From: deejay1 Date: Mon, 15 Jan 2007 15:56:04 +0000 (+0000) Subject: - fixes CVE-2006-5461 and CVE-2006-6870 X-Git-Tag: auto/th/avahi-0_6_16-1~4 X-Git-Url: http://git.pld-linux.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba2d5250baba756bbb50148fde3a3f9d3b1086fb;p=packages%2Favahi.git - fixes CVE-2006-5461 and CVE-2006-6870 Changed files: avahi-compressed_dns.patch -> 1.1 avahi-netlink.patch -> 1.1 --- diff --git a/avahi-compressed_dns.patch b/avahi-compressed_dns.patch new file mode 100644 index 0000000..788d530 --- /dev/null +++ b/avahi-compressed_dns.patch @@ -0,0 +1,28 @@ +Index: avahi-core/dns.c +=================================================================== +--- avahi-core/dns.c (Revision 1339) ++++ avahi-core/dns.c (Arbeitskopie) +@@ -331,7 +331,7 @@ + static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_t l) { + int ret = 0; + int compressed = 0; +- int first_label = 1; ++ int first_label = 1, label_ptr; + assert(p && ret_name && l); + + for (;;) { +@@ -384,8 +384,13 @@ + if (idx+2 > p->size) + return -1; + +- idx = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1]; ++ label_ptr = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1]; + ++ if (label_ptr >= idx) ++ return -1; ++ ++ idx = label_ptr; ++ + if (!compressed) + ret += 2; + diff --git a/avahi-netlink.patch b/avahi-netlink.patch new file mode 100644 index 0000000..b7cc743 --- /dev/null +++ b/avahi-netlink.patch @@ -0,0 +1,17 @@ +Index: avahi-core/netlink.c +=================================================================== +--- avahi-core/netlink.c (revision 1329) ++++ avahi-core/netlink.c (working copy) +@@ -62,6 +62,12 @@ + + p = (struct nlmsghdr *) nl->buffer; + ++ /* Check that this message originated from the kernel, ++ or a request from avahi itself, and not another process */ ++ if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) { ++ return -1; ++ } ++ + assert(nl->callback); + + for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {