SOURCES: avahi-netlink.patch (NEW), avahi-compressed_dns.patch (NE...

deejay1 deejay1 at pld-linux.org
Mon Jan 15 16:56:09 CET 2007


Author: deejay1                      Date: Mon Jan 15 15:56:09 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- fixes CVE-2006-5461 and CVE-2006-6870

---- Files affected:
SOURCES:
   avahi-netlink.patch (NONE -> 1.1)  (NEW), avahi-compressed_dns.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/avahi-netlink.patch
diff -u /dev/null SOURCES/avahi-netlink.patch:1.1
--- /dev/null	Mon Jan 15 16:56:09 2007
+++ SOURCES/avahi-netlink.patch	Mon Jan 15 16:56:04 2007
@@ -0,0 +1,17 @@
+Index: avahi-core/netlink.c
+===================================================================
+--- avahi-core/netlink.c	(revision 1329)
++++ avahi-core/netlink.c	(working copy)
+@@ -62,6 +62,12 @@
+ 
+     p = (struct nlmsghdr *) nl->buffer;
+     
++    /* Check that this message originated from the kernel,
++       or a request from avahi itself, and not another process */
++    if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) {
++        return -1;
++    }
++
+     assert(nl->callback);
+     
+     for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {

================================================================
Index: SOURCES/avahi-compressed_dns.patch
diff -u /dev/null SOURCES/avahi-compressed_dns.patch:1.1
--- /dev/null	Mon Jan 15 16:56:09 2007
+++ SOURCES/avahi-compressed_dns.patch	Mon Jan 15 16:56:04 2007
@@ -0,0 +1,28 @@
+Index: avahi-core/dns.c
+===================================================================
+--- avahi-core/dns.c	(Revision 1339)
++++ avahi-core/dns.c	(Arbeitskopie)
+@@ -331,7 +331,7 @@
+ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_t l) {
+     int ret = 0;
+     int compressed = 0;
+-    int first_label = 1;
++    int first_label = 1, label_ptr;
+     assert(p && ret_name && l);
+     
+     for (;;) {
+@@ -384,8 +384,13 @@
+             if (idx+2 > p->size)
+                 return -1;
+ 
+-            idx = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1];
++            label_ptr = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1];
+ 
++            if (label_ptr >= idx)
++                return -1;
++
++            idx = label_ptr;
++
+             if (!compressed)
+                 ret += 2;
+             
================================================================


More information about the pld-cvs-commit mailing list