rpms/avahi/F-12 CVE-2010-2244.patch,NONE,1.1 avahi.spec,1.121,1.122
Lennart Poettering
lennart at fedoraproject.org
Wed Jun 30 00:09:32 UTC 2010
Author: lennart
Update of /cvs/pkgs/rpms/avahi/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv30696
Modified Files:
avahi.spec
Added Files:
CVE-2010-2244.patch
Log Message:
forgot patch
CVE-2010-2244.patch:
socket.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- NEW FILE CVE-2010-2244.patch ---
>From 2b2844b10d7b7e5c97f9c667d664d9418bb7769a Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel at suse.de>
Date: Wed, 19 May 2010 15:43:44 +0200
Subject: [PATCH] socket: ignore packet if FIONREAD returns zero
zero size is reported for corrupt packets. recvmsg() later could
nevertheless get data from a good packet that followed the bad one.
So get out early to avoid hitting an assertion.
---
avahi-core/socket.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/avahi-core/socket.c b/avahi-core/socket.c
index 4146d5a..f9b90a2 100644
--- a/avahi-core/socket.c
+++ b/avahi-core/socket.c
@@ -652,6 +652,10 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
goto fail;
}
+ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
+ if (!ms)
+ goto fail;
+
p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
io.iov_base = AVAHI_DNS_PACKET_DATA(p);
@@ -805,6 +809,10 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
goto fail;
}
+ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
+ if (!ms)
+ goto fail;
+
p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
io.iov_base = AVAHI_DNS_PACKET_DATA(p);
--
1.6.3.3
Index: avahi.spec
===================================================================
RCS file: /cvs/pkgs/rpms/avahi/F-12/avahi.spec,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -p -r1.121 -r1.122
--- avahi.spec 30 Jun 2010 00:04:11 -0000 1.121
+++ avahi.spec 30 Jun 2010 00:09:32 -0000 1.122
@@ -6,7 +6,7 @@
%endif
Name: avahi
Version: 0.6.25
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: Local network service discovery
Group: System Environment/Base
License: LGPLv2
@@ -574,6 +574,9 @@ fi
%endif
%changelog
+* Wed Jun 30 2010 Lennart Poettering <lpoetter at redhat.com> 0.6.25-7
+- Forgot patch
+
* Wed Jun 30 2010 Lennart Poettering <lpoetter at redhat.com> 0.6.25-6
- Fix CVE-2010-2244, rhbz 607297
More information about the scm-commits
mailing list