fix CVE-2023-1981

(cherry picked from commit 724da8ade71d17b73db62b761dde7038bde7e4f5)
2023-04-12 08:02:46 +00:00 · 2023-04-12 08:02:46 +00:00 · 9b64b9c620
commit 9b64b9c620
parent 919a3516d9
2 changed files with 58 additions and 1 deletions
--- a/avahi.spec
+++ b/avahi.spec
@ -3,7 +3,7 @@

 Name:             avahi
 Version:          0.8
-Release:          14
+Release:          15
 Summary:          Avahi is a local network service discovery
 License:          LGPLv2+
 URL:              http://avahi.org
@ -19,6 +19,7 @@ Patch5:           0005-avahi_dns_packet_consume_uint32-fix-potential-undefi.patc

 Patch6001:        backport-CVE-2021-3468.patch
 Patch6002:        backport-CVE-2021-36217.patch
+Patch6003:        backport-CVE-2023-1981.patch

 BuildRequires:    gcc automake libtool desktop-file-utils gtk2-devel glib2-devel gcc-c++
 BuildRequires:    libcap-devel expat-devel gdbm-devel make
@ -556,6 +557,9 @@ fi
 %{_mandir}/man8/*

 %changelog
+* Wed Apr 12 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 0.8-15
+- fix CVE-2023-1981
+
 * Tue Dec 20 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 0.8-14
 - add BuildRequires make

--- a/backport-CVE-2023-1981.patch
+++ b/backport-CVE-2023-1981.patch
@ -0,0 +1,53 @@
+From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 17 Nov 2022 01:51:53 +0100
+Subject: [PATCH] Emit error if requested service is not found
+
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+
+Fixes #375
+---
+ avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
+index 70d7687bc..406d0b441 100644
+--- a/avahi-daemon/dbus-protocol.c
+++ b/avahi-daemon/dbus-protocol.c
+@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
+     }
+ 
+     t = avahi_alternative_host_name(n);
+-    avahi_dbus_respond_string(c, m, t);
+-    avahi_free(t);
+    if (t) {
+        avahi_dbus_respond_string(c, m, t);
+        avahi_free(t);
+ 
+-    return DBUS_HANDLER_RESULT_HANDLED;
+        return DBUS_HANDLER_RESULT_HANDLED;
+    } else {
+        return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
+    }
+ }
+ 
+ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
+@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
+     }
+ 
+     t = avahi_alternative_service_name(n);
+-    avahi_dbus_respond_string(c, m, t);
+-    avahi_free(t);
+    if (t) {
+        avahi_dbus_respond_string(c, m, t);
+        avahi_free(t);
+ 
+-    return DBUS_HANDLER_RESULT_HANDLED;
+        return DBUS_HANDLER_RESULT_HANDLED;
+    } else {
+        return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
+    }
+ }
+ 
+ static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {