xref: /openbmc/openbmc/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch (revision 169d7bccc02da43f8574d030502cfcf9308f505f) 
1From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Wed, 25 Oct 2023 18:15:42 +0000
4Subject: [PATCH] tests: pass overly long TXT resource records
5
6to make sure they don't crash avahi any more.
7It reproduces https://github.com/lathiat/avahi/issues/455
8
9Canonical notes:
10nickgalanis> removed first hunk since there is no .github dir in this release
11
12Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security
13Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237]
14CVE: CVE-2023-38469
15Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
16---
17 avahi-client/client-test.c       | 14 ++++++++++++++
18 1 files changed, 14 insertions(+)
19
20Index: avahi-0.8/avahi-client/client-test.c
21===================================================================
22--- avahi-0.8.orig/avahi-client/client-test.c
23+++ avahi-0.8/avahi-client/client-test.c
24@@ -22,6 +22,7 @@
25 #endif
26
27 #include <stdio.h>
28+#include <string.h>
29 #include <assert.h>
30
31 #include <avahi-client/client.h>
32@@ -33,6 +34,8 @@
33 #include <avahi-common/malloc.h>
34 #include <avahi-common/timeval.h>
35
36+#include <avahi-core/dns.h>
37+
38 static const AvahiPoll *poll_api = NULL;
39 static AvahiSimplePoll *simple_poll = NULL;
40
41@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
42     uint32_t cookie;
43     struct timeval tv;
44     AvahiAddress a;
45+    uint8_t rdata[AVAHI_DNS_RDATA_MAX+1];
46+    AvahiStringList *txt = NULL;
47+    int r;
48
49     simple_poll = avahi_simple_poll_new();
50     poll_api = avahi_simple_poll_get(simple_poll);
51@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
52     printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
53     printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
54
55+    memset(rdata, 1, sizeof(rdata));
56+    r = avahi_string_list_parse(rdata, sizeof(rdata), &txt);
57+    assert(r >= 0);
58+    assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata));
59+    error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt);
60+    assert(error == AVAHI_ERR_INVALID_RECORD);
61+    avahi_string_list_free(txt);
62+
63     avahi_entry_group_commit (group);
64
65     domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
66