mirror of
https://abf.rosa.ru/djam/avahi.git
synced 2025-02-23 16:12:59 +00:00
close CVE-2021-3468
This commit is contained in:
slava86
parent
db4a1f23c1
commit
4aa3e08d43
2 changed files with 42 additions and 1 deletions
40
avahi-CVE-2021-3468.patch
Normal file
40
avahi-CVE-2021-3468.patch
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
|
||||
From: Riccardo Schirone <sirmy15@gmail.com>
|
||||
Date: Fri, 26 Mar 2021 11:50:24 +0100
|
||||
Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
|
||||
client_work
|
||||
|
||||
If a client fills the input buffer, client_work() disables the
|
||||
AVAHI_WATCH_IN event, thus preventing the function from executing the
|
||||
`read` syscall the next times it is called. However, if the client then
|
||||
terminates the connection, the socket file descriptor receives a HUP
|
||||
event, which is not handled, thus the kernel keeps marking the HUP event
|
||||
as occurring. While iterating over the file descriptors that triggered
|
||||
an event, the client file descriptor will keep having the HUP event and
|
||||
the client_work() function is always called with AVAHI_WATCH_HUP but
|
||||
without nothing being done, thus entering an infinite loop.
|
||||
|
||||
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
|
||||
---
|
||||
avahi-daemon/simple-protocol.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
|
||||
index 3e0ebb1..6c0274d 100644
|
||||
--- a/avahi-daemon/simple-protocol.c
|
||||
+++ b/avahi-daemon/simple-protocol.c
|
||||
@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
|
||||
}
|
||||
}
|
||||
|
||||
+ if (events & AVAHI_WATCH_HUP) {
|
||||
+ client_free(c);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
c->server->poll_api->watch_update(
|
||||
watch,
|
||||
(c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
|
@ -68,7 +68,7 @@
|
|||
Summary: Avahi service discovery (mDNS/DNS-SD) suite
|
||||
Name: avahi
|
||||
Version: 0.6.32
|
||||
Release: 14
|
||||
Release: 15
|
||||
License: LGPLv2+
|
||||
Group: System/Servers
|
||||
Url: http://avahi.org/
|
||||
|
|
@ -80,6 +80,7 @@ Patch0: avahi-0.6.31-gtk-is-broken-beyond-repair-gtk-die-die-die.patch
|
|||
Patch1: avahi-0.6.31.workaround.patch
|
||||
Patch2: avahi-0.6.31-avahi-gir-fixup.patch
|
||||
Patch3: avahi-0.6.32-CVE-2017-6519.patch
|
||||
Patch4: avahi-CVE-2021-3468.patch
|
||||
BuildRequires: intltool
|
||||
BuildRequires: pygtk2.0
|
||||
BuildRequires: cap-devel
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue