$NetBSD: patch-CVE-2023-38472,v 1.1 2025/02/26 11:43:05 nia Exp $

[PATCH] core: make sure there is rdata to process before parsing it

Fixes #452

CVE-2023-38472

https://github.com/avahi/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40.patch

--- avahi-daemon/dbus-entry-group.c.orig	2015-04-01 04:58:14.153727024 +0000
+++ avahi-daemon/dbus-entry-group.c
@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
         if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
             return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
 
-        if (avahi_rdata_parse (r, rdata, size) < 0) {
+        if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
             avahi_record_unref (r);
             return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
         }
