avahi: backport CVE fixes from upstream

[feed/packages.git] / libs / avahi / patches / 303-CVE-2023-38472.patch

From d886dc5b1d3d2b76aaa38289245acfdfa979ca6c Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 19 Oct 2023 17:36:44 +0200
Subject: [PATCH] core: make sure there is rdata to process before parsing it

Fixes #452

CVE-2023-38472
---
 avahi-client/client-test.c      | 3 +++
 avahi-daemon/dbus-entry-group.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

--- a/avahi-client/client-test.c
+++ b/avahi-client/client-test.c
@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
     printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
     printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
 
+    error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
+    assert(error != AVAHI_OK);
+
     avahi_entry_group_commit (group);
 
     domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
--- a/avahi-daemon/dbus-entry-group.c
+++ b/avahi-daemon/dbus-entry-group.c
@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
         if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
             return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
 
-        if (avahi_rdata_parse (r, rdata, size) < 0) {
+        if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
             avahi_record_unref (r);
             return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
         }