- fixes CVE-2006-5461 and CVE-2006-6870

Changed files:
    avahi-compressed_dns.patch -> 1.1
    avahi-netlink.patch -> 1.1

diff --git a/avahi-compressed_dns.patch b/avahi-compressed_dns.patch
new file mode 100644 (file)
index 0000000..788d530
--- /dev/null
+++ b/avahi-compressed_dns.patch
@@ -0,0 +1,28 @@
+Index: avahi-core/dns.c
+===================================================================
+--- avahi-core/dns.c   (Revision 1339)
++++ avahi-core/dns.c   (Arbeitskopie)
+@@ -331,7 +331,7 @@
+ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_t l) {
+     int ret = 0;
+     int compressed = 0;
+-    int first_label = 1;
++    int first_label = 1, label_ptr;
+     assert(p && ret_name && l);
+     
+     for (;;) {
+@@ -384,8 +384,13 @@
+             if (idx+2 > p->size)
+                 return -1;
+ 
+-            idx = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1];
++            label_ptr = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1];
+ 
++            if (label_ptr >= idx)
++                return -1;
++
++            idx = label_ptr;
++
+             if (!compressed)
+                 ret += 2;
+             

diff --git a/avahi-netlink.patch b/avahi-netlink.patch
new file mode 100644 (file)
index 0000000..b7cc743
--- /dev/null
+++ b/avahi-netlink.patch
@@ -0,0 +1,17 @@
+Index: avahi-core/netlink.c
+===================================================================
+--- avahi-core/netlink.c       (revision 1329)
++++ avahi-core/netlink.c       (working copy)
+@@ -62,6 +62,12 @@
+ 
+     p = (struct nlmsghdr *) nl->buffer;
+     
++    /* Check that this message originated from the kernel,
++       or a request from avahi itself, and not another process */
++    if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) {
++        return -1;
++    }
++
+     assert(nl->callback);
+     
+     for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {