Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
avahi-glib2
avahi-CVE-2021-3468.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File avahi-CVE-2021-3468.patch of Package avahi-glib2
From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 From: Riccardo Schirone <sirmy15@gmail.com> Date: Fri, 26 Mar 2021 11:50:24 +0100 Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in client_work If a client fills the input buffer, client_work() disables the AVAHI_WATCH_IN event, thus preventing the function from executing the `read` syscall the next times it is called. However, if the client then terminates the connection, the socket file descriptor receives a HUP event, which is not handled, thus the kernel keeps marking the HUP event as occurring. While iterating over the file descriptors that triggered an event, the client file descriptor will keep having the HUP event and the client_work() function is always called with AVAHI_WATCH_HUP but without nothing being done, thus entering an infinite loop. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 --- avahi-daemon/simple-protocol.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c index 3e0ebb1..6c0274d 100644 --- a/avahi-daemon/simple-protocol.c +++ b/avahi-daemon/simple-protocol.c @@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv } } + if (events & AVAHI_WATCH_HUP) { + client_free(c); + return; + } + c->server->poll_api->watch_update( watch, (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor