[oe-commits] Tom Rini : avahi: Fix for CVE-2011-1002

[git version control]

Module: openembedded.git
Branch: master
Commit: 2de86aa285bee790c9c4171d66b0a03932cb0865
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=2de86aa285bee790c9c4171d66b0a03932cb0865

Author: Tom Rini <tom_rini at mentor.com>
Date:   Sun Feb 27 16:45:36 2011 -0700

avahi: Fix for CVE-2011-1002

As in the patch comments, based on upstream but with a minor change.

Signed-off-by: Tom Rini <tom_rini at mentor.com>

---

 recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch |   37 ++++++++++++++++++++
 recipes/avahi/avahi_0.6.25.bb                      |    3 +-
 2 files changed, 39 insertions(+), 1 deletions(-)

diff --git a/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch
new file mode 100644
index 0000000..f45af44
--- /dev/null
+++ b/recipes/avahi/avahi-0.6.25/fix-CVE-2011-1002.patch
@@ -0,0 +1,37 @@
+Based on the official fix (46109dfec75534fe270c0ab902576f685d5ab3a6) but
+since we missed having 2b2844b10d7b7e5c97f9c667d664d9418bb7769a we are
+two hunks smaller.
+
+Index: avahi-0.6.25/avahi-core/socket.c
+===================================================================
+--- avahi-0.6.25.orig/avahi-core/socket.c
++++ avahi-0.6.25/avahi-core/socket.c
+@@ -684,10 +684,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip
+         goto fail;
+     }
+ 
+-    if (sa.sin_addr.s_addr == INADDR_ANY) {
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
++    if (sa.sin_addr.s_addr == INADDR_ANY)
+         /* Linux 2.4 behaves very strangely sometimes! */
+         goto fail;
+-    }
+ 
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+@@ -839,6 +843,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ip
+         goto fail;
+     }
+ 
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+ 
diff --git a/recipes/avahi/avahi_0.6.25.bb b/recipes/avahi/avahi_0.6.25.bb
index 4b598a0..a7a28ec 100644
--- a/recipes/avahi/avahi_0.6.25.bb
+++ b/recipes/avahi/avahi_0.6.25.bb
@@ -6,7 +6,8 @@ DEPENDS += "intltool-native"
 
 PACKAGES =+ "libavahi-gobject"
 
-SRC_URI += "file://disable-ipv6.patch"
+SRC_URI += "file://disable-ipv6.patch \
+            file://fix-CVE-2011-1002.patch"
 
 noipv6 = "${@base_contains('DISTRO_FEATURES', 'ipv6', '', '-DDISABLE_IPV6', d)}"
 EXTRA_OEMAKE_append = " 'CFLAGS=${CFLAGS} ${noipv6}'"