[OE-core] [PATCH 1/2] avahi: fix CVE-2017-6519
Kang Kai
Kai.Kang at windriver.com
Tue Apr 2 07:49:21 UTC 2019
On 2019/4/2 下午3:46, Burton, Ross wrote:
> The patch itself says two CVE IDs, so can you put them both in the
> path header with your SOB please?
I have checked CVE-2018-1000845 which is rejected that it is duplicate
of CVE-2017-6519. That why didn't list CVE-2018-1000845 in patch and
commit message.
Regards,
Kai
>
> Ross
>
> On Tue, 2 Apr 2019 at 08:45, <kai.kang at windriver.com> wrote:
>> From: Kai Kang <kai.kang at windriver.com>
>>
>> Backport patch to fix CVE-2017-6519.
>>
>> CVE: CVE-2017-6519
>>
>> Signed-off-by: Kai Kang <kai.kang at windriver.com>
>> ---
>> meta/recipes-connectivity/avahi/avahi.inc | 4 +-
>> .../avahi/files/fix-CVE-2017-6519.patch | 48 +++++++++++++++++++
>> 2 files changed, 51 insertions(+), 1 deletion(-)
>> create mode 100644 meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
>>
>> diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
>> index 11846849f0..8339e451f5 100644
>> --- a/meta/recipes-connectivity/avahi/avahi.inc
>> +++ b/meta/recipes-connectivity/avahi/avahi.inc
>> @@ -19,7 +19,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
>> file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
>> file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
>>
>> -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
>> +SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
>> + file://fix-CVE-2017-6519.patch \
>> + "
>>
>> UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
>> SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
>> diff --git a/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
>> new file mode 100644
>> index 0000000000..7461fe193d
>> --- /dev/null
>> +++ b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
>> @@ -0,0 +1,48 @@
>> +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
>> +
>> +CVE: CVE-2017-6519
>> +
>> +Signed-off-by: Kai Kang <kai.kang at windriver.com>
>> +
>> +From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
>> +From: Trent Lloyd <trent at lloyd.id.au>
>> +Date: Sat, 22 Dec 2018 09:06:07 +0800
>> +Subject: [PATCH] Drop legacy unicast queries from address not on local link
>> +
>> +When handling legacy unicast queries, ensure that the source IP is
>> +inside a subnet on the local link, otherwise drop the packet.
>> +
>> +Fixes #145
>> +Fixes #203
>> +CVE-2017-6519
>> +CVE-2018-1000845
>> +---
>> + avahi-core/server.c | 8 ++++++++
>> + 1 file changed, 8 insertions(+)
>> +
>> +diff --git a/avahi-core/server.c b/avahi-core/server.c
>> +index a2cb19a8..a2580e38 100644
>> +--- a/avahi-core/server.c
>> ++++ b/avahi-core/server.c
>> +@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
>> +
>> + if (avahi_dns_packet_is_query(p)) {
>> + int legacy_unicast = 0;
>> ++ char t[AVAHI_ADDRESS_STR_MAX];
>> +
>> + /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
>> + * AR section completely here, so far. Until the day we add
>> +@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
>> + legacy_unicast = 1;
>> + }
>> +
>> ++ if (!is_mdns_mcast_address(dst_address) &&
>> ++ !avahi_interface_address_on_link(i, src_address)) {
>> ++
>> ++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
>> ++ return;
>> ++ }
>> ++
>> + if (legacy_unicast)
>> + reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
>> +
>> --
>> 2.20.0
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
Kai Kang
More information about the Openembedded-core
mailing list