Blame - external/subpack/libs/avahi/patches/300-CVE-2023-38469.patch - T108

blob: cdc99b2c139be81c80594a431d049989e2fc7e90 [file] [log] [blame]

b.liu	e958203	2025-04-17 19:18:16 +0800	[diff] [blame]	1	From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001
				2	From: Evgeny Vereshchagin <evvers@ya.ru>
				3	Date: Mon, 23 Oct 2023 20:29:31 +0000
				4	Subject: [PATCH] core: reject overly long TXT resource records
				5
				6	Closes https://github.com/lathiat/avahi/issues/455
				7
				8	CVE-2023-38469
				9	---
				10	avahi-core/rr.c \| 9 ++++++++-
				11	1 file changed, 8 insertions(+), 1 deletion(-)
				12
				13	--- a/avahi-core/rr.c
				14	+++ b/avahi-core/rr.c
				15	@@ -32,6 +32,7 @@
				16	#include <avahi-common/malloc.h>
				17	#include <avahi-common/defs.h>
				18
				19	+#include "dns.h"
				20	#include "rr.h"
				21	#include "log.h"
				22	#include "util.h"
				23	@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r
				24	case AVAHI_DNS_TYPE_TXT: {
				25
				26	AvahiStringList *strlst;
				27	+ size_t used = 0;
				28
				29	- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
				30	+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
				31	if (strlst->size > 255 \|\| strlst->size <= 0)
				32	return 0;
				33
				34	+ used += 1+strlst->size;
				35	+ if (used > AVAHI_DNS_RDATA_MAX)
				36	+ return 0;
				37	+ }
				38	+
				39	return 1;
				40	}
				41	}