[OE-core] [PATCH 1/2] avahi: fix CVE-2017-6519
Burton, Ross
ross.burton at intel.com
Tue Apr 2 07:46:45 UTC 2019
The patch itself says two CVE IDs, so can you put them both in the
path header with your SOB please?
Ross
On Tue, 2 Apr 2019 at 08:45, <kai.kang at windriver.com> wrote:
>
> From: Kai Kang <kai.kang at windriver.com>
>
> Backport patch to fix CVE-2017-6519.
>
> CVE: CVE-2017-6519
>
> Signed-off-by: Kai Kang <kai.kang at windriver.com>
> ---
> meta/recipes-connectivity/avahi/avahi.inc | 4 +-
> .../avahi/files/fix-CVE-2017-6519.patch | 48 +++++++++++++++++++
> 2 files changed, 51 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
>
> diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
> index 11846849f0..8339e451f5 100644
> --- a/meta/recipes-connectivity/avahi/avahi.inc
> +++ b/meta/recipes-connectivity/avahi/avahi.inc
> @@ -19,7 +19,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
> file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
> file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
>
> -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
> +SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
> + file://fix-CVE-2017-6519.patch \
> + "
>
> UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
> SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
> diff --git a/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
> new file mode 100644
> index 0000000000..7461fe193d
> --- /dev/null
> +++ b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
> @@ -0,0 +1,48 @@
> +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
> +
> +CVE: CVE-2017-6519
> +
> +Signed-off-by: Kai Kang <kai.kang at windriver.com>
> +
> +From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
> +From: Trent Lloyd <trent at lloyd.id.au>
> +Date: Sat, 22 Dec 2018 09:06:07 +0800
> +Subject: [PATCH] Drop legacy unicast queries from address not on local link
> +
> +When handling legacy unicast queries, ensure that the source IP is
> +inside a subnet on the local link, otherwise drop the packet.
> +
> +Fixes #145
> +Fixes #203
> +CVE-2017-6519
> +CVE-2018-1000845
> +---
> + avahi-core/server.c | 8 ++++++++
> + 1 file changed, 8 insertions(+)
> +
> +diff --git a/avahi-core/server.c b/avahi-core/server.c
> +index a2cb19a8..a2580e38 100644
> +--- a/avahi-core/server.c
> ++++ b/avahi-core/server.c
> +@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
> +
> + if (avahi_dns_packet_is_query(p)) {
> + int legacy_unicast = 0;
> ++ char t[AVAHI_ADDRESS_STR_MAX];
> +
> + /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
> + * AR section completely here, so far. Until the day we add
> +@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
> + legacy_unicast = 1;
> + }
> +
> ++ if (!is_mdns_mcast_address(dst_address) &&
> ++ !avahi_interface_address_on_link(i, src_address)) {
> ++
> ++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
> ++ return;
> ++ }
> ++
> + if (legacy_unicast)
> + reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
> +
> --
> 2.20.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list