Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reachable assertion in avahi_escape_label #454

Closed
evverx opened this issue Apr 25, 2023 · 1 comment · Fixed by #457
Closed

Reachable assertion in avahi_escape_label #454

evverx opened this issue Apr 25, 2023 · 1 comment · Fixed by #457
Labels
bug important High priority
Milestone
v0.9

Comments

@evverx
Copy link
Member

evverx commented Apr 25, 2023 

avahi-resolve -n ',.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}.??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}'
domain.c:123: avahi_escape_label: Assertion `*ret_size > 0' failed.
#0  0x00007fe205a8ec0c in __pthread_kill_implementation () from /lib64/libc.so.6
#1  0x00007fe205a3e986 in raise () from /lib64/libc.so.6
#2  0x00007fe205a287f4 in abort () from /lib64/libc.so.6
#3  0x00007fe205a2871b in __assert_fail_base.cold () from /lib64/libc.so.6
#4  0x00007fe205a37536 in __assert_fail () from /lib64/libc.so.6
#5  0x00007fe206bb48f5 in avahi_escape_label (src=0x7fe20386af80 "}", src_length=1, ret_name=0x7fe20386af20, ret_size=0x7fe20386af60) at domain.c:123
#6  0x00007fe206bb5b67 in avahi_normalize_name (s=0x615000002034 "=.?.?.}.?.?.?.}.=.?.?.}",
    ret_s=0x7fe203b520e0 "\\044.\\061.\\125.\\061.\\063-.\\125.\\061.\\063.\\063.\\125.\\125.\\063.\\063.\\063.z.\\063.\\063.\\125.\\125.\\125.\\063.\\063.\\063.r.\\061.\\061.\\125.\\061.\\063.\\125\\125.\\125.\\063.\\063.\\063.zM.\\061.\\061.\\063.\\063.\\125.\\12"..., size=0) at domain.c:213
#7  0x00007fe206bb881d in avahi_is_valid_fqdn (
    t=0x615000001e8c ",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}."...) at domain.c:602
#8  0x00007fe2067b965e in avahi_s_host_name_resolver_prepare (server=0x616000001580, interface=-1, protocol=-1,
    host_name=0x615000001e8c ",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}."..., aprotocol=-1, flags=0, callback=0x449e9c <avahi_dbus_async_host_name_resolver_callback>, userdata=0x60600002ef40) at resolve-host-name.c:223
#9  0x000000000043e56e in dbus_prepare_async_host_name_resolver_object (hri=0x7fe2039c98a0, c=0x612000000040, m=0x610000000740, error=0x7fe20371b320) at dbus-protocol.c:821
#10 0x0000000000442980 in dbus_select_browser (c=0x612000000040, m=0x610000000740, userdata=0x0, iface=0x472f20 "org.freedesktop.Avahi.Server", error=0x7fe20371b320) at dbus-protocol.c:1107
#11 0x00000000004434bf in msg_server_impl (c=0x612000000040, m=0x610000000740, userdata=0x0) at dbus-protocol.c:1187
#12 0x00007fe206b11d11 in dbus_connection_dispatch () from /lib64/libdbus-1.so.3
#13 0x000000000045b403 in dispatch_timeout_callback (t=0x6060000006e0, userdata=0x603000000610) at ../avahi-common/dbus-watch-glue.c:105
#14 0x00007fe206bc0115 in timeout_callback (t=0x6060000006e0) at simple-watch.c:447
#15 0x00007fe206bc1660 in avahi_simple_poll_dispatch (s=0x60e000000040) at simple-watch.c:563
#16 0x00007fe206bc203f in avahi_simple_poll_iterate (s=0x60e000000040, timeout=-1) at simple-watch.c:605
#17 0x0000000000413103 in run_server (c=0x51d4e0 <config>) at main.c:1268
#18 0x0000000000415069 in main (argc=5, argv=0x7ffc897531f8) at main.c:1686
@pemensik pemensik added bug important High priority labels Apr 25, 2023
@pemensik pemensik added this to the v0.9 milestone Apr 25, 2023
@evverx evverx mentioned this issue Apr 25, 2023
Open
pemensik added a commit to pemensik/avahi that referenced this issue Apr 27, 2023
@pemensik
Ensure each label is at least one byte long
22ed574 
The only allowed exception is single dot, where it should return empty
string.

Fixes avahi#454.
pemensik added a commit to pemensik/avahi that referenced this issue Apr 27, 2023
@pemensik
Ensure each label is at least one byte long
8c2c3f3 
The only allowed exception is single dot, where it should return empty
string.

Fixes avahi#454.
@pemensik pemensik mentioned this issue Apr 27, 2023
Merged
pemensik added a commit to pemensik/avahi that referenced this issue Aug 2, 2023
@pemensik
Ensure each label is at least one byte long
b6cf29f 
The only allowed exception is single dot, where it should return empty
string.

Fixes avahi#454.
evverx pushed a commit that referenced this issue Sep 14, 2023
@pemensik @evverx
Ensure each label is at least one byte long
94cb648 
The only allowed exception is single dot, where it should return empty
string.

Fixes #454.
@carnil
Copy link

carnil commented Oct 5, 2023

This issue has CVE-2023-38470 assigned.

@Neustradamus Neustradamus mentioned this issue Oct 27, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug important High priority
Projects
None yet
Milestone
v0.9
Development

Successfully merging a pull request may close this issue.

Ensure each label is at least one byte long pemensik/avahi
3 participants
@carnil @evverx @pemensik