avahi/files/CVE-2023-38469-2.patch

*169d7bccSPatrick WilliamsFrom c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001
*169d7bccSPatrick WilliamsFrom: Evgeny Vereshchagin <evvers@ya.ru>
*169d7bccSPatrick WilliamsDate: Wed, 25 Oct 2023 18:15:42 +0000
*169d7bccSPatrick WilliamsSubject: [PATCH] tests: pass overly long TXT resource records
*169d7bccSPatrick Williams
*169d7bccSPatrick Williamsto make sure they don't crash avahi any more.
*169d7bccSPatrick WilliamsIt reproduces https://github.com/lathiat/avahi/issues/455
*169d7bccSPatrick Williams
*169d7bccSPatrick WilliamsCanonical notes:
*169d7bccSPatrick Williamsnickgalanis> removed first hunk since there is no .github dir in this release
*169d7bccSPatrick Williams
*169d7bccSPatrick WilliamsUpstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security
*169d7bccSPatrick WilliamsUpstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237]
*169d7bccSPatrick WilliamsCVE: CVE-2023-38469
*169d7bccSPatrick WilliamsSigned-off-by: Vijay Anusuri <vanusuri@mvista.com>
*169d7bccSPatrick Williams---
*169d7bccSPatrick Williams avahi-client/client-test.c       | 14 ++++++++++++++
*169d7bccSPatrick Williams 1 files changed, 14 insertions(+)
*169d7bccSPatrick Williams
*169d7bccSPatrick WilliamsIndex: avahi-0.8/avahi-client/client-test.c
*169d7bccSPatrick Williams===================================================================
*169d7bccSPatrick Williams--- avahi-0.8.orig/avahi-client/client-test.c
*169d7bccSPatrick Williams+++ avahi-0.8/avahi-client/client-test.c
*169d7bccSPatrick Williams@@ -22,6 +22,7 @@
*169d7bccSPatrick Williams #endif
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams #include <stdio.h>
*169d7bccSPatrick Williams+#include <string.h>
*169d7bccSPatrick Williams #include <assert.h>
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams #include <avahi-client/client.h>
*169d7bccSPatrick Williams@@ -33,6 +34,8 @@
*169d7bccSPatrick Williams #include <avahi-common/malloc.h>
*169d7bccSPatrick Williams #include <avahi-common/timeval.h>
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams+#include <avahi-core/dns.h>
*169d7bccSPatrick Williams+
*169d7bccSPatrick Williams static const AvahiPoll *poll_api = NULL;
*169d7bccSPatrick Williams static AvahiSimplePoll *simple_poll = NULL;
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
*169d7bccSPatrick Williams     uint32_t cookie;
*169d7bccSPatrick Williams     struct timeval tv;
*169d7bccSPatrick Williams     AvahiAddress a;
*169d7bccSPatrick Williams+    uint8_t rdata[AVAHI_DNS_RDATA_MAX+1];
*169d7bccSPatrick Williams+    AvahiStringList *txt = NULL;
*169d7bccSPatrick Williams+    int r;
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams     simple_poll = avahi_simple_poll_new();
*169d7bccSPatrick Williams     poll_api = avahi_simple_poll_get(simple_poll);
*169d7bccSPatrick Williams@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
*169d7bccSPatrick Williams     printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
*169d7bccSPatrick Williams     printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams+    memset(rdata, 1, sizeof(rdata));
*169d7bccSPatrick Williams+    r = avahi_string_list_parse(rdata, sizeof(rdata), &txt);
*169d7bccSPatrick Williams+    assert(r >= 0);
*169d7bccSPatrick Williams+    assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata));
*169d7bccSPatrick Williams+    error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt);
*169d7bccSPatrick Williams+    assert(error == AVAHI_ERR_INVALID_RECORD);
*169d7bccSPatrick Williams+    avahi_string_list_free(txt);
*169d7bccSPatrick Williams+
*169d7bccSPatrick Williams     avahi_entry_group_commit (group);
*169d7bccSPatrick Williams
*169d7bccSPatrick Williams     domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");