Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reachable assertion in avahi_dns_packet_append_record #455

Closed
evverx opened this issue Apr 25, 2023 · 1 comment · Fixed by #500
Closed

Reachable assertion in avahi_dns_packet_append_record #455

evverx opened this issue Apr 25, 2023 · 1 comment · Fixed by #500
Labels
bug important High priority
Milestone
v0.9

Comments

@evverx
Copy link
Member

evverx commented Apr 25, 2023

It can be triggered by unprivileged local users (unless disable-user-service-publishing is set to yes explicitly):

avahi-publish -s T _qotd._tcp 22 $(perl -le 'print "A " x 100000')
dns.c:806: avahi_dns_packet_append_record: Assertion `size <= AVAHI_DNS_RDATA_MAX' failed.
#0  0x00007f848f08ec0c in __pthread_kill_implementation () from /lib64/libc.so.6
#1  0x00007f848f03e986 in raise () from /lib64/libc.so.6
#2  0x00007f848f0287f4 in abort () from /lib64/libc.so.6
#3  0x00007f848f02871b in __assert_fail_base.cold () from /lib64/libc.so.6
#4  0x00007f848f037536 in __assert_fail () from /lib64/libc.so.6
#5  0x00007f848fdd6524 in avahi_dns_packet_append_record (p=0x7f848e44b800, r=0x604000007ad0, cache_flush=0, max_ttl=0) at dns.c:806
#6  0x00007f848fda0055 in elapse_callback (e=0x60600002f6c0, data=0x60600002f660) at probe-sched.c:265
#7  0x00007f848fd3d5d7 in expiration_event (timeout=0x606000000aa0, userdata=0x6030000008e0) at timeeventq.c:94
#8  0x00007f849080a115 in timeout_callback (t=0x606000000aa0) at simple-watch.c:447
#9  0x00007f849080b6d2 in avahi_simple_poll_dispatch (s=0x60e000000040) at simple-watch.c:570
#10 0x00007f849080c03f in avahi_simple_poll_iterate (s=0x60e000000040, timeout=-1) at simple-watch.c:605
#11 0x0000000000413103 in run_server (c=0x51d4e0 <config>) at main.c:1268
#12 0x0000000000415069 in main (argc=5, argv=0x7fffeaf698a8) at main.c:1686
@pemensik pemensik added bug important High priority labels Apr 25, 2023
@pemensik pemensik added this to the v0.9 milestone Apr 25, 2023
@evverx evverx mentioned this issue Apr 25, 2023
Open
pemensik added a commit to pemensik/avahi that referenced this issue Apr 27, 2023
@pemensik
Prevent too long service to trigger assertion failure
7d65510 
Handle failure if requested name is too long.

Fixes avahi#455
pemensik added a commit to pemensik/avahi that referenced this issue Apr 27, 2023
@pemensik
Prevent too long service to trigger assertion failure
2c9eeb6 
Handle failure if requested name is too long.

Fixes avahi#455
@pemensik pemensik mentioned this issue Apr 27, 2023
Closed
@carnil
Copy link

carnil commented Oct 5, 2023

This issue has CVE-2023-38469 assigned.

msekletar added a commit to msekletar/avahi that referenced this issue Oct 18, 2023
@msekletar
core: cap maximum size of DNS packet at AVAHI_DNS_PACKET_SIZE_MAX
3f04ed1 
Fixes avahi#455

CVE-2023-38469
@msekletar msekletar mentioned this issue Oct 18, 2023
Closed
msekletar added a commit to msekletar/avahi that referenced this issue Oct 18, 2023
@msekletar
core: cap maximum size of DNS packet at AVAHI_DNS_PACKET_SIZE_MAX
709e268 
Fixes avahi#455

CVE-2023-38469
msekletar added a commit to msekletar/avahi that referenced this issue Oct 18, 2023
@msekletar
core: cap maximum size of DNS packet at AVAHI_DNS_PACKET_SIZE_MAX
d75ea83 
Fixes avahi#455

CVE-2023-38469
evverx added a commit to evverx/avahi that referenced this issue Oct 25, 2023
@evverx
core: reject overly long TXT resource records
a337a1b 
Closes avahi#455

CVE-2023-38469
evverx added a commit to evverx/avahi that referenced this issue Oct 25, 2023
@evverx
tests: pass overly long TXT resource records
c6cab87 
to make sure they don't crash avahi any more.

It reproduces avahi#455
@evverx evverx mentioned this issue Oct 25, 2023
Merged
@Neustradamus Neustradamus mentioned this issue Oct 27, 2023
Open
@evverx evverx mentioned this issue Mar 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug important High priority
Projects
None yet
Milestone
v0.9
3 participants
@carnil @evverx @pemensik