SOURCES: avahi-netlink.patch (NEW), avahi-compressed_dns.patch (NE...
deejay1
deejay1 at pld-linux.org
Mon Jan 15 16:56:09 CET 2007
Author: deejay1 Date: Mon Jan 15 15:56:09 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- fixes CVE-2006-5461 and CVE-2006-6870
---- Files affected:
SOURCES:
avahi-netlink.patch (NONE -> 1.1) (NEW), avahi-compressed_dns.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/avahi-netlink.patch
diff -u /dev/null SOURCES/avahi-netlink.patch:1.1
--- /dev/null Mon Jan 15 16:56:09 2007
+++ SOURCES/avahi-netlink.patch Mon Jan 15 16:56:04 2007
@@ -0,0 +1,17 @@
+Index: avahi-core/netlink.c
+===================================================================
+--- avahi-core/netlink.c (revision 1329)
++++ avahi-core/netlink.c (working copy)
+@@ -62,6 +62,12 @@
+
+ p = (struct nlmsghdr *) nl->buffer;
+
++ /* Check that this message originated from the kernel,
++ or a request from avahi itself, and not another process */
++ if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) {
++ return -1;
++ }
++
+ assert(nl->callback);
+
+ for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {
================================================================
Index: SOURCES/avahi-compressed_dns.patch
diff -u /dev/null SOURCES/avahi-compressed_dns.patch:1.1
--- /dev/null Mon Jan 15 16:56:09 2007
+++ SOURCES/avahi-compressed_dns.patch Mon Jan 15 16:56:04 2007
@@ -0,0 +1,28 @@
+Index: avahi-core/dns.c
+===================================================================
+--- avahi-core/dns.c (Revision 1339)
++++ avahi-core/dns.c (Arbeitskopie)
+@@ -331,7 +331,7 @@
+ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_t l) {
+ int ret = 0;
+ int compressed = 0;
+- int first_label = 1;
++ int first_label = 1, label_ptr;
+ assert(p && ret_name && l);
+
+ for (;;) {
+@@ -384,8 +384,13 @@
+ if (idx+2 > p->size)
+ return -1;
+
+- idx = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1];
++ label_ptr = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1];
+
++ if (label_ptr >= idx)
++ return -1;
++
++ idx = label_ptr;
++
+ if (!compressed)
+ ret += 2;
+
================================================================
More information about the pld-cvs-commit
mailing list