1*4882a593SmuzhiyunCVE: CVE-2021-36217 2*4882a593SmuzhiyunCVE: CVE-2021-3502 3*4882a593SmuzhiyunUpstream-Status: Backport 4*4882a593SmuzhiyunSigned-off-by: Ross Burton <ross.burton@arm.com> 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunFrom 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 7*4882a593SmuzhiyunFrom: Tommi Rantala <tommi.t.rantala@nokia.com> 8*4882a593SmuzhiyunDate: Mon, 8 Feb 2021 11:04:43 +0200 9*4882a593SmuzhiyunSubject: [PATCH] Fix NULL pointer crashes from #175 10*4882a593Smuzhiyun 11*4882a593Smuzhiyunavahi-daemon is crashing when running "ping .local". 12*4882a593SmuzhiyunThe crash is due to failing assertion from NULL pointer. 13*4882a593SmuzhiyunAdd missing NULL pointer checks to fix it. 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunIntroduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd 16*4882a593Smuzhiyun--- 17*4882a593Smuzhiyun avahi-core/browse-dns-server.c | 5 ++++- 18*4882a593Smuzhiyun avahi-core/browse-domain.c | 5 ++++- 19*4882a593Smuzhiyun avahi-core/browse-service-type.c | 3 +++ 20*4882a593Smuzhiyun avahi-core/browse-service.c | 3 +++ 21*4882a593Smuzhiyun avahi-core/browse.c | 3 +++ 22*4882a593Smuzhiyun avahi-core/resolve-address.c | 5 ++++- 23*4882a593Smuzhiyun avahi-core/resolve-host-name.c | 5 ++++- 24*4882a593Smuzhiyun avahi-core/resolve-service.c | 5 ++++- 25*4882a593Smuzhiyun 8 files changed, 29 insertions(+), 5 deletions(-) 26*4882a593Smuzhiyun 27*4882a593Smuzhiyundiff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c 28*4882a593Smuzhiyunindex 049752e9..c2d914fa 100644 29*4882a593Smuzhiyun--- a/avahi-core/browse-dns-server.c 30*4882a593Smuzhiyun+++ b/avahi-core/browse-dns-server.c 31*4882a593Smuzhiyun@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( 32*4882a593Smuzhiyun AvahiSDNSServerBrowser* b; 33*4882a593Smuzhiyun 34*4882a593Smuzhiyun b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); 35*4882a593Smuzhiyun+ if (!b) 36*4882a593Smuzhiyun+ return NULL; 37*4882a593Smuzhiyun+ 38*4882a593Smuzhiyun avahi_s_dns_server_browser_start(b); 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun return b; 41*4882a593Smuzhiyun-} 42*4882a593Smuzhiyun\ No newline at end of file 43*4882a593Smuzhiyun+} 44*4882a593Smuzhiyundiff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c 45*4882a593Smuzhiyunindex f145d56a..06fa70c0 100644 46*4882a593Smuzhiyun--- a/avahi-core/browse-domain.c 47*4882a593Smuzhiyun+++ b/avahi-core/browse-domain.c 48*4882a593Smuzhiyun@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( 49*4882a593Smuzhiyun AvahiSDomainBrowser *b; 50*4882a593Smuzhiyun 51*4882a593Smuzhiyun b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); 52*4882a593Smuzhiyun+ if (!b) 53*4882a593Smuzhiyun+ return NULL; 54*4882a593Smuzhiyun+ 55*4882a593Smuzhiyun avahi_s_domain_browser_start(b); 56*4882a593Smuzhiyun 57*4882a593Smuzhiyun return b; 58*4882a593Smuzhiyun-} 59*4882a593Smuzhiyun\ No newline at end of file 60*4882a593Smuzhiyun+} 61*4882a593Smuzhiyundiff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c 62*4882a593Smuzhiyunindex fdd22dcd..b1fc7af8 100644 63*4882a593Smuzhiyun--- a/avahi-core/browse-service-type.c 64*4882a593Smuzhiyun+++ b/avahi-core/browse-service-type.c 65*4882a593Smuzhiyun@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( 66*4882a593Smuzhiyun AvahiSServiceTypeBrowser *b; 67*4882a593Smuzhiyun 68*4882a593Smuzhiyun b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); 69*4882a593Smuzhiyun+ if (!b) 70*4882a593Smuzhiyun+ return NULL; 71*4882a593Smuzhiyun+ 72*4882a593Smuzhiyun avahi_s_service_type_browser_start(b); 73*4882a593Smuzhiyun 74*4882a593Smuzhiyun return b; 75*4882a593Smuzhiyundiff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c 76*4882a593Smuzhiyunindex 5531360c..63e0275a 100644 77*4882a593Smuzhiyun--- a/avahi-core/browse-service.c 78*4882a593Smuzhiyun+++ b/avahi-core/browse-service.c 79*4882a593Smuzhiyun@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( 80*4882a593Smuzhiyun AvahiSServiceBrowser *b; 81*4882a593Smuzhiyun 82*4882a593Smuzhiyun b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); 83*4882a593Smuzhiyun+ if (!b) 84*4882a593Smuzhiyun+ return NULL; 85*4882a593Smuzhiyun+ 86*4882a593Smuzhiyun avahi_s_service_browser_start(b); 87*4882a593Smuzhiyun 88*4882a593Smuzhiyun return b; 89*4882a593Smuzhiyundiff --git a/avahi-core/browse.c b/avahi-core/browse.c 90*4882a593Smuzhiyunindex 2941e579..e8a915e9 100644 91*4882a593Smuzhiyun--- a/avahi-core/browse.c 92*4882a593Smuzhiyun+++ b/avahi-core/browse.c 93*4882a593Smuzhiyun@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( 94*4882a593Smuzhiyun AvahiSRecordBrowser *b; 95*4882a593Smuzhiyun 96*4882a593Smuzhiyun b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); 97*4882a593Smuzhiyun+ if (!b) 98*4882a593Smuzhiyun+ return NULL; 99*4882a593Smuzhiyun+ 100*4882a593Smuzhiyun avahi_s_record_browser_start_query(b); 101*4882a593Smuzhiyun 102*4882a593Smuzhiyun return b; 103*4882a593Smuzhiyundiff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c 104*4882a593Smuzhiyunindex ac0b29b1..e61dd242 100644 105*4882a593Smuzhiyun--- a/avahi-core/resolve-address.c 106*4882a593Smuzhiyun+++ b/avahi-core/resolve-address.c 107*4882a593Smuzhiyun@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( 108*4882a593Smuzhiyun AvahiSAddressResolver *b; 109*4882a593Smuzhiyun 110*4882a593Smuzhiyun b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); 111*4882a593Smuzhiyun+ if (!b) 112*4882a593Smuzhiyun+ return NULL; 113*4882a593Smuzhiyun+ 114*4882a593Smuzhiyun avahi_s_address_resolver_start(b); 115*4882a593Smuzhiyun 116*4882a593Smuzhiyun return b; 117*4882a593Smuzhiyun-} 118*4882a593Smuzhiyun\ No newline at end of file 119*4882a593Smuzhiyun+} 120*4882a593Smuzhiyundiff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c 121*4882a593Smuzhiyunindex 808b0e72..4e8e5973 100644 122*4882a593Smuzhiyun--- a/avahi-core/resolve-host-name.c 123*4882a593Smuzhiyun+++ b/avahi-core/resolve-host-name.c 124*4882a593Smuzhiyun@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( 125*4882a593Smuzhiyun AvahiSHostNameResolver *b; 126*4882a593Smuzhiyun 127*4882a593Smuzhiyun b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); 128*4882a593Smuzhiyun+ if (!b) 129*4882a593Smuzhiyun+ return NULL; 130*4882a593Smuzhiyun+ 131*4882a593Smuzhiyun avahi_s_host_name_resolver_start(b); 132*4882a593Smuzhiyun 133*4882a593Smuzhiyun return b; 134*4882a593Smuzhiyun-} 135*4882a593Smuzhiyun\ No newline at end of file 136*4882a593Smuzhiyun+} 137*4882a593Smuzhiyundiff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c 138*4882a593Smuzhiyunindex 66bf3cae..43771763 100644 139*4882a593Smuzhiyun--- a/avahi-core/resolve-service.c 140*4882a593Smuzhiyun+++ b/avahi-core/resolve-service.c 141*4882a593Smuzhiyun@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( 142*4882a593Smuzhiyun AvahiSServiceResolver *b; 143*4882a593Smuzhiyun 144*4882a593Smuzhiyun b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); 145*4882a593Smuzhiyun+ if (!b) 146*4882a593Smuzhiyun+ return NULL; 147*4882a593Smuzhiyun+ 148*4882a593Smuzhiyun avahi_s_service_resolver_start(b); 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun return b; 151*4882a593Smuzhiyun-} 152*4882a593Smuzhiyun\ No newline at end of file 153*4882a593Smuzhiyun+} 154