44:50+0000, Meenali Gupta via lists.openembedded.org wrote:
> From: Meenali Gupta <meenali.gupta@windriver.com>
>
> A vulnerability was found in Avahi. A reachable assertion exists
> in the avahi_rdata_parse() function.
>
> Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
> ---
> meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
> .../avahi/files/CVE-2023-38472.patch | 46 +++++++++++++++++++
> 2 files changed, 47 insertions(+)
> create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
>
> diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> index 9c903d6868..84eb1c554d 100644
> --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
> +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> @@ -29,6 +29,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
> file://CVE-2023-38469.patch \
> file://CVE-2023-38470.patch \
> file://CVE-2023-38471.patch \
> + file://CVE-2023-38472.patch \
> "
>
> GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
> diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> new file mode 100644
> index 0000000000..a1de8e2a5a
> --- /dev/null
> +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> @@ -0,0 +1,46 @@
> +From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
> +From: Michal Sekletar <msekleta@redhat.com>
> +Date: Thu, 19 Oct 2023 17:36:44 +0200
> +Subject: [PATCH] avahi: core: make sure there is rdata to process before
> + parsing it
> +
> +Fixes #452
> +
> +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
> +CVE: CVE-2023-38472
> +
> +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
> +---
> + avahi-client/client-test.c | 3 +++
> + avahi-daemon/dbus-entry-group.c | 2 +-
> + 2 files changed, 4 insertions(+), 1 deletion(-)
> +
> +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
> +index 7d04a6a..57750a4 100644
> +--- a/avahi-client/client-test.c
> ++++ b/avahi-client/client-test.c
> +@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
> + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
> + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
> +
> ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
> ++ assert(error != AVAHI_OK);
> ++
> + avahi_entry_group_commit (group);
> +
> + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
> +diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
> +index 4e879a5..aa23d4b 100644
> +--- a/avahi-daemon/dbus-entry-group.c
> ++++ b/avahi-daemon/dbus-entry-group.c
> +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
> + if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
> +
> +- if (avahi_rdata_parse (r, rdata, size) < 0) {
> ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
> + avahi_record_unref (r);
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
> + }
> +--
> +2.40.0
> --
> 2.40.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#190784): https://lists.openembedded.org/g/openembedded-core/message/190784
> Mute This Topic: https://lists.openembedded.org/mt/102625030/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2023-11-16 16:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-16 11:44 [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472 mgupta1
2023-11-16 16:32 ` Alexandre Belloni [this message]
2023-11-17 14:08 ` Gupta, Meenali
-- strict thread matches above, loose matches on Subject: below --
2023-11-16 11:18 [oe-core][PATCH 4/5] avahi " mgupta1
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231116163234fe55e02a@mail.local \
--to=alexandre.belloni@bootlin.com \
--cc=meenali.gupta@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox