Ticket #119 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

ServiceBrowserNew() with interface=0 crashes avahi-daemon

Reported by: jamesh Owned by: lathiat
Milestone: Avahi 0.6.18 Component: avahi-daemon
Keywords: Cc:

Description

While playing around with the Avahi service browser API, I managed to crash avahi-daemon by calling the ServiceBrowserNew?() method with interface=0.

I was able to do this as a local user, and needed to restart the daemon manually afterwards, so this counts as a local denial of service.

I am on an Ubuntu Feisty system, running the avahi-daemon 0.6.17-0ubuntu2 package.

I brought this issue up with Trent on IRC, who was able to confirm it.

Change History

Changed 6 years ago by lathiat

  • owner changed from lennart to lathiat
  • priority changed from major to critical
  • status changed from new to assigned
  • milestone set to Avahi 0.6.18

Changed 6 years ago by lathiat

  • status changed from assigned to closed
  • resolution set to fixed

Fixed in R1398

Cheers for the find!

Changed 6 years ago by lathiat

Please note that R1398 was the incorrect fix

R1399 has the correct fix

(both 'fixed' the crash but 1399 is the more correct fix)

Note: See TracTickets for help on using tickets.