[avahi] [PATCH] Crasher in avahi-daemon

[Emanuele Aina]

Using avahi 0.6.18 and SVN trunk I've found a crasher in avahi-daemon 
easily triggerable from normal users using the dbus API, even using 
python, by passing a TXT record with an empty string.

The problem is due to an assert() in avahi_string_list_add_arbitrary() 
triggered by the NULL string even if the string size is set to 0.

This is the python code to trigger the bug:

#!/usr/bin/python
import dbus, avahi
bus = dbus.SystemBus()
server = bus.get_object(avahi.DBUS_NAME,
                         avahi.DBUS_PATH_SERVER,
                         avahi.DBUS_INTERFACE_SERVER)
entry = bus.get_object(avahi.DBUS_NAME,
                         server.EntryGroupNew(),
                         avahi.DBUS_INTERFACE_ENTRY_GROUP)
entry.AddService(avahi.IF_UNSPEC, avahi.PROTO_UNSPEC, dbus.UInt32(0),
                     "Hello World", "_presence._tcp", "", "",
                     dbus.UInt16(12345), [dbus.ByteArray("")])
entry.Commit()


Note the [dbus.ByteArray("")] passed to AddService which causes the problem.

I've attached a simple patch that skips the assert() if size is 0.

-- 
Buongiorno.
Complimenti per l'ottima scelta.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avahi-daemon-fix.patch
Type: text/x-patch
Size: 496 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/avahi/attachments/20070516/d571f8e1/attachment.bin