1CVE: CVE-2021-36217
2CVE: CVE-2021-3502
3Upstream-Status: Backport
4Signed-off-by: Ross Burton <ross.burton@arm.com>
5
6From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
7From: Tommi Rantala <tommi.t.rantala@nokia.com>
8Date: Mon, 8 Feb 2021 11:04:43 +0200
9Subject: [PATCH] Fix NULL pointer crashes from #175
10
11avahi-daemon is crashing when running "ping .local".
12The crash is due to failing assertion from NULL pointer.
13Add missing NULL pointer checks to fix it.
14
15Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
16---
17 avahi-core/browse-dns-server.c   | 5 ++++-
18 avahi-core/browse-domain.c       | 5 ++++-
19 avahi-core/browse-service-type.c | 3 +++
20 avahi-core/browse-service.c      | 3 +++
21 avahi-core/browse.c              | 3 +++
22 avahi-core/resolve-address.c     | 5 ++++-
23 avahi-core/resolve-host-name.c   | 5 ++++-
24 avahi-core/resolve-service.c     | 5 ++++-
25 8 files changed, 29 insertions(+), 5 deletions(-)
26
27diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
28index 049752e9..c2d914fa 100644
29--- a/avahi-core/browse-dns-server.c
30+++ b/avahi-core/browse-dns-server.c
31@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
32         AvahiSDNSServerBrowser* b;
33
34         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
35+        if (!b)
36+            return NULL;
37+
38         avahi_s_dns_server_browser_start(b);
39
40         return b;
41-}
42\ No newline at end of file
43+}
44diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
45index f145d56a..06fa70c0 100644
46--- a/avahi-core/browse-domain.c
47+++ b/avahi-core/browse-domain.c
48@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
49         AvahiSDomainBrowser *b;
50
51         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
52+        if (!b)
53+            return NULL;
54+
55         avahi_s_domain_browser_start(b);
56
57         return b;
58-}
59\ No newline at end of file
60+}
61diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
62index fdd22dcd..b1fc7af8 100644
63--- a/avahi-core/browse-service-type.c
64+++ b/avahi-core/browse-service-type.c
65@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
66         AvahiSServiceTypeBrowser *b;
67
68         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
69+        if (!b)
70+            return NULL;
71+
72         avahi_s_service_type_browser_start(b);
73
74         return b;
75diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
76index 5531360c..63e0275a 100644
77--- a/avahi-core/browse-service.c
78+++ b/avahi-core/browse-service.c
79@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
80         AvahiSServiceBrowser *b;
81
82         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
83+        if (!b)
84+            return NULL;
85+
86         avahi_s_service_browser_start(b);
87
88         return b;
89diff --git a/avahi-core/browse.c b/avahi-core/browse.c
90index 2941e579..e8a915e9 100644
91--- a/avahi-core/browse.c
92+++ b/avahi-core/browse.c
93@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
94         AvahiSRecordBrowser *b;
95
96         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
97+        if (!b)
98+            return NULL;
99+
100         avahi_s_record_browser_start_query(b);
101
102         return b;
103diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
104index ac0b29b1..e61dd242 100644
105--- a/avahi-core/resolve-address.c
106+++ b/avahi-core/resolve-address.c
107@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
108         AvahiSAddressResolver *b;
109
110         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
111+        if (!b)
112+            return NULL;
113+
114         avahi_s_address_resolver_start(b);
115
116         return b;
117-}
118\ No newline at end of file
119+}
120diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
121index 808b0e72..4e8e5973 100644
122--- a/avahi-core/resolve-host-name.c
123+++ b/avahi-core/resolve-host-name.c
124@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
125         AvahiSHostNameResolver *b;
126
127         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
128+        if (!b)
129+            return NULL;
130+
131         avahi_s_host_name_resolver_start(b);
132
133         return b;
134-}
135\ No newline at end of file
136+}
137diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
138index 66bf3cae..43771763 100644
139--- a/avahi-core/resolve-service.c
140+++ b/avahi-core/resolve-service.c
141@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
142         AvahiSServiceResolver *b;
143
144         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
145+        if (!b)
146+            return NULL;
147+
148         avahi_s_service_resolver_start(b);
149
150         return b;
151-}
152\ No newline at end of file
153+}
154