diff --git a/avahi-CVE-2023-38470.patch b/avahi-CVE-2023-38470.patch new file mode 100644 index 0000000..d14d5d0 --- /dev/null +++ b/avahi-CVE-2023-38470.patch @@ -0,0 +1,52 @@ +From b6cf29f98adce7355e8c51a6af1e338a5f94e16e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 11 Apr 2023 15:29:59 +0200 +Subject: [PATCH] Ensure each label is at least one byte long + +The only allowed exception is single dot, where it should return empty +string. + +Fixes #454. +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index cf763eca6..3acc1c1e4 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index 3b1ab6834..e66d2416c 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; diff --git a/avahi.changes b/avahi.changes index add2575..60636c9 100644 --- a/avahi.changes +++ b/avahi.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Nov 1 06:19:44 UTC 2023 - Alynx Zhou + +- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one + byte long (bsc#1215947, CVE-2023-38470). + ------------------------------------------------------------------- Thu Oct 26 08:33:36 UTC 2023 - Xiaoguang Wang diff --git a/avahi.spec b/avahi.spec index c14f00f..1501558 100644 --- a/avahi.spec +++ b/avahi.spec @@ -1,5 +1,5 @@ # -# spec file +# spec file for package avahi # # Copyright (c) 2023 SUSE LLC # @@ -103,6 +103,8 @@ Patch29: harden_avahi-dnsconfd.service.patch Patch30: avahi-CVE-2023-1981.patch # PATCH-FIX-UPSTREAM avahi-CVE-2023-38473.patch bsc#1216419 xwang@suse.com -- derive alternative host name from its unescaped version Patch31: avahi-CVE-2023-38473.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-38470.patch bsc#1215947 alynx.zhou@suse.com -- Ensure each label is at least one byte long +Patch32: avahi-CVE-2023-38470.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel @@ -507,6 +509,7 @@ cp -a %{SOURCE12} service-type-database/build-db %patch29 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 %if !%{build_core} # Replace all .la references from local .la files to installed versions