rpms / avahi

Clone
Source Code
GIT

Blame CVE-2010-2244.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master olpc2
  1.   f13
  2.   CVE-2010-2244.patch
Blob History Raw
Lennart Poettering 8650fe 
From 2b2844b10d7b7e5c97f9c667d664d9418bb7769a Mon Sep 17 00:00:00 2001
Lennart Poettering 8650fe 
From: Ludwig Nussel <ludwig.nussel@suse.de>
Lennart Poettering 8650fe 
Date: Wed, 19 May 2010 15:43:44 +0200
Lennart Poettering 8650fe 
Subject: [PATCH] socket: ignore packet if FIONREAD returns zero
Lennart Poettering 8650fe
Lennart Poettering 8650fe 
zero size is reported for corrupt packets. recvmsg() later could
Lennart Poettering 8650fe 
nevertheless get data from a good packet that followed the bad one.
Lennart Poettering 8650fe 
So get out early to avoid hitting an assertion.
Lennart Poettering 8650fe 
---
Lennart Poettering 8650fe 
 avahi-core/socket.c |    8 ++++++++
Lennart Poettering 8650fe 
 1 files changed, 8 insertions(+), 0 deletions(-)
Lennart Poettering 8650fe
Lennart Poettering 8650fe 
diff --git a/avahi-core/socket.c b/avahi-core/socket.c
Lennart Poettering 8650fe 
index 4146d5a..f9b90a2 100644
Lennart Poettering 8650fe 
--- a/avahi-core/socket.c
Lennart Poettering 8650fe 
+++ b/avahi-core/socket.c
Lennart Poettering 8650fe 
@@ -652,6 +652,10 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
Lennart Poettering 8650fe 
         goto fail;
Lennart Poettering 8650fe 
     }
Lennart Poettering 8650fe
Lennart Poettering 8650fe 
+    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
Lennart Poettering 8650fe 
+    if (!ms)
Lennart Poettering 8650fe 
+        goto fail;
Lennart Poettering 8650fe 
+
Lennart Poettering 8650fe 
     p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
Lennart Poettering 8650fe
Lennart Poettering 8650fe 
     io.iov_base = AVAHI_DNS_PACKET_DATA(p);
Lennart Poettering 8650fe 
@@ -805,6 +809,10 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
Lennart Poettering 8650fe 
         goto fail;
Lennart Poettering 8650fe 
     }
Lennart Poettering 8650fe
Lennart Poettering 8650fe 
+    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
Lennart Poettering 8650fe 
+    if (!ms)
Lennart Poettering 8650fe 
+        goto fail;
Lennart Poettering 8650fe 
+
Lennart Poettering 8650fe 
     p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
Lennart Poettering 8650fe
Lennart Poettering 8650fe 
     io.iov_base = AVAHI_DNS_PACKET_DATA(p);
Lennart Poettering 8650fe 
--
Lennart Poettering 8650fe 
1.6.3.3
Lennart Poettering 8650fe

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation