Hi Vijay and Meenali, Hopefully this will show everyone - especially WR and Montavista - that we need to communicate better when working on CVEs. In the short term at least, Marta proposed a wiki page which can be updated via a tool and when someone is working on an issue that can be marked to avoid duplication of effort. Would that be acceptable to both of your companies?
I’ve not checked that the fixes are identical, but apparently I need to remind everyone that we take fixes in *master first* and then backport to the releases in order. Luckily the avahi recipe is fairly untouched so this should be trivial. Can you both discuss and agree who is going to do this? Ross > On 16 Nov 2023, at 04:05, Vijay Anusuri via lists.openembedded.org > <vanusuri=mvista....@lists.openembedded.org> wrote: > > From: Vijay Anusuri <vanus...@mvista.com> > > Patches to fix: > CVE-2023-38469 > CVE-2023-38470 > CVE-2023-38471 > CVE-2023-38472 > CVE-2023-38473 > > Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf > & > https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 > & > https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c > & > https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09 > & > https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40 > & > https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] > > Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > --- > meta/recipes-connectivity/avahi/avahi_0.8.bb | 6 + > .../avahi/files/CVE-2023-38469-1.patch | 47 ++++++++ > .../avahi/files/CVE-2023-38469-2.patch | 65 +++++++++++ > .../avahi/files/CVE-2023-38470.patch | 56 +++++++++ > .../avahi/files/CVE-2023-38471.patch | 72 ++++++++++++ > .../avahi/files/CVE-2023-38472.patch | 47 ++++++++ > .../avahi/files/CVE-2023-38473.patch | 108 ++++++++++++++++++ > 7 files changed, 401 insertions(+) > create mode 100644 > meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch > create mode 100644 > meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch > > diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb > b/meta/recipes-connectivity/avahi/avahi_0.8.bb > index b5c966c102..772fb43939 100644 > --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb > +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb > @@ -26,6 +26,12 @@ SRC_URI = > "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} > file://0001-Fix-opening-etc-resolv.conf-error.patch \ > file://handle-hup.patch \ > file://local-ping.patch \ > + file://CVE-2023-38469-1.patch \ > + file://CVE-2023-38469-2.patch \ > + file://CVE-2023-38470.patch \ > + file://CVE-2023-38471.patch \ > + file://CVE-2023-38472.patch \ > + file://CVE-2023-38473.patch \ > " > > UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"; > diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch > b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch > new file mode 100644 > index 0000000000..99c717daf3 > --- /dev/null > +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch > @@ -0,0 +1,47 @@ > +From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001 > +From: Evgeny Vereshchagin <evv...@ya.ru> > +Date: Mon, 23 Oct 2023 20:29:31 +0000 > +Subject: [PATCH] core: reject overly long TXT resource records > + > +Closes https://github.com/lathiat/avahi/issues/455 > + > +CVE-2023-38469 > + > +Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] > +CVE: CVE-2023-38469 > +Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > +--- > + avahi-core/rr.c | 9 ++++++++- > + 1 file changed, 8 insertions(+), 1 deletion(-) > + > +diff --git a/avahi-core/rr.c b/avahi-core/rr.c > +index 2bb89244..9c04ebbd 100644 > +--- a/avahi-core/rr.c > ++++ b/avahi-core/rr.c > +@@ -32,6 +32,7 @@ > + #include <avahi-common/malloc.h> > + #include <avahi-common/defs.h> > + > ++#include "dns.h" > + #include "rr.h" > + #include "log.h" > + #include "util.h" > +@@ -689,11 +690,17 @@ int avahi_record_is_valid(AvahiRecord *r) { > + case AVAHI_DNS_TYPE_TXT: { > + > + AvahiStringList *strlst; > ++ size_t used = 0; > + > +- for (strlst = r->data.txt.string_list; strlst; strlst = > strlst->next) > ++ for (strlst = r->data.txt.string_list; strlst; strlst = > strlst->next) { > + if (strlst->size > 255 || strlst->size <= 0) > + return 0; > + > ++ used += 1+strlst->size; > ++ if (used > AVAHI_DNS_RDATA_MAX) > ++ return 0; > ++ } > ++ > + return 1; > + } > + } > diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch > b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch > new file mode 100644 > index 0000000000..b83a70e29b > --- /dev/null > +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch > @@ -0,0 +1,65 @@ > +From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 > +From: Evgeny Vereshchagin <evv...@ya.ru> > +Date: Wed, 25 Oct 2023 18:15:42 +0000 > +Subject: [PATCH] tests: pass overly long TXT resource records > + > +to make sure they don't crash avahi any more. > + > +It reproduces https://github.com/lathiat/avahi/issues/455 > + > +Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] > +CVE: CVE-2023-38469 > +Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > +--- > + avahi-client/client-test.c | 14 ++++++++++++++ > + 1 file changed, 14 insertions(+) > + > +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c > +index 7d04a6a..66e3574 100644 > +--- a/avahi-client/client-test.c > ++++ b/avahi-client/client-test.c > +@@ -22,6 +22,7 @@ > + #endif > + > + #include <stdio.h> > ++#include <string.h> > + #include <assert.h> > + > + #include <avahi-client/client.h> > +@@ -33,6 +34,8 @@ > + #include <avahi-common/malloc.h> > + #include <avahi-common/timeval.h> > + > ++#include <avahi-core/dns.h> > ++ > + static const AvahiPoll *poll_api = NULL; > + static AvahiSimplePoll *simple_poll = NULL; > + > +@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED > char *argv[]) { > + uint32_t cookie; > + struct timeval tv; > + AvahiAddress a; > ++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; > ++ AvahiStringList *txt = NULL; > ++ int r; > + > + simple_poll = avahi_simple_poll_new(); > + poll_api = avahi_simple_poll_get(simple_poll); > +@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED > char *argv[]) { > + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, > AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, > NULL, 80, "foo=bar", NULL))); > + printf("add_record: %d\n", avahi_entry_group_add_record (group, > AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", > 6)); > + > ++ memset(rdata, 1, sizeof(rdata)); > ++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); > ++ assert(r >= 0); > ++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); > ++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, > AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); > ++ assert(error == AVAHI_ERR_INVALID_RECORD); > ++ avahi_string_list_free(txt); > ++ > + avahi_entry_group_commit (group); > + > + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, > AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, > avahi_domain_browser_callback, (char*) "omghai3u"); > +-- > +2.25.1 > + > diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch > b/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch > new file mode 100644 > index 0000000000..1cbb00dcab > --- /dev/null > +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch > @@ -0,0 +1,56 @@ > +From 94cb6489114636940ac683515417990b55b5d66c Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemen...@redhat.com> > +Date: Tue, 11 Apr 2023 15:29:59 +0200 > +Subject: [PATCH] Ensure each label is at least one byte long > + > +The only allowed exception is single dot, where it should return empty > +string. > + > +Fixes #454. > + > +Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] > +CVE: CVE-2023-38470 > +Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > +--- > + avahi-common/domain-test.c | 14 ++++++++++++++ > + avahi-common/domain.c | 2 +- > + 2 files changed, 15 insertions(+), 1 deletion(-) > + > +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c > +index cf763eca6..3acc1c1e4 100644 > +--- a/avahi-common/domain-test.c > ++++ b/avahi-common/domain-test.c > +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char > *argv[]) { > + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); > + avahi_free(s); > + > ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); > ++ avahi_free(s); > ++ > ++ s = > avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." > ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" > ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" > ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." > ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." > ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" > ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." > ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." > ++ "}.?.?.?.}.=.?.?.}"); > ++ assert(s == NULL); > ++ > + printf("%i\n", avahi_domain_equal("\\065aa > bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); > + printf("%i\n", avahi_domain_equal("A", "a")); > + > +diff --git a/avahi-common/domain.c b/avahi-common/domain.c > +index 3b1ab6834..e66d2416c 100644 > +--- a/avahi-common/domain.c > ++++ b/avahi-common/domain.c > +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, > size_t size) { > + } > + > + if (!empty) { > +- if (size < 1) > ++ if (size < 2) > + return NULL; > + > + *(r++) = '.'; > diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch > b/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch > new file mode 100644 > index 0000000000..8242646da1 > --- /dev/null > +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch > @@ -0,0 +1,72 @@ > +From 894f085f402e023a98cbb6f5a3d117bd88d93b09 Mon Sep 17 00:00:00 2001 > +From: Michal Sekletar <msekl...@redhat.com> > +Date: Mon, 23 Oct 2023 13:38:35 +0200 > +Subject: [PATCH] core: extract host name using avahi_unescape_label() > + > +Previously we could create invalid escape sequence when we split the > +string on dot. For example, from valid host name "foo\\.bar" we have > +created invalid name "foo\\" and tried to set that as the host name > +which crashed the daemon. > + > +Fixes #453 > + > +CVE-2023-38471 > + > +Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] > +CVE: CVE-2023-38471 > +Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > +--- > + avahi-core/server.c | 27 +++++++++++++++++++++------ > + 1 file changed, 21 insertions(+), 6 deletions(-) > + > +diff --git a/avahi-core/server.c b/avahi-core/server.c > +index c32637af8..f6a21bb77 100644 > +--- a/avahi-core/server.c > ++++ b/avahi-core/server.c > +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { > + } > + > + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { > +- char *hn = NULL; > ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; > ++ char label[AVAHI_LABEL_MAX]; > ++ char *hn = NULL, *h; > ++ size_t len; > ++ > + assert(s); > + > + AVAHI_CHECK_VALIDITY(s, !host_name || > avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); > +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const > char *host_name) { > + else > + hn = avahi_normalize_name_strdup(host_name); > + > +- hn[strcspn(hn, ".")] = 0; > ++ h = hn; > ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { > ++ avahi_free(h); > ++ return AVAHI_ERR_INVALID_HOST_NAME; > ++ } > ++ > ++ avahi_free(h); > ++ > ++ h = label_escaped; > ++ len = sizeof(label_escaped); > ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) > ++ return AVAHI_ERR_INVALID_HOST_NAME; > + > +- if (avahi_domain_equal(s->host_name, hn) && s->state != > AVAHI_SERVER_COLLISION) { > +- avahi_free(hn); > ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != > AVAHI_SERVER_COLLISION) > + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); > +- } > + > + withdraw_host_rrs(s); > + > + avahi_free(s->host_name); > +- s->host_name = hn; > ++ s->host_name = avahi_strdup(label_escaped); > ++ if (!s->host_name) > ++ return AVAHI_ERR_NO_MEMORY; > + > + update_fqdn(s); > + > diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch > b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch > new file mode 100644 > index 0000000000..43b26c1132 > --- /dev/null > +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch > @@ -0,0 +1,47 @@ > +From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 > +From: Michal Sekletar <msekl...@redhat.com> > +Date: Thu, 19 Oct 2023 17:36:44 +0200 > +Subject: [PATCH] core: make sure there is rdata to process before parsing it > + > +Fixes #452 > + > +CVE-2023-38472 > + > +Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] > +CVE: CVE-2023-38472 > +Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > +--- > + avahi-client/client-test.c | 3 +++ > + avahi-daemon/dbus-entry-group.c | 2 +- > + 2 files changed, 4 insertions(+), 1 deletion(-) > + > +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c > +index 66e3574..9a015d7 100644 > +--- a/avahi-client/client-test.c > ++++ b/avahi-client/client-test.c > +@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED > char *argv[]) { > + assert(error == AVAHI_ERR_INVALID_RECORD); > + avahi_string_list_free(txt); > + > ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, > AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); > ++ assert(error != AVAHI_OK); > ++ > + avahi_entry_group_commit (group); > + > + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, > AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, > avahi_domain_browser_callback, (char*) "omghai3u"); > +diff --git a/avahi-daemon/dbus-entry-group.c > b/avahi-daemon/dbus-entry-group.c > +index 4e879a5..aa23d4b 100644 > +--- a/avahi-daemon/dbus-entry-group.c > ++++ b/avahi-daemon/dbus-entry-group.c > +@@ -340,7 +340,7 @@ DBusHandlerResult > avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage > + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) > + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, > NULL); > + > +- if (avahi_rdata_parse (r, rdata, size) < 0) { > ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { > + avahi_record_unref (r); > + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, > NULL); > + } > +-- > +2.25.1 > + > diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch > b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch > new file mode 100644 > index 0000000000..7b33d564f8 > --- /dev/null > +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch > @@ -0,0 +1,108 @@ > +From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001 > +From: Michal Sekletar <msekl...@redhat.com> > +Date: Wed, 11 Oct 2023 17:45:44 +0200 > +Subject: [PATCH] common: derive alternative host name from its unescaped > + version > + > +Normalization of input makes sure we don't have to deal with special > +cases like unescaped dot at the end of label. > + > +Fixes #451 #487 > +CVE-2023-38473 > + > +Upstream-Status: Backport > [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] > +CVE: CVE-2023-38473 > +Signed-off-by: Vijay Anusuri <vanus...@mvista.com> > +--- > + avahi-common/alternative-test.c | 3 +++ > + avahi-common/alternative.c | 27 +++++++++++++++++++-------- > + 2 files changed, 22 insertions(+), 8 deletions(-) > + > +diff --git a/avahi-common/alternative-test.c > b/avahi-common/alternative-test.c > +index 9255435ec..681fc15b8 100644 > +--- a/avahi-common/alternative-test.c > ++++ b/avahi-common/alternative-test.c > +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char > *argv[]) { > + const char* const test_strings[] = { > + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", > + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", > ++ ").", > ++ "\\.", > ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", > + "gurke", > + "-", > + " #", > +diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c > +index b3d39f0ed..a094e6d76 100644 > +--- a/avahi-common/alternative.c > ++++ b/avahi-common/alternative.c > +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { > + } > + > + char *avahi_alternative_host_name(const char *s) { > ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; > ++ char *alt, *r, *ret; > + const char *e; > +- char *r; > ++ size_t len; > + > + assert(s); > + > + if (!avahi_is_valid_host_name(s)) > + return NULL; > + > +- if ((e = strrchr(s, '-'))) { > ++ if (!avahi_unescape_label(&s, label, sizeof(label))) > ++ return NULL; > ++ > ++ if ((e = strrchr(label, '-'))) { > + const char *p; > + > + e++; > +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { > + > + if (e) { > + char *c, *m; > +- size_t l; > + int n; > + > + n = atoi(e)+1; > + if (!(m = avahi_strdup_printf("%i", n))) > + return NULL; > + > +- l = e-s-1; > ++ len = e-label-1; > + > +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) > +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; > ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) > ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; > + > +- if (!(c = avahi_strndup(s, l))) { > ++ if (!(c = avahi_strndup(label, len))) { > + avahi_free(m); > + return NULL; > + } > +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { > + } else { > + char *c; > + > +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) > ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) > + return NULL; > + > + drop_incomplete_utf8(c); > +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { > + avahi_free(c); > + } > + > ++ alt = alternative; > ++ len = sizeof(alternative); > ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); > ++ > ++ avahi_free(r); > ++ r = avahi_strdup(ret); > ++ > + assert(avahi_is_valid_host_name(r)); > + > + return r; > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190782): https://lists.openembedded.org/g/openembedded-core/message/190782 Mute This Topic: https://lists.openembedded.org/mt/102621335/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
