diff options
author | Trent Lloyd <lathiat@bur.st> | 2006-11-06 14:01:51 +0000 |
---|---|---|
committer | Trent Lloyd <lathiat@bur.st> | 2006-11-06 14:01:51 +0000 |
commit | 71ef4b773ae4cc737dde645b76b8ffa0ace227e5 (patch) | |
tree | 3db0c9a7a95507f9bea6b1bfb2feaeaebafe5dbb | |
parent | 25681df85706bbdc5d6ad011537b7b4f7d05cae5 (diff) |
Fix a bug where Avahi does not verify the source of netlink messages
(Closes #69)
Update NEWS/configure for 0.6.15
git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1331 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
-rw-r--r-- | avahi-core/netlink.c | 6 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | docs/NEWS | 12 |
3 files changed, 19 insertions, 1 deletions
diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c index b2a6684..893295d 100644 --- a/avahi-core/netlink.c +++ b/avahi-core/netlink.c @@ -62,6 +62,12 @@ int avahi_netlink_work(AvahiNetlink *nl, int block) { p = (struct nlmsghdr *) nl->buffer; + /* Check that this message originated from the kernel, + or a request from avahi itself, and not another process */ + if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) { + return -1; + } + assert(nl->callback); for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) { diff --git a/configure.ac b/configure.ac index 0acb7dc..fe26066 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # USA. AC_PREREQ(2.57) -AC_INIT([avahi],[0.6.14],[avahi (at) lists (dot) freedesktop (dot) org]) +AC_INIT([avahi],[0.6.15],[avahi (at) lists (dot) freedesktop (dot) org]) AC_CONFIG_SRCDIR([avahi-core/server.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign 1.9 -Wall]) @@ -1,3 +1,15 @@ +Avahi 0.6.15 +============ + +This is a bugfix release, this bug is potentially security sensitive + + * Check that netlink messages actually originate from the kernel + and not another process. + * Fix build on NetBSD (thanks to Daniel S. Haischt) + * Fix dbus_service_browser not setting AVAHI_LOOKUP_RESULT_OUR_OWN. + +This release is backwards compatible with Avahi 0.6.x with x < 15. + Avahi 0.6.14 ============ |