File avahi-null-packet-infinite-loop.patch of Package avahi

commit 10e10a37d13c6c9b8d58a509460ceeaeb59023f0
Author: Vincent Untz <vuntz@opensuse.org>
Date:   Thu Feb 17 15:36:37 2011 +0100

    socket: Still read corrupt packets from the sockets
    
    Else, we end up with an infinite loop with 100% CPU.
    
    http://www.avahi.org/ticket/325

diff --git a/avahi-core/socket.c b/avahi-core/socket.c
index be62105..e4438eb 100644
--- a/avahi-core/socket.c
+++ b/avahi-core/socket.c
@@ -653,10 +653,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
         goto fail;
     }
 
-    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
-    if (!ms)
-        goto fail;
-
     p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
 
     io.iov_base = AVAHI_DNS_PACKET_DATA(p);
@@ -683,6 +679,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
         goto fail;
     }
 
+    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
+     * fail after having read them. */
+    if (!ms)
+        goto fail;
+
     if (sa.sin_addr.s_addr == INADDR_ANY) {
         /* Linux 2.4 behaves very strangely sometimes! */
         goto fail;
@@ -810,10 +811,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
         goto fail;
     }
 
-    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
-    if (!ms)
-        goto fail;
-
     p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
 
     io.iov_base = AVAHI_DNS_PACKET_DATA(p);
@@ -841,6 +838,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
         goto fail;
     }
 
+    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
+     * fail after having read them. */
+    if (!ms)
+        goto fail;
+
     assert(!(msg.msg_flags & MSG_CTRUNC));
     assert(!(msg.msg_flags & MSG_TRUNC));
openSUSE Build Service is sponsored by