[Pkg-utopia-commits] r2684 - in /packages/etch/avahi/debian: changelog patches/15_CVE-2007-3372.patch

Sat Dec 20 12:52:04 UTC 2008

Author: sjoerd
Date: Sat Dec 20 12:52:03 2008
New Revision: 2684

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2684
Log:
* debian/patches/15_CVE-2007-3372.patch 
  - Added. Fix an assertion failure in the daemon when trying to register
    empty TXT records Fixes CVE-2007-3372

Added:
    packages/etch/avahi/debian/patches/15_CVE-2007-3372.patch
Modified:
    packages/etch/avahi/debian/changelog

Modified: packages/etch/avahi/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/avahi/debian/changelog?rev=2684&op=diff
==============================================================================

--- packages/etch/avahi/debian/changelog (original)
+++ packages/etch/avahi/debian/changelog Sat Dec 20 12:52:03 2008
@@ -3,8 +3,11 @@
   * debian/patches/14_CVE-2008-5081.patch
     - Added. Don't abort on receiving an UDP packet with a source port of zero.
       Fixes CVE-2008-5081 (Closes: #508700)
-
- -- Sjoerd Simons <sjoerd at debian.org>  Sun, 14 Dec 2008 18:22:56 +0000
+  * debian/patches/15_CVE-2007-3372.patch 
+    - Added. Fix an assertion failure in the daemon when trying to register
+      empty TXT records Fixes CVE-2007-3372
+
+ -- Sjoerd Simons <sjoerd at debian.org>  Sat, 20 Dec 2008 12:50:54 +0000
 
 avahi (0.6.16-3etch1) testing-proposed-updates; urgency=low
 

Added: packages/etch/avahi/debian/patches/15_CVE-2007-3372.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/avahi/debian/patches/15_CVE-2007-3372.patch?rev=2684&op=file
==============================================================================
--- packages/etch/avahi/debian/patches/15_CVE-2007-3372.patch (added)
+++ packages/etch/avahi/debian/patches/15_CVE-2007-3372.patch Sat Dec 20 12:52:03 2008
@@ -1,0 +1,36 @@
+commit b5daab9d464d239b0bf24379c6472ba09af35f66
+Author: Lennart Poettering <lennart at poettering.net>
+Date:   Mon May 21 17:13:05 2007 +0000
+
+    fix a local DoS (by hitting an assert) when passing empty TXT strings to the avahi-daemon for regsitration. (Problem identified and original patch supplied by Emanuele Aina)
+    
+    
+    git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1482 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
+
+diff --git a/avahi-common/strlst.c b/avahi-common/strlst.c
+index c6ceb0f..9ffa18e 100644
+--- a/avahi-common/strlst.c
++++ b/avahi-common/strlst.c
+@@ -51,7 +51,7 @@ AvahiStringList*avahi_string_list_add_anonymous(AvahiStringList *l, size_t size)
+ AvahiStringList *avahi_string_list_add_arbitrary(AvahiStringList *l, const uint8_t*text, size_t size) {
+     AvahiStringList *n;
+ 
+-    assert(text);
++    assert(size == 0 || text);
+ 
+     if (!(n = avahi_string_list_add_anonymous(l, size)))
+         return NULL;
+diff --git a/avahi-daemon/dbus-util.c b/avahi-daemon/dbus-util.c
+index d1a7a20..ca08d7b 100644
+--- a/avahi-daemon/dbus-util.c
++++ b/avahi-daemon/dbus-util.c
+@@ -344,6 +344,9 @@ int avahi_dbus_read_strlst(DBusMessage *m, int idx, AvahiStringList **l) {
+         k = (const uint8_t*) "";
+         n = 0;
+         dbus_message_iter_get_fixed_array(&sub2, &k, &n);
++
++        if (!k)
++            k = (const uint8_t*) "";
+             
+         strlst = avahi_string_list_add_arbitrary(strlst, k, n);
+         


